Modern Android App Security: Protecting Code, Keys, and Data

Abstract
In today’s mobile landscape, Android apps are prime targets for reverse engineering, key extraction, and tampering, especially with tools like Magisk, Frida, and advanced malware campaigns.
This 20-minute talk breaks down the real-world threats Android apps face today and shows how to defend against them effectively, without compromising speed or usability. We’ll move beyond generic advice and focus on what actually works in production, covering advanced obfuscation, anti-tampering, runtime protection, and key management strategies.
Whether you're building a high-scale consumer app or a work app, you’ll leave with practical guidance you can apply immediately from development through deployment.
Key Takeaways
- Learn how attackers use rooting, dynamic instrumentation, and reverse engineering to compromise Android apps.
- Understand the limits of ProGuard/R8 and when to apply stronger protections like anti-tampering and advanced obfuscation.
- Discover best practices for securing cryptographic keys and sensitive logic inside the app.