Sommaire

  • Cet exposé a été présenté le 06 janvier 2023.

Description

  • Orateur

    Romain Thomas (Quarkslab)

SafetyNet is the Android component developed by Google to verify the devices’ integrity. These checks are used by the developers to prevent running applications on devices that would not meet security requirements but it is also used by Google to prevent bots, fraud and abuse.In 2017, Collin Mulliner & John Kozyrakis made one of the first public presentations about SafetyNet and a glimpse into the internal mechanisms. Since then, the Google anti-abuse team improved the strength of the solution which moved most of the original Java layer of SafetyNet, into a native module called DroidGuard. This module implements a custom virtual machine that runs a proprietary bytecode provided by Google to perform the devices’ integrity checks.The purpose of this talk is to make a state-of-the-art of the current implementation of SafetyNet. In particular, we aim at presenting the internal mechanisms behind SafetyNet and the DroidGuard module. This includes an overview of the VM design, its internal mechanisms, and we will introduce the security checks performed by SafetyNet to detect Magisk, emulators, rooted devices, and even Pegasus.

Prochains exposés

  • Vers l’émergence d’un droit européen pour la Blockchain : Une approche sous l’angle de la Privacy et de l’encadrement des crypto-actifs

    • 05 décembre 2025 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Aurigny room

    Orateur : Damien Franchi - Univ Rennes, IODE

    La Blockchain, technologie derrière Bitcoin, fait l’objet d’un encadrement juridique de plusen plus important, en particulier de la part de l’Union européenne. Curieusement, le mot« Blockchain » n’apparaît pas dans les textes l’encadrant. Les expressions « technologie deregistres distribués » (Distributed ledger technology, DLT), ou, parfois, « registreélectronique » lui sont plutôt privilégiées.[…]

    • SoSysec

    • Law

  • Blockchain and digital currencies: between European regulation and technological challenges

    • 05 décembre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Aurigny room

    Orateur : Loïc Miller - CentraleSupélec

    As the European Union develops a legal framework for crypto-assets and data protection, the technological question underlying the emergence of a genuine digital currency remains open. Blockchain today stands as an interdisciplinary field of study at the crossroads of computer science, economics, and law. This presentation will place the ongoing regulatory framework in perspective with the[…]

    • SoSysec

    • Distributed systems

  • Hardware-Software Co-Designs for Microarchitectural Security

    • 11 décembre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Petri/Turing

    Orateur : Lesly-Ann Daniel - EURECOM

    Microarchitectural optimizations, such as caches and speculative out-of-order execution, are essential for achieving high performance. However, these same mechanisms also open the door to attacks that can undermine software-enforced security policies. The current gold standard for defending against such attacks is the constant-time programming discipline, which prohibits secret-dependent control[…]

    • SoSysec

    • Hardware/software co-design

    • Micro-architectural vulnerabilities

Voir les exposés passés
Haut de page