Aleksandr Pilgun
Dr. Aleksandr Pilgun is a computer science researcher specializing in Android application security and analysis.
He defended his doctoral thesis at the University of Luxembourg, where he developed ACVTool — an efficient instruction coverage measurement tool for third-party apps without source code. ACVTool is widely used by researchers to evaluate novel automated testing tools and continues to be actively developed to bridge academic research with industry needs.
Throughout his research, Aleksandr has analyzed tons of Android applications. In recent years, his work has focused on fraudulent applications and assisting several FinTech startups to improve their service interoperability through reverse engineering. He recently returned from Portugal to rejoin the University of Luxembourg.
Session
Have you ever wondered how an attacker analyzes your favorite Android app? In this workshop, we will adopt a perspective of a reverse engineer to learn how to approach Android applications.
We will explore popular reverse engineering tools and techniques used in Android security analysis. Through hands-on practice, you'll learn to identify common security weaknesses and understand how attackers exploit them.
Android applications are often targeted by attackers due to openness of the platform and numerous omissions in the app development process. Plenty of security methods were created to harden Android apps against reverse engineering and tampering, which seems widely used by major app developers and way less by smaller ones.
We'll analyze a few real-world applications to examine current protection mechanisms and their limitations. We'll explore the common security measures deployed by Google Play Store and app developers, and discuss whether they are as effective as they claim to be.
By the end of the workshop, participants will have hands-on experience with several popular tools used for Android application analysis. If you are an Android developer, please feel free to bring and explore your own Android app with us.