Android Security

No replies
Kohelet's picture
SX Inductee
Joined: 2012/05/24

So I've been getting all sorts of dug in deep with Android development and as I've been herp derping along I've noticed a stunning lack of concern for security. Then, I took a mobile security course and realized that security for mobile devices isn't hard, it's just that no one is doing it in any serious manner.

Even if you go to the home of all things open-source Android (XDA-Developers) you'll see that developers are racing along building cool new features and apps without much thought being put into "Is this secure?"

That said, I'm curious to know how many people (if any) within the SX community are interested in mobile security? By mobile security I mean (specifically) Android security. iOS is cool and flashy and popular, but it's also not free in any sense of the word. Windows phone is considerably more accessible but is closed source and not-free. BlackBerry is on it's death throes and thus should really just be ignored.

Android is open-source, free, has lots of development tools, has a huge, active, online development community at XDA-developers and its pretty simple to spin your own ROM.

To get an idea of what I'm thinking of when it comes to Android security:
1. Pentesting ROM like BackTrack but for Android phones that is actually optimized for mobile pentesting (isn't just BackTrack ported to Android).
2. Secure ROM that includes built-in security features and security design to counter a lot of the security issues that might exists in vanilla android.
3. Other Stuff

Again, at this point I'm still doing the whole school thing so my time is minimal, but as I near graduating I think it'd be cool to have some projects dedicated towards closing the security gaps that are out there in Android.

Are others interested as well? Or is it just me?

-Hide in plain sight-