I have no idea what my app is doing ¯\_(ツ)_/¯ - Protecting your application from unintended side effects
Nicola Corti has been an Android Software Engineer since 2.2, and a Free and Open Source lover for as long as he remembers. He’s currently working as an Android Engineer at Yelp Inc, connecting millions of users with great local businesses worldwide. Nicola usually calls himself a 'community addict’. He can't survive without learning every day, sharing knowledge, and having fun with other developers. He’s also currently managing the GDG chapter in Pisa. In his free time, he also loves photography, hiking, and cake design.
Do you exactly know what's your app doing when you deliver it to your users? Are you 100% sure? Would you bet on this? You're probably confident with the code you wrote and you know what is doing. But what about the code that others wrote? We pull dependencies from the online repositories every day. Our applications strongly rely on external libraries that are hosted on public Maven repositories. What if one of those library contains some malicious code? Imagine a library that starts harvesting your user data without you knowing it. In this talk we will see how to monitor and protect your application from malicious dependency on the web that might end up in your final compiled App.