This episode of Android Bytes, we're talking about mobile app security. Android has a lot of robust, built-in mechanisms that protect against exploits and security vulnerabilities, but there's only so much it can do to protect against misuse of sensitive permissions and APIs. Google augments Android's protection mechanisms with Play Protect, a service that looks out for potentially harmful applications.

Brian Reed, Chief Mobility Officer from NowSecure, joins us on the show to explain how Android and Google Play Protect work together to secure your device.

• 2:05 - How does Android's app security model work at a platform level?
• 3:27 - What does NowSecure do?
• 4:16 - How does Android sandbox apps?
• 5:30 - How does Android's security model compare to other platforms?
• 7:24 - How does sideloading affect Android security?
• 13:28 - How is Google Play Protect distributed to GMS Android devices?
• 14:17 - What is the App Defense Alliance (ADA)? What is static and dynamic analysis?
• 17:12 - What are the reverse engineering/disassembly tools security firms use to analyze Android apps?
• 18:55 - Why is dynamic analysis important?
• 24:05 - What is a potentially harmful application (PHA)?
• 25:32 - What is a mobile bundled application (MHA)? Are there any security risks?
• 27:42 - What can developers do to protect their Android apps from hackers?

Additional links mentioned in the show:

• nowsecure.com/masa (Get your Mobile Application Security Assessment)
• academy.nowsecure.com (Learn about mobile app security)
• owasp.org (Open Web Application Security Project)

Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.

• Mishaal's Twitter
• David's Twitter

For more about Esper, visit us.

• Esper Blog
• Official Esper site
• Book an Esper Demo

Our music is "19" by HOME and is licensed under CC BY 3.0.