This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2012/An InDepth Introduction to the Android Permissions Modeland How to Secure MultiComponent Applications

Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center |

The Presentation

This presentation is an in-depth exploration and discussion of the Android permissions model. First, the overall design of the permissions model will be discussed, including how/why system permissions must be declared by an application, and then we move to creating custom permissions for developers to use in their own multi-component applications. The use of custom permissions to secure the various components that are available to Android developers is the primary topic of discussion, including the difference between public and private component, and how to lock down Activities, Services, Broadcasts and Broadcast Receivers, and then Content Providers, the most complex of the components to secure.
This presentation is an adaptation of chapters three and four from Application Security for the Android Platform (ISBN 978-1449315078), published by O'Reilly in December 2011, of which the presenter is the author.

The Speakers

Jeff Six

Jeff is a senior security engineer at a major financial firm based in Baltimore, Maryland, where he works to secure customer and firm data. Prior to this position and a comparable one at another financial services firm, Jeff worked at the National Security Agency and other offices within the Department of Defense. He holds bachelors and masters degrees in engineering from the University of Delaware, and is working on his MBA at Loyola University Maryland. Jeff has been a member of the Adjunct Faculty at the University of Delaware since 2000, teaching classes on software development and secure coding practices, and is the author of Application Security for the Android Platform, published by O'Reilly Media in December 2011. Additionally, he has been a lifeguard since 1993 and an instructor since 1995, and is an amateur triathlete, competing at the sprint, Olympic, and 70.3 distances. Come visit at

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link= Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg