On Wed, Jun 30, 2021, at 12:55, Nathan of Guardian wrote:
> Thanks for the always thorough and thoughtful updates and analysis, Mark.
Happy to help, and thanks for the kind words!
> Wouldn't it be possible to build a library that we include in our apps
> that inspects the APK files at runtime on a device, and looks for the
> transparency files in the APK, and even checks the hashes. This could be
> done as a "App Integrity Check" on first run.
The app packager (Google, Amazon) could remove the code that does that check,
or at least nerf it. For example, replace:
if (isMyAppOK()) {
proceed()
} else {
abandonShip()
}
with:
if (true) {
proceed()
} else {
abandonShip()
}
The premise here is that because they have app signing authority, then they
have the technical capability to modify anything that they want in the App
Bundle (APK for Amazon). You start to get into the same sort of arms race that
developers fight and lose with those who try to reverse-engineer apps.
The combination of your proposed library and a robust obfuscation system might
help prevent bulk modification of apps. That starts to impose other limits
(e.g., can't use Crashlytics for bug reporting, because then you're uploading
the de-obfuscation maps to Google). It also won't block a determined attacker
who is going after a few specific apps (e.g., intelligence agency of a country
that strong-arms Google into distributing tampered apps).
I think that the library that you propose will almost "fall out of" work to
create a library for checking the integrity of other apps. Having it probably
won't hurt.
--
Mark Murphy (a Commons Guy)
https://commonsware.com | https://github.com/commonsguy
https://commonsware.com/blog | https://twitter.com/commonsguy
_______________________________________________
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org
