🔓 Reverse Engineer Android Apps Hands-On!
𝗔𝗡𝗗𝗥𝗢𝗜𝗗 𝗔𝗣𝗣 𝗧𝗥𝗜𝗖𝗞𝗦: 𝗗𝗘𝗙𝗘𝗡𝗦𝗘𝗦 𝗔𝗡𝗗 𝗕𝗬𝗣𝗔𝗦𝗦𝗘𝗦 (2h Workshop) with Dr. 𝗔𝗟𝗘𝗞𝗦𝗔𝗡𝗗𝗥 𝗣𝗜𝗟𝗚𝗨𝗡
See how attackers target your favourite Android apps! This hands-on 2h workshop puts you in the reverse engineer's shoes: explore popular RE tools/techniques, spot common weaknesses, analyse real-world apps' protection mechanisms (Google Play & dev hardening), and test their limits. Android devs, bring your own Android app to dissect! By the end, you'll know how to identify/exploit flaws and why many defences fall short.
Led by Dr. Aleksandr Pilgun: University of Luxembourg researcher, ACVTool creator for app coverage analysis, expert in fraudulent apps and FinTech RE.
📅 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
🗓️ Schedule link: https://pretalx.com/bsidesluxembourg-2026/schedule/
Hack like the bad guys (ethically) – bring your own app! 📱
#BsidesLuxembourg #Android #ReverseEngineering #AndroidSecurity #Apps #BSides
Signal vs Wire — binary analysis of both APKs (apktool, strings, ELF inspection).
The gap is larger than most people think:
Signal: Rust core (libsignal_jni.so), Kyber-1024 post-quantum hybrid ratchet, SQLCipher for at-rest encryption, SVR with Intel SGX attestation, IME_FLAG_NO_PERSONALIZED_LEARNING (keyboard can't index your messages), zero third-party trackers.
Wire: Kotlin/Ktor, no hardened native core (more accessible to Frida), no SQLCipher (messages extractable in plaintext on rooted devices), no post-quantum, Segment SDK for behavioural telemetry.
But the finding that surprised me most:
Wire APKs from unofficial stores (Uptodown et al.) contain additional tracking workers and ACCESS_SUPERUSER permission requests not present in the official build. Supply chain integrity is not a footnote — it's the threat model.
Conclusion: Signal is the only one of the two suitable for threat models involving physical or administrative device compromise.
soon the full paper
#infosec #AndroidSecurity #Signal #Wire #ReverseEngineering #mobileforensics #supplychain #MASA
Subscribe to #androidsecurity entries via RSS feed