Easy Secure Internet Access in Android

The lock knows not who holds the key
The lock knows not who holds the bolt-cutter
— Some balding guy (probably not Confucius)

Objective: Keep Private Communications Private

  • Data security "in motion"
  • CIA
    • Confidentiality: block ability to read the communications
    • Integrity: block ability to modify the communications
    • Availablity: block ability to block the communications

Foundation: HTTPS

  • It just works... most of the time
  • Encrypts data in transit between communications points (client to server)
  • CIA
    • Confidentiality: if encrypted well, cannot be read
    • Integrity: no keys to encrypt altered content
    • Availability: SSL does not help a lot

What Not To Do

  • Problem: SSL certificate errors
    • Unrecognized certificate
    • Self-signed certificate
  • Non-Solution: Accept-all TrustManager
    • Readily enables MITM attacks
    • Gets you banned from the Play Store

Death by a Thousand Edge Cases

  • What if... we need to use some other certificate authority?
  • What if... we need to use a self-signed certificate for our test server?
  • What if... some certificate authority gets hacked?
    • Direct hacks: Comodo, TURKTRUST, etc.
    • Bugs the size of houses: StartSSL
  • What if security is really, really important for our users?

The 7.0 Solution

Network Security Configuration

  • XML resource describing rules for network security
  • Rules get applied to all your network communications from your app... except WebView

The Backport

CWAC-NetSecurity

  • 7.0's network security configuration code, pulled into library
  • Minor modifications to work back to API Level 17 (Android 4.2)
  • Two lines of Java code to use backport pre-7.0, use native implementation for 7.0+... if you use OkHttp3 or HttpURLConnection

Integrating the Solution

  • Create XML resource with rules
  • Add to your manifest
    • Native: android:networkSecurityConfig on <application>
    • Backport: <meta-data>
  • Backport
    • Add library to build.gradle
    • new TrustManagerBuilder().withManifestConfig(ctxt)
    • Tie the TrustManagerBuilder into your HTTP client

Configuration XML

  • <domain-config>: rules for a particular domain/set of sub-domains
  • <base-config>: baseline rules, if any
  • <debug-overrides>: rules only for debuggable builds

Adding New Valid Certificates

The Problem

  • Server uses an obscure certificate authority
  • Server uses a disavowed certificate authority
  • Server uses a private/enterprise certificate authority
  • Server uses a self-signed certificate

Adding New Valid Certificates

The Solution

  • Create a raw resource with the root certificate of that authority
  • Add <certificates src="@raw/..."> and <certificates src="system"> to configuration
  • Optional: <certificates src="user"> for user-defined certificates (not supported in backport)

Limiting Possible Authorities

  • Create a raw resource with the root certificate of that authority
  • Add <certificates src="@raw/..."> without anything else to configuration
  • Skipping <certificates src="system"> blocks all default CAs

Pinning Certificates

  • Create a <pin-set> element in configuration
  • Add 1+ child <pin> with certificate hash via openssl x509 -in server.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
  • Decide on expiration date, if any (fails open after that date)

Banning Cleartext Traffic

  • Native 7.0: cleartextTrafficPermitted="false" on a configuration element to ban for that scope
  • Native 6.0: android:usesCleartextTraffic="false" on <application>
  • Backport: native 7.0 approach works for OkHttp3 integration

Debug-Only Behavior

  • Put rules in <debug-overrides>
  • Example: self-signed certificate only for debug builds

Backport: Flexible Configurations

Or, Testing Manifest-Declared Stuff is Painful

  • Use withConfig(), supplying a Context and the XML resource ID
  • Benefits
    • Can choose different resources at runtime based on situation
    • Always uses the backport, for consistency across OS versions

The Problem with Pinning

  • Pinning requires knowledge ahead of time of what domains you will hit
  • Cases Where That Falls Flat
    • Somebody else is choosing domains (e.g., ad network library)
    • User supplies domains (e.g., Web browser)

Certificate Memorization

Pinning. Sorta.

  • If you see an HTTPS connection with an unrecognized certificate, ask the user what to do
    • Proceed and remember this certificate
    • Proceed once, but warn user again later
    • Abandon ship!
  • TOFU: Trust on First Use
    • First time seeing certificate for domain, assume it is good
    • Warn if see a different certificate for that same domain

Soft-Banning Cleartext Traffic

  • Use StrictMode with detectCleartextNetwork(), on Android 6.0+
  • You control the policy
  • Scenario: crash in debug builds, log in production builds

Tor

  • The Onion Router... even though Tor is not an acronym
  • Effectively a series of proxy servers, to decouple source of request from its destination
  • Onion servers: only reachable via Tor network
  • Bad reputation here in the West, considered haven for bad behavior
  • Designed for anti-censorship
  • Example: million-plus users access Facebook through it

Tor and the CIA

  • Confidentiality: does not help a lot
  • Integrity: does not help a lot
  • Availability: if Tor itself is not blocked, cannot readily block content delivered via Tor

Orbot

  • Tor client for Android
  • Offers proxy server apps (SOCKS and HTTP), routing traffic through Tor
  • Only really effective for apps that allow configurable proxies, or on rooted devices

NetCipher

  • Library to make it easier to connect Android apps through Orbot and Tor
  • StrongBuilder implementations to configure popular HTTP client APIs
    • HttpURLConnection
    • OkHttp3
    • Volley
    • Apache HttpClient (independent packaging)

End-to-End (E2E) Encryption

  • Communications between users, where server transmits data but cannot read contents beyond routing
  • PGP, similar approaches for asynchronous communications (e.g., email)
  • CIA
    • Confidentiality: encrypted materials cannot be read
    • Integrity: cannot encrypt materials sans key
    • Availability: E2E does not help much here

E2E Instant Messaging

  • OTR
  • Signal Protocol (formerly Axolotl Protocol)
    • WhatsApp
    • Facebook Messenger (experimental)
    • Google Allo private messaging

Questions?