Download pdf
Android supply chain is a complex ecosystem of software and hardware companies, which include SoC manufacturers, OEMs, carriers and more. The result of this is an Android system image. This talk will show real-world examples of where assumptions can go wrong and common pitfalls when looking at Android system images as opposed to the analysis of an independent application.

Pre-Requisites: General understanding of application-based malicious software and security concepts like sandboxing or attack surface. Ability to read decompiled Java code.