Keep it Like a Secret - When Android Apps Contain Private Keys

Explore the critical issue of private key exposure in Android applications through this eye-opening conference talk. Discover how Will Dormann processed over 1 million Google Play Store apps to uncover thousands of improperly secured private keys. Learn about the various types of exposed keys, including PGP, SSH, OpenVPN, app signing keys for both Android and iOS, and HTTPS web server keys. Gain insights into password cracking techniques used to access protected private keys and understand the potential security implications of these exposures. Delve into the reasons behind this widespread problem, whether due to inappropriate design or accidental inclusion, and consider the importance of proper key management in mobile app development.

BSidesSF 2018 - Keep it Like a Secret: When Android Apps Contain Private Keys (Will Dormann)