Pinning - not as simple as it sounds

Slides for my presentation on Android pinning bugs at Android Security Symposium 2017

Two weeks ago I presented (once more) on the topic of pinning, this time focusing on bugs seen in real-world Android applications implementing pinning. The presentation also covered CVE-2016-2402 in some detail, Android’s Network Security Configuration and a few other relevant topics.

The conference was Android Security Symposium - a great security event, hosted in an awesome venue within Vienna University of Technology.

So, here are the slides and here is the video.

This presentation was a follow-up on my previous work on pinning, presented at OWASP AppSecEU16. That one focused on pinning concepts from an architect’s perspective, describing the high-level decisions that need to be made before implementing this control.

mobile security, static & dynamic analysis, automation, payments

London, UK