In honor of the 4 year anniversary of the SeaDroid meetup group (first event was August 17, 2010!) we are going to have two events this month. The first is a strong technical presentation on securing your communication in an Android application, and the second will be a fun session with some interesting toys and technology discussions from Thalmic Labs!
Hope to see everyone there!
Think your Android app is using secure communications? It may not be as secure as you think... Mobile applications often need to communicate, either to central servers or to other devices, but Android presents some unique challenges. Manufacturers often don't update devices to the latest versions of Android, and without the updates you're using code that may have known vulnerabilities. Fortunately there are ways around this issue, either using the new Play Services ProviderInstaller API to get updated Conscrypt security code or using the open source Bouncy / Spongy Castle library.
In this talk you'll learn about both options. ProviderInstaller is a simple option that works well for most developers. Bouncy / Spongy Castle is more complex, but also adds support for newer protocols and features not available in the standard security APIs. You'll see how to Bouncy / Spongy Castle for securing both standard socket-based TLS 1.x and the datagram DTLS alternative, as well as for ordinary crypto tasks such as generating public/private key pairs and certificates. Dennis will also discuss algorithm suites and techniques to give your communications the highest protection from all observers.
Dennis Sosnoski is a Java and Scala developer with a strong security background developed over many years of work on data communications and enterprise systems. Currently based in New Zealand, Dennis provides consulting and training services to clients worldwide, especially in the areas of web services and communications security. His current projects include Android apps supporting secure communications, Java/Scala data exchange and transformation tools, and enhancements to the Apache CXF web service project. Dennis was a regular at SeaJUG Java Users Group meetings when he lived in the Seattle area, and is looking forward to meeting up with everyone again while he's back in town.