Explore the critical security vulnerabilities in Android authentication protocols through this Black Hat conference talk. Delve into the risks associated with authenticator management in Android apps, focusing on potential leakage through backup channels. Examine how most apps store credentials in persistent storage, relying on Android OS for protection, and learn why this approach can be problematic. Discover how backup apps on Google Play may inadvertently expose sensitive data to malicious apps with basic permissions. Follow the speaker's systematic investigation of this overlooked attack vector, including the development of a proof-of-concept app called AuthSniffer. Understand the widespread nature of this threat, affecting 68.4% of top-ranked apps with authentication schemes. Gain insights into various authentication types, backup mechanisms, and potential mitigation strategies for developers. This comprehensive analysis aims to raise awareness about the importance of secure authenticator management in Android app development and protocol design. Read more