Speaker

Ed Holloway-George

Ed Holloway-George

Lead Android Developer @ ASOS | Android GDE

Nottingham, United Kingdom

Ed Holloway-George is an Android Developer and Google Developer Expert originally from Oxford, UK but now currently residing in Nottingham, UK.

An Android developer for over 10 years; Ed now works for ASOS as a Lead Developer having previously worked on well-known applications such as National Trust, My Oxfam, Snoop, Carling Tap and many more.

In his spare time, Ed can be found tweeting and posting pictures of his dog.

Area of Expertise

  • Information & Communications Technology

Topics

  • Android
  • Developing Android Apps
  • mobile security
  • Android Enginineering
  • Android Tools
  • Android Software Development
  • MobSec
  • OWASP

How to stop the ‘Gradle Snatchers’: Securing your builds from baddies

Following on from one of the first recorded supply chain attacks against Gradle, this talk will discuss the security concerns surrounding our favourite build tool and how we can protect against them. This starts with gaining an understanding of some of Gradle's common vulnerabilities and how to avoid these within our projects. You'll leave this talk with:

- Insights on the Gradle Wrapper supply-chain attack and how to protect against it.
- An overview of a Gradle dependency attack and how to protect against them.
- A concrete list of security setting best practices within Gradle, including wrapper verification, repository filtering, dependency verification and others.

Sorting and Reporting Your Dependencies with Gradle

All apps have dependencies, but what is the best way to manage and keep on top of them? This session takes a look at some simple steps, tools and tricks to use Gradle to help us make dependency management far easier.

Starting with simple Gradle language features, we will also explore how to handle dependencies within more complex projects, dive into some useful Gradle plugins and finally look into what the future of dependency management within Android may be.

You'll leave this talk with a clear understanding of how to improve your dependency management within your apps and how to apply them in future.

Implementing config-driven experiments that don’t require a release

At ASOS there’s an ever increasing demand to run experiments at scale in our native apps (the Android app alone has 10M+ installs). Tired of having to manually implement and release each experiment individually, and then having to wait for enough people to get it, we built a custom “Url Injection Framework” which makes it possible to implement configuration-driven experiments that can modify any API call or network request without requiring app changes and releases.

How to become your app's 'security champion'

In this session, we will take an introductory look at mobile security, the threats we face as mobile developers and the steps you can take to become a 'security champion' for your app to protect your business and, most importantly, your users.

Don’t get stung by OWASP - An intro into writing code for greater Android Security

In this session, we will take a dive into OWASP's top threats for mobile security, the common Android security pitfalls we all succumb too and look how we may code in a more security-focused mindset going forwards.

Don’t get stung by OWASP II - The final five!

Following on from my 'Don’t get stung by OWASP' talk at Android Worldwide Jan 2022, this talk takes an in-depth look at the final five largest security threats to us as Android developers as determined by the OWASP Top 10 for Mobile.

As a pre-requisite, it is highly recommended you watch Part 1 of this talk, which is freely available on the Android Worldwide YouTube channel.

droidcon Berlin 2023

July 2023 Berlin, Germany

droidcon London 2022

October 2022 London, United Kingdom

droidcon London 2021

October 2021 London, United Kingdom

Ed Holloway-George

Lead Android Developer @ ASOS | Android GDE

Nottingham, United Kingdom