Keep it Secret, Keep it Safe: Android 6.0 Security Features - Android Dev Summit 2015

Explore Android 6.0's new security features in this 41-minute conference talk from Android Dev Summit 2015. Learn best practices for keeping user data safe and secure, including new manifest flags and StrictMode tools. Discover how to implement TLS, handle custom certificates, and protect against clear text traffic. Gain insights into certificate verification, pinning, and dealing with legacy clients. Understand the importance of proper server trust and the differences between StrictMode and TLS. Dive into practical examples, thought experiments, and expert advice on common security tasks to enhance your Android app's security measures.

Introduction
Agenda
Why TLS
Examples
Thought Experiment
Nuclear Approach
TLS
Using TLS
Using SSL
Sample Code
Server
Third Party Code
Strict Mode Detection
Clear Text Traffic
Libraries
Why block traffic
My favorite part
How do you know
Overrides
Why use TLS
What is TLS
Make sure youre talking to the person
Dealing with legacy clients
Checking for SSL v3
Common advice
Valid certificates
How to verify the certificate
What is the certificate
How do you trust the certificate
Security SSL training article
Dont bind
What are we doing
Vulnerability Alert and Blocking
NoGoToFail
Questions
Certificate Warnings
Certificate Pinning
Cyber Suites
How to trust a server
Strictmode vs TLS