• Grey Facebook Icon
  • Grey Twitter Icon
  • Grey YouTube Icon

Droidcon is a registered trademark of Mobile Seasons GmbH

MUwS, PHA, vulnerabilities: A walk through on what not to do

A Day in the Life of a Mobile Malware Reverse Engineer

Salvador Mandujano

Android Developer


Salvador Mandujano is a member of the Android Security and Privacy team at Google, where he leads malware research for Google Play. His areas of expertise include mobile security, vulnerability analysis and secure system architecture. Before Google, Salvador was a SoC security architect at NVIDIA and a security researcher with Intel. He holds Master's degrees from Purdue University and The University of Texas at Austin and a PhD in A.I. from Monterrey Tech in Mexico. He lives in San Jose, California, with his wife and their two sons.


Mobile unwanted software, potentially harmful applications, and vulnerabilities are three important threats that may impact the security and privacy of Android users if applications are not properly designed and implemented. As an Android developer, it is important to understand the practical risks that buggy code, untrusted SDKs and limited disclosure to users represent in order to anticipate and prevent incidents with their apps. This session by the Google Play Protect reverse engineering team will analyze specific examples of application behaviors and code issues that may cause problems to users and developers in the three areas above, from data collection and dynamic code loading, to the abuse of SMS functionality to commit fraud. The audience will learn how to prevent their Google Play or off-market application from being flagged as malicious by Google Play Protect, and how to make design choices that enhance the privacy of the user and the security of the data the application handles.

Android applications are a powerful vehicle to deliver content and new experiences to the users of mobile devices. Unfortunately, bad actors can also use this type of applications to steal information, user credentials and commit fraud. This talk will describe how the members of the Android malware research team identify malicious applications on a daily basis, from detecting spyware to finding and responding to phishing campaigns. We will introduce some of the most severe malware categories, static and dynamic analysis considerations that reverse engineers need to have in mind when studying Android apps, and common obfuscation challenges that need to be resolved in order to produce evidence that an app's behavior is affecting users and violating Google application safety policies.