10-24, 16:15–16:45 (Europe/Luxembourg), Europe - Main Room
Software Development Kits (SDKs) allow developers to significantly enhance the functionality and performance of their apps, among other benefits, without writing complex code. By importing SDKs, developers can save time and money, access various services and APIs, and achieve compatibility and integration across different platforms, devices and operating systems. When it comes to app monetization, advertisement SDKs are a common way of generating revenue from apps, especially freeware that rely on in-app purchase or subscription.
However, there are also downsides associated with using code from external sources, such as security breaches, data leaks, or malicious attacks and perhaps one of the most effective ways to safeguard an app from such a threat is to perform some type of security audit. Mobile apps though pose a challenge for code review, as they can use webviews to dynamically change their behavior and execute arbitrary code from remote sources, bypassing the security audit of the app.
This presentation provides an in-depth examination of Advertisement SDKs, particularly focusing on their widespread use of webviews and the potential security risks these may introduce for end users. It explores how these SDKs integrate webviews into their functionality and offers technical insights into the mechanisms behind their implementation. Additionally, the presentation considers the broader security implications that may arise from this usage, aiming to raise awareness about potential areas of concern for developers and users alike.
Dimitrios is a cybersecurity professional specializing in mobile, web, and network penetration testing. He holds a degree in Computer Science with a focus on Cryptography and Security and has collaborated with top companies such as Microsoft and Google. A frequent speaker at prominent security conferences, he is passionate about reverse engineering and was a member of one of Greece's pioneering reverse engineering research groups.