five years of mobile security

Posted by trammel at 2020-04-16

2010 can be regarded as the first year of modern mobile security. Prior to that, the main threat to mobile platforms was the six-year-old proliferation of malicious code and system vulnerabilities on Symbian. This year, Apple released iOS 4, and Google released Android 2.1, 2.2 and 2.3 in succession. Smartphones are really mature and popular. Also in this year, the first Android malicious code fakeplayer appeared, Android root exploit code exploid was disclosed, cross platform mobile online banking Trojan zitmo was found, mobile game piracy and cracking are in full swing. In the same year, IOS jailbreak was recognized as legal in the United States, and various kinds of research on Android security began to appear at top academic conferences. White hats of dark cloud platform began to report the loopholes in mobile applications, and domestic entrepreneurial teams and it giants gradually turned their attention to this emerging field.

In this field, no matter in technology or business, new platforms and old ideas are constantly blending, and there are many events, companies and people worth remembering. Today, from this point of view, we review the path of mobile platform malicious code, software vulnerabilities and software copyright issues.

Limited to space, our discussion will focus on Android and IOS, not on systems that have declined or have not yet risen, such as Symbian, windows mobile, Windows Phone, WebOS, BlackBerry OS and Firefox OS. On the other hand, mobile security should also include communication security byod / MDM, device forensics, data recovery, embedded device security and other directions, which are not discussed in this paper.

Mobile malicious code

Ikee, IOS's first worm, was discovered in Australia in November 2009. It attacks IOS devices after jailbreak, and spreads itself by using the default password of SSH service after jailbreak as "Alpine" (as shown in Figure 1). In August 2010, fakeplayer, the first recognized Android malicious code, was found in Russia. Its main behavior was to send a withholding message. In fact, as early as the beginning of 2010, there were advertisements and extortion on Android.

Figure 1. Key code for worm. IPhone OS. Ikee. A (from Kaspersky)

On December 29, 2010, the second Trojan on Android platform, geinimi ("give you rice"), appeared, which is also the first domestic android malicious code. This very early family realized the mainstream attack technology in the next year once in place: in terms of attack, it realized remote control, interception and deletion of short messages, return of short messages, call, installation of software, etc.; in terms of confrontation, it adopted code confusion, code encryption, entry point code deformation, TCP layer direct communication and other technologies. The simple and convenient software development of mobile platform allows attackers to give full play to their imagination and quickly realize their ideas.

Table 1 growth of Android malicious code (from Antan Lab)

Since 2011, the number of Android malicious codes has increased exponentially (as shown in Table 1). The reasons for this situation include:

The emergence of repacking technology and the subsequent improvement of automation tools made it possible to automate the mass production of viruses on Android; the threshold for Android Software development was very low, until 2014, there were still completely new worms in a short period of time, which were exaggerated and hyped by giants and media; the emergence of SmalI, a Dalvik assembly tool, made Android possible D binary code for automatic confusion, deformation, transformation of the difficulty to reduce, increased the difficulty of confrontation; domestic users did not form, (limited to policy reasons) is not likely to develop the habit of downloading applications from the official market, and there is no threshold, no technology, no security awareness of the third party market, software download station and player forum to facilitate the spread of malicious code The nonstandard sales channels of mobile phones have given birth to the gray industry of brush, which has further become a new way to spread malicious code.

Different from the history of PC and Symbian era, Android malicious code has been completely profit-making from the beginning. This has a lot to do with the gradual maturity of the division of labor in the underground industry chain. In China, the profit of mobile malicious code can be divided into two stages. Before 2012, the attacker and SP were divided into two groups, mainly sending withholding SMS to sp number to subscribe to value-added services. After 2012, the State Department rectified SP's irregular behavior and gradually turned to software promotion and advertising push, and opened new channels such as washing machine and pre assembly of goods. In the same way, due to the immature development of the "industry" of personal information trafficking, stealing SMS, call records, software information and other acts, although they also occur from time to time, are not the main threat.

In western countries, due to the lack of industrial links, mobile finance and mobile payment become more important targets for attackers. Among the Trojans related to mobile online banking, the most famous one is zitmo, which is the mobile version of Zeus (Zeus), the famous online banking Trojan horse on PC (as shown in Figure 2). On September 25, 2010, the Symbian and blackberry versions of zitmo were discovered; in 2011, Android and windows mobile versions were discovered. It infects users' mobile phones by phishing, and works with Zeus to intercept the mtans sent by banks to mobile phones. By the end of 2012, zitmo had infected more than 30000 users and stolen 36 million euros in Europe!

Figure 2 Fishing interface of Zeus propagating zitmo (from NSS labs)

In the era of smart phones, attackers only need to write a few lines of code to read SMS, intercept SMS, send SMS as a user. However, until now, banks, payment platforms, financial institutions and other kinds of online service providers at home and abroad always regard SMS as a safe factor of identity authentication. This unreasonable assumption reflects the traditional industry's conservatism and the extreme inadaptability to the security features of the new platform.

From 2012, Google began to pay attention to the security enhancement of Android framework layer. In February of that year, they also announced a project called bouncer to conduct dynamic sandbox analysis on Google play software to find malicious code. By 2013, the industry can clearly feel that the number of malicious code on Google play has been well controlled, and the situation of foreign users encountering Android malicious code is relatively reduced. The "frontier technology development" of this problem has basically shifted to China. The most typical representative is the oldboot family that I found in January 2014. As the first real boot zone virus of Android platform, it enters the boot partition of Android system through the way of channel swiping. Because of the characteristics of this partition, ordinary antivirus software does not even have the right to scan the sample file, even if it can be detected after extraction, it cannot be removed by conventional methods.

Let's look at the IOS platform. Since ikee's discovery, only a few spyware and advertising pieces have appeared on the system for post jailbreak devices. The only IOS malicious code for non jailbreak devices is fandandcall, which appeared in July 2012. Its main malicious behavior is to collect and return address books, send SMS in bulk to promote itself. It even evaded Apple's application audit process and entered the app store.

But by the first half of 2014, there were three new malicious codes on IOS platform. They are all implemented based on the Cydia Substrate framework, aiming at the devices after prison break. Among them, adthief grabs the advertising revenue of other developers by replacing the promotion ID of 14 kinds of advertising libraries; unfold steals the user's Apple ID and password by monitoring the network data; appbuyer further simulates iTunes protocol to purchase software from the app store on the basis of stealing Apple ID and password to realize "software promotion". These three new malicious code attack sources and targets are all located in China, and adthief has infected more than 75000 IOS devices.

The emergence and overflow of mobile malicious code brings a new direction to the security industry. From 2010, traditional security vendors began to focus on Android. Up to now, Tencent, Baidu, 360, Jinshan network (cheetah) and other domestic giants have launched Android security products with anti-virus as the core function, and obtained hundreds of millions of users. Ali is also conducting independent research and development of Android anti-virus engine.

As the technical threshold seems not high, there are many start-ups emerging in this direction. However, with the emergence of massive viruses and the continuous evolution of attack and countermeasure technology, only a professional team with profound experience and rapid response can achieve long-term success. For example, the anti-virus engine focused Antan lab finally won the first place in the world in the 2013 av-test annual test, realizing the breakthrough of Asian anti-virus companies. Around the protection of malicious code, there are also some new products in China. For example, LBE security masters find and intercept malicious behaviors in real time based on active defense, which later became a standard configuration of domestic mobile phone security products.

In Silicon Valley, the Chinese entrepreneurial team around Android anti-virus has also made remarkable achievements. In February 2013, trustgo was finally acquired by Baidu through its proud achievements in Android antivirus engine, while trustook and virusthread started a new round of journey around topics such as apt and big data association analysis.

In the history of Android malicious code attack and defense, Chinese (especially domestic) researchers have made outstanding contributions to the whole industry through academic research and open source projects. For example, pan Xiaobo's dex2jar is the most popular APK decompilation tool up to now; Dr. Jiang Xuxian and Zhou Yajin found nearly 30 new malicious code families, and released Android malware genome projects benefiting the world; Yang Kun participated in the development of the malicious code sandbox droid box; Zheng Cong and Tian Yuan developed the first open-source comprehensive interactive analysis tool, apkinspector. In recent years, at the Top 4 academic conference, nearly half of the achievements of mobile security were made by Chinese scholars, among which Dr. Yang Min of Fudan University published two papers on mobile security at the same time in ACM CCS in 2013.

Mobile systems and software vulnerabilities

Let's first look at the system security of IOS. IOS has been tied to the word "jailbreak" since the first day of its release. The traditional jailbreak is to release the lock of IOS hardware devices on mobile operators, and to bypass the signature requirements and sandbox restrictions of IOS on ordinary application software, so as to install third-party application software, realize more complex software functions and even directly modify system functions. The nature of this behavior is the user's pursuit of free control of their own devices. Therefore, driven by the eff, the United States began to recognize the legitimacy of IOS jailbreak in 2010. However, after it was introduced into China, IOS jailbreak is more associated with software piracy, which has become a gray behavior.

The security design of early IOS system is not perfect. On July 10, 2007, 11 days after the release of IOS 1.0, the jailbreak for IOS 1.0 appeared, even earlier than the first IOS device. In the same year, George Hotz, a talented hacker, was the first to unlock the iPhone. Jailbreak tool, Jailbreakme, in version 3.0, takes advantage of a vulnerability in the rendering of PDF files in Safari mobile version to achieve the effect of jailbreak by visiting a website (as shown in Figure 3).

Figure 3. Jailbreak for Jailbreakme 3.0

Apple then fixed the leak and began a series of technical confrontations with the jailbreak community. From 2 to 6, the jailbreak of iOS system appeared within nine days after the system was officially released. To IOS 7.0, users waited 95 days for the release of evasi0n7 due to various defense mechanisms and timely patches. The latest version of IOS at the time of writing is 7.1. The first public perfect jailbreak of this version was completed by Pangu team based on Chinese security research group 0x557, which is also the first time that Chinese released IOS jailbreak tool.

In the past few years, denial of service, information disclosure, remote code execution, XSS, lock screen bypass and other vulnerabilities are also common on IOS systems (as shown in Figure 4). For example, the coretext rendering engine problem in August 2013 affected safari in IOS 6 and other applications using WebKit, resulting in the event that domestic microblogs, wechat, etc. can no longer open the software after receiving special messages.

Figure 4 IOS system vulnerability number and type statistics (from cvedetails. Com)

In the direction of IOS system vulnerability, the keen team in China won the pwn2own Competition Award representing the highest level of vulnerability research in the industry twice in 2013, showing their top level of IOS and safari security research. Dr. Wang tielei of Georgia University of technology in the United States has also published the research results of IOS vulnerability utilization technology in top academic conferences for many times.

Compared with IOS, Android has a more open system design and industrial ecology. With the increasing share of devices, the loopholes in this "grounded" system are always noticeable.

The first root of Android appeared on November 5, 2008. For the first Android phone HTC G1, the main purpose of user root's own phone is to customize the system (as shown in Figure 5). In addition to root, another way to customize the system is to unlock the bootloader and then directly brush in the third-party ROM. Therefore, the vulnerability exists not only in the operating system, but also in the bootloader.

Figure 5. The latest universal root tool, towelroot

From 2010 to 2012, there were many common root vulnerabilities in Android, and the exploit code was also disclosed. For example, exploid in July 2010, zimplerlich in February 2011, ginger break in May, mempodroid in August 2012, and rageagainstthecage, zergrush, etc. They are for system versions from 2.1 to 4.0. During this period, many malicious codes contain these root exploit codes, which can obtain root permission and install themselves as system pre installed software.

In June 2012, Google released Android 4.1, and then gradually introduced complete ASLR, pie, SELinux, nosetuid, fortify source and other security mechanisms. These common vulnerabilities gradually came to an end. However, in 2014, there were two new general-purpose rights raising vulnerabilities on Android again, one was Android bug 12504045 (the vulnerability was not disclosed until many years later in the underground world); the other was cve-2014-3153 (the Linux futex vulnerability used by towelroot). At present, no malicious code has been found to exploit them, but it is believed that it has not been for a long time.

In addition to the root vulnerability, there have been various problems in the framework layer of Android, such as cve-2013-6271 lock screen bypass, etc. Among them, the most famous and influential are the master key vulnerability in 2013 and fakeid vulnerability in 2014 (please pay attention to the programmer's September 2014 issue "detailed explanation of Android fake ID signature vulnerability"), which were initially discovered by a new company called bluebox. Through these four vulnerabilities, attackers can forge the most basic application signature in the Android security model, further bypass the Android permission model, and carry out various attacks. These vulnerabilities affected almost all versions of Android at that time, and the principle and utilization code had been fully disclosed before the mobile phone manufacturers pushed security updates, which led to the greatest security problems. In August 2013, we found that the first master key vulnerability was exploited by all software in an application market in China. It is worth mentioning that the second masker key vulnerability was found by the "Android security team" (later renamed "catfish") of Marvell China's security team.

In addition to the operating system, there are many security vulnerabilities in IOS and Android applications. For details, please refer to my previous articles in programmer. In addition to the common data storage, data transmission, bypass leakage and so on, there has been a kind of problems with unique platform characteristics on Android: permission re delegation and capability leakage caused by the exposure of communication interface between applications. In the early days, this kind of problem existed in almost half of applications, even in many Android pre installed software. For example, in November 2012, Dr. Jiang Xuxian found that there was interface exposure in Android's pre installed SMS application. Any third-party software does not need relevant permissions, nor does it need to call the relevant system API to locally construct the received SMS. A week later, we found a new virus that took advantage of this vulnerability in China, which brought exceptions to the malicious code detection model.

Even though it is common, the vulnerability of IOS and Android application software has not been paid enough attention by developers. This may be related to the attack surface and the consequences of the attack. In most cases, to exploit this kind of vulnerability, the target device needs to install the vulnerable software, and then install another software on the target device for local attack. That's hard enough. Even so, the most successful attack is to get a user's account or data. Compared with this, most of the traditional server-side vulnerabilities or web system vulnerabilities can be scanned and attacked at any time, and the data of all users of the system can be obtained at one time.

However, exceptions always exist. For example, the problem of remote code execution in addjavascript interface can lead to remote attacks on common applications. In fact, the JavaScript interface problem in Android has been known in the industry for several years. Google and other security companies have emphasized it in the documents for many times. However, in 2013, many popular software (especially the vast majority of mobile browsers) in China still have this loophole, which makes people sigh. From the perspective of the new problems such as uxss in 2014, the security problems brought by the features and vulnerabilities of WebView to ordinary applications can be developed for a long time.

Among equipment manufacturers, Samsung is a model of safety. They have made a lot of security enhancements to Android in their devices since the Knox solution launched in early 2013, some of which will be incorporated into the upstream trunk of Android from the end of 2014.

With the continuous emergence of mobile platform system and software vulnerabilities, there are also some third-party entrepreneurial teams and new products in China. Some of them have Chinese characteristics, such as "one key root" products. This tool usually integrates all kinds of known or independently discovered root privilege raising vulnerabilities, adapts to popular mobile phone models, automates the root process, and loads root management tools. This kind of products provide more stable technical solutions, save the time for users to find root solutions, and reduce the technical threshold, so they are popular. For users, using root permission can not only further customize the mobile phone system (especially simplify pre installed software), but also give security software higher permissions, so that it has at least the same permissions as advanced malicious code. By the end of 2013, there were more than 10 kinds of such products in China, of which kingroot was purchased by Tencent, and Baidu, 360, etc. successively launched relevant products.

Another kind of new business is the security audit of mobile applications, which has two modes. One is the crowdsourcing model represented by the cloud crowdsourcing. Since 2010, white hats have reported more than 300 Android and IOS software vulnerabilities in the dark cloud. Since 2014, mobile applications have become the hot target of such crowdsourcing. Another mode is the professional service provided by the mobile application penetration testing team represented by Moby in Shanghai. Compared with crowdsourcing, it can evaluate the security of the software more comprehensively. From 2013, Party A's Internet enterprises began to pay more attention to this direction, for example, Tencent TSRC carried out a special activity of vulnerability reward for mobile client products. But at present, no matter the crowdsourcing platform or the security center of these internet giants, the threat assessment of mobile application vulnerabilities is still at a rough and primitive level.

Software copyright attack and defense

In the mobile platform, when the third-party application begins to appear and the application market rises, piracy, cracking, tampering, redistribution and so on also rise. In China, this problem has even formed a huge industrial chain, which has become a threat that all developers have to pay attention to.

Technically, the realization and popularization of such attacks are often closely related to system architecture design, system security mechanism, industrial ecological environment, user habits, etc., and the defense mechanism also depends on these factors. Therefore, once these situations change greatly, they may lead to sharp changes in attack and defense. The biggest challenge comes from the art runtime environment launched by Android 4.4, which will replace the Dalvik virtual machine when Android 5 is released, resulting in almost complete failure of all kinds of protection schemes based on Dalvik runtime modification or dynamic loading mechanism.

On IOS, around 2010, with the growth of iPhone users in China, software piracy distribution began to rise, especially for DRM removal of paid games. Apple uses DRM signature mechanism related to account and device for all app store applications. Through memory dump, attackers can extract the decrypted code and make a new software package for distribution. The installation of such pirated games is also a main purpose for ordinary users in China to escape from prison. In November 2011, when the app store supported the purchase of domestic bank cards in RMB, the number of jailbreak users decreased in a short period of time, even equivalent to the release of a new version of IOS.

The biggest innovation of domestic attackers in this kind of piracy is that at the end of 2012, the "quick use assistant" and other tools realized the technology of installing pirated software without escaping prison. They fully simulate the local iTunes protocol, and cheat IOS devices through PC, so that they think the synchronized software has been purchased and legally authorized. So far, more than six tools have adopted this technology.

By 2013, the copyright issues of IOS games and applications have included: the cracking of in app purchase, mainly the man in the middle attack when the software does not verify the purchase receipt in the cloud, which is another attack without prison break; application code and configuration file modification; man in the middle attack and two-way fraud of network data transmission; application key memory location and memory modification; basic Modify the debugging code in real time; purchase and distribute DRM records to crack the software. And the underground industry chain has developed into the local archive record of popular games or the automatic memory patch tool can be bought on Taobao.

Around IOS games and applications, there are other security issues, such as stolen credit card consumption, foreign gift card exchange rate difference, and app store listing. This paper does not elaborate on it.

The copyright issue of Android apps is more Chinese. Due to well-known reasons, since 2012, no matter from the support of system service framework or network environment, domestic users can not download software directly from Google play, let alone pay for the purchase of software or in app payment. In addition to advertising, domestic developers are more accustomed to using the third-party payment platform or online value-added services to realize the license mechanism profit. Therefore, the piracy of Android Software is more traditional to realize license cracking by modifying the code. Until around the end of 2012, with the gradual standardization of market order, many domestic application markets began to negotiate with foreign developers about copyright and introduce genuine software, becoming a new distribution channel of genuine software.

In the era of traditional PC, the main ways for pirates to gain profits include embedding malicious code (with large profits but high risks), and bringing users to online distribution platform (with low risks but small profits). For Android Software, pirates have found a new middle way to make money based on repackaging Technology: embedding ads. We began to observe this problem in 2010, and there is no sign of abatement until now.

On the other hand, due to the development compatibility of the system and the existence of a high proportion of root users, there have been many powerful game modification tools on Android platform since 2011. The representatives include gamecih (as shown in Figure 6), eight door artifact, huluxia, pancake burner, fork assistant, etc., all of whose names are very grounded, and some of them have also launched IOS versions. Software acceleration, memory automatic search and location, memory locking and other popular plug-in technologies in the PC era have all appeared on Android in 2011. Gamecih is one of the earliest, whose author is Chen Yinghao, the author of the famous computer virus CIH.

Figure 6: running interface of gamecih, Android game modifier

In the face of this severe situation, domestic mainstream mobile game manufacturers have established a special product security team early, becoming the first company to deal with mobile security. On the other hand, it also gave birth to a new industry: application reinforcement.

Technically, application reinforcement is to directly shell and confuse the installation package of application software, to realize anti repackaging, anti reverse analysis, anti modification and cracking, anti debugging, anti memory dump, anti data tampering, etc. On Android, it is mainly based on the following niche technologies: dynamic code loading, code self modification, code memory decryption, code obfuscation and deformation, Linux anti debugging, code integrity self verification, custom loader, custom virtual machine and so on. These ideas and similar products have been very popular in the PC platform as early as the end of the 20th century. But on Android, the first one in China to see this opportunity is bang bang. This team, which was founded in October 2010, is composed of R & D and marketing personnel from companies such as Symantec. Six months later, it obtained round B financing of tens of millions of dollars. This has led to the emergence of more start-up companies such as Aetna and Naga. Finally, in 2013, Tencent, 360 and Baidu saw this demand of developers when operating the third-party application market, and launched their own reinforcement services; Ali used internal solutions in its products for a long time.

The development of reinforcement technology has brought additional influence to other safety belts. For example, these reinforcement technologies, tools or online services are directly used by attackers to protect their malicious code from being analyzed and detected. In fact, as early as 2010, geinimi adopted the obfuscation tool Proguard provided by Google in the Android SDK, which became the standard practice for a large part of Android malicious code. In June 2013, the so-called most complex Android Trojan, Obad. A, further used Proguard's commercial protection tool dexguard to comprehensively encrypt or confuse the code, resources, strings, manifest files, etc. At the end of 2013, the malicious code strengthened by the bang bang began to be discovered by domestic and foreign security companies one after another. At present, even foreign anti-virus companies report all the software strengthened by the bang bang bang as dangerous, and the severity can be seen. Due to the free use of Internet mode, which is widely used by domestic enterprises for such products, the technology with high technology content has become accessible to everyone. By 2014, a large part of Android malicious code has used commercial level reinforcement scheme, and mobile malicious code has entered a difficult period of peeling off which is a long time in the PC period.

The next five years?

It's hard to estimate what will happen to mobile security in the next five, three or even one years. However, looking at the past, we can observe some laws of technological and commercial development, so as to make a basic trend prediction, which is one of the purposes of exploring history.

In the direction of rapid development of mobile security, we can see two distinct characteristics: on the one hand, new platform architecture, new industrial environment, new attack methods, targets and means emerge one after another, which not only leads to the continuous change of user demand, but also requires that security research and development must keep pace with the frontier development; on the other hand, the technical ideas and industrial assumptions of attack and defense have not occurred significantly As a result, attackers still need to seek various ways to spread malicious code and make steady profits. Malicious code continues to use vulnerabilities to bypass permissions, use protection technology to counter analysis, and the technical framework of malicious code analysis and detection, vulnerability mining, and software reinforcement remains the same.

Along the same way, we can guess that in the next period of time, the security attack and defense of mobile platforms will present such a situation.

In addition to traditional attacks, malicious code will continue to develop in three directions: first, like PC platform threats, it will gradually become a part of advanced persistent threats (APT), more concealment and collection of associated information; second, it will launch a deeper technical confrontation with anti-virus parties around static analysis, dynamic analysis, automatic judgment, feature detection, killing and clearing; and third, it will continue to develop in-depth technology 3、 It is associated with PC platform, smart home, wearable devices, smart cars and other Internet of things facilities, so as to generate threats to the real world.

The vulnerability mining of system common components (such as WebView / WebKit, third-party library, etc.) will continue to deepen, and the vulnerability exploitation of framework layer and software layer will be used for real large-scale attacks; as mobile phones become new computing and communication centers, the attack value of upper application software data will be further highlighted.

The demand for software reinforcement and protection will gradually decrease with the maturity of industrial ecological environment and the change of user habits. With the continuous evolution of system architecture and the change of various operating environments, these technical solutions will again and again fall into the dilemma of system compatibility.

In business, we have seen from the previous cases that Internet giants and traditional security companies are not quick enough to respond in this direction. The entrepreneurial team with the first mover advantage has completed the early technology leading and market definition. In the capital market, the investment situation for security enterprises has been good. The emergence of multiple M & A cases in the direction of mobile security has made investors and entrepreneurial teams have a better exit guarantee. Security manufacturers have realized that only when they have accumulated profound security experience in mobile security technology confrontation can they launch more characteristic and real problem-solving products. This kind of good business environment promotes the evolution of technology and expands the development space of technicians. In the next few years, this direction will remain a hot choice for entrepreneurship, M & A and giants in China, and security R & D personnel will become one of the most important roles.

Author Claud Xiao, security researcher, moderator of "Android security" edition of Xuexue college, lecturer of hitcon, xcon, ISC, MDCC and other conferences, mainly focuses on anti-virus and software security of Android and IOS platforms.

MDCC 2014 Mobile Developer Conference opened in October: you are the protagonist!   

The annual mobile developer feast - 2014 Mobile Developer Conference (MDCC 2014) will be held in Crowne Plaza, new Yunnan, Beijing from October 31 to November 2. MDCC is the largest mobile developer event in China jointly hosted by CSDN and Innovation workshop. It is committed to promoting the growth of China's mobile Internet Ecosystem, and this year will usher in the fifth session. This MDCC will have 10000 + developers, 500 + application teams, 100 + well-known VC, 100 + platform providers, 100 + mobile game service providers to participate in the conference speeches, live exhibitions, and featured activities.

For more details, please check the official website of MDCC 2014. Tickets for the conference are on sale (booking now).

Related articles:

The agenda of MDCC 2014 mobile developers conference is fully announced!

Don't miss it! Eight reasons for attending MDCC 2014 mobile developers conference

MDCC 2014 highlights agenda, speakers, exhibition development team (Figure)

Essence review! Highlights and agenda summary of previous MDCC conferences

This is an original article of programmer. It can't be reproduced without permission. Please contact market ා CSDN. Net (ා replace with @) for reprint