OWASP AppSec DC 2012/An InDepth Introduction to the Android Permissions Modeland How to Secure MultiComponent Applications

The Presentation
This presentation is an in-depth exploration and discussion of the Android permissions model. First, the overall design of the permissions model will be discussed, including how/why system permissions must be declared by an application, and then we move to creating custom permissions for developers to use in their own multi-component applications. The use of custom permissions to secure the various components that are available to Android developers is the primary topic of discussion, including the difference between public and private component, and how to lock down Activities, Services, Broadcasts and Broadcast Receivers, and then Content Providers, the most complex of the components to secure. This presentation is an adaptation of chapters three and four from Application Security for the Android Platform (ISBN 978-1449315078), published by O'Reilly in December 2011, of which the presenter is the author.