Workshop Intro 15:00 - 17:00 August 12, 2023

Miłosz Gaczkowski

William Taylor

The way in which Android applications talk to each other is often misunderstood, and it is entirely too common to see apps whose sensitive functionality is completely open to anyone who asks nicely.

This workshop will cover several case studies of overly permissive apps/devices found in the wild, including an OEM's voice recorder application that could be made to start and stop voice recordings without the user's knowledge.

We will go over common implementation flaws, play around with exploiting them from the perspective of an unprivileged application, and explore how an understanding of Android permissions could help us avoid these mistakes.

Miłosz Gaczkowski

Mobile Security Lead at WithSecure

Miłosz is a mobile security specialist at WithSecure, having previously spent entirely too much time working in academia

His work revolves around mobile security. Outside of technical work, his interests are in education and the culture of education


William Taylor

Security Consultant at WithSecure

Security consultant with an interest in mobile security supported by a background in embedded mobile engineering. I used to make them work; now I break them, professionally and ethically.