Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024

Transcript

1. Why App Signing Matters for Your Android Apps Somkiat Khitwongwattana

   Android GDE @akexorcist

2. What’s App Signing in Android? Part of the Android app

   development process to ensure the integrity and authenticity of your app, and it's required for publishing your app on Google Play. .aab

3. Benefit Ensure that the app you release is the same

   app that you developed Security Integrity Ensure that the app you release is the same app that you developed

4. Signing Process .aab Signing Key

5. APK Signature Scheme This process verifies the authenticity and integrity

   of Android application packages (APKs), ensuring they haven't been tampered with and originate from the expected developer.

6. APK Signature Scheme • Developed specifically for APK files •

   Covers all files within the APK v2+ Scheme v1 Scheme • Based on JAR Signing • Doesn't cover all files in the APK

7. APK Signature Scheme • Version 2 • Version 3 •

   Version 3.1 • Version 4 v2+ Scheme v1 Scheme • Version 1

8. v2+ Scheme Before Signing After Signing Contents of ZIP entries

   Central Directory End of Central Directory APK Signing Block Contents of ZIP entries Central Directory End of Central Directory

9. Signature Algorithm • RSASSA-PSS with SHA2-256 digest, 32 bytes of

   salt • RSASSA-PSS with SHA2-512 digest, 64 bytes of salt • RSASSA-PKCS1-v1_5 with SHA2-256 digest • RSASSA-PKCS1-v1_5 with SHA2-512 digest • ECDSA with SHA2-256 digest • ECDSA with SHA2-512 digest • DSA with SHA2-256 digest

10. Signature Algorithm Supported keys sizes and EC curves • RSA

    1024, 2048, 4096, 8192, 16384 • EC NIST P-256, P-384, P-521 • DSA 1024, 2048, 3072

11. APK Signature Scheme v1 Supported across all Android versions Based

    on a technology called JAR signing, which has been used for a long time to secure Java programs. Not recommended for security and performance reasons

12. APK Signature Scheme v2 Android 7.0 (Nougat) or higher More

    robust way to verify the authenticity and integrity of Android application packages (APKs). It's like a tamper-evident seal for your app, ensuring that it hasn't been modified and truly comes from the developer you expect. • Speeds up app installation times • Verifies the integrity of the entire APK file • Smaller APK file size

13. APK Signature Scheme v2 Android 7.0 (Nougat) or higher •

    APK Signing Block • Hashing and Signing • Verification

14. APK Signature Scheme v3 Android 9 (Pie) or higher Builds

    upon the strong foundation of v2, adding a critical feature: key rotation. This allows developers to change their signing keys without disrupting app updates for users. • Strengthens security and enables future cryptographic upgrades. • Seamless updates from key rotation without any disruption or reinstallation

15. APK Signature Scheme v3 Android 9 (Pie) or higher •

    Proof-of-Rotation • Multiple Signers • Verification with Key Rotation

16. APK Signature Scheme v4 Android 11 (R) or higher Employs

    a detached signature format. This means the signature is stored in a separate file, offering several advantages. Streaming installations, where apps can be used even while they are still being downloaded.

17. APK Signature Scheme v4 Android 11 (R) or higher •

    Merkle Hash Tree • Streaming-compatible Signing Scheme • Incremental App Update Supports • Verification with .idsig file

18. APK Signature Scheme v3.1 Android 13 (T) or higher Builds

    upon the key rotation capabilities of v3, addressing some of its limitations and offering a smoother experience for developers and users. • Strengthens security and enables future cryptographic upgrades. • Specify a target SDK version for each signing key in the rotation chain. • Backward compatible with v3 • v4 compatible
19. None
20. None

21. // build.gradle.kts (:app) android { ... signingConfigs { create("release") {

    ... enableV3Signing = true enableV4Signing = true } } }

22. Play App Signing Google manages and protects your app's signing

    key for you and uses it to sign optimized distribution APKs that are generated from your app bundles. Keys are protected by Google’s Key Management Service.

23. Signing Process Upload Key .aab

24. Signing Process .aab App Signing Key

25. The key you use to sign your app bundle before

    you upload it on Google Play. Upload Key App Signing Key The key Google Play uses to sign the APKs that are delivered to a user's device.

26. Play Encrypt Private Key tool PEPK tool A tool to

    export private keys from a Java keystore and encrypt them for transfer to Google Play.
27. None
28. None

29. RSA key with 4096 bits (RSASSA_PKCS1V15) Play App Signing RSA

    key with 1024 bits (RSASSA_PKCS1V15) Android Studio Up to you keytool (CLI) For strong encryption strength, RSASSA-PSS with 4096 bits is recommended

30. • Android 13 (T) and above • Android 7.0 (Nougat)

    to Android 12 (S) • Below Android 7.0 (Nougat) Key upgrades on Google Play

31. Key upgrades on Google Play Android 13 (T) and above

    The Android platform enforces the usage of the upgraded key.

32. Key upgrades on Google Play Android 7.0 (Nougat) to Android

    12 (S) The Android platform does not enforce the usage of this upgraded key and still recognizes the legacy signing key as the app signing key. Google Play Protect will check that app updates are signed with your upgraded key, unless turned off by the user.

33. Key upgrades on Google Play Below Android 7.0 (Nougat) Use

    the legacy signing key as the app signing key.

34. Dual Signing Android 13 and higher will use the new

    key, older versions will use the old key. Google Play Protect Verifies that app updates are signed with the upgraded key. Provide an extra layer of security without fully enforcing the new key at the platform level. Google Play’s approach to key upgrades
35. None

36. Source Stamp Signer A security feature introduced by Google Play

    to enhance the trustworthiness and security of Android apps. It essentially adds verifiable metadata to an app's manifest, indicating its origin and distribution channel.

37. Signer #1 DN: CN=Somkiat, L=Bangkok, ST=Bangkok, C=TH key algorithm: RSA

    key size (bits): 2048 Source Stamp Signer DN: CN=Android, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US key algorithm: RSA key size (bits): 4096

38. Post-key rotation After rotating your app signing key, you must

    update the SHA-1 or SHA-256 fingerprint for any services used within your app, such as Firebase, Google APIs, or Digital Asset Links. Be sure to use the fingerprint of the new app signing key.

39. Create an keystore with keytool a command-line tool that comes

    bundled with the Java Development Kit (JDK). It's a powerful utility for managing cryptographic keys and certificates. Example directory on macOS /Applications/Android Studio.app/Contents/jbr/Contents/Home/bin/keytool

40. keytool -genkeypair \ -alias <alias_name> \ -keyalg RSA \ -sigalg

    RSASSA-PSS \ -keystore <file_name>.jks \ -keysize 4096 \ -validity 3650 \ # 10 years -storepass <keystore_password> \ -keypass <key_password> \ -dname "CN=Somkiat, L=Bangkok, ST=Bangkok, C=TH"

41. APK Signature analysis apksigner A command-line tool provided by Google

    as part of the Android SDK apksigtool a tool for parsing android APK Signing Blocks and verifying APK signatures https://github.com/obfusk/apksigtool

42. apksigner verify --print-certs -v <file>.apk Verified using v1 scheme (JAR

    signing): true Verified using v2 scheme (APK Signature Scheme v2): true Verified using v3 scheme (APK Signature Scheme v3): true Verified using v3.1 scheme (APK Signature Scheme v3.1): true Verified using v4 scheme (APK Signature Scheme v4): false Verified for SourceStamp: true Number of signers: 1 Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate DN: #### Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-256 digest: #### Signer (minSdkVersion=33, maxSdkVersion=2147483647) key algorithm: RSA Signer (minSdkVersion=33, maxSdkVersion=2147483647) key size (bits): 4096 Signer (minSdkVersion=33, maxSdkVersion=2147483647) public key SHA-256 digest: #### Signer (minSdkVersion=24, maxSdkVersion=32) certificate DN: #### Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-256 digest: #### Signer (minSdkVersion=24, maxSdkVersion=32) key algorithm: RSA Signer (minSdkVersion=24, maxSdkVersion=32) key size (bits): 2048 Signer (minSdkVersion=24, maxSdkVersion=32) public key SHA-256 digest: #### Source Stamp Signer certificate DN: #### Source Stamp Signer certificate SHA-256 digest: #### Source Stamp Signer key algorithm: RSA

43. apksigtool parse <file>.apk PAIR ID: 0x1b93ad61 APK SIGNATURE SCHEME v3.1

    BLOCK SIGNER 0 SIGNED DATA DIGEST 0 SIGNATURE ALGORITHM ID: 0x104 (RSASSA-PKCS1-v1_5 with SHA2-512 digest) CERTIFICATE 0 X.509 SUBJECT: #### PUBLIC KEY ALGORITHM: RSA PUBLIC KEY BIT SIZE: 4096 MIN SDK: 33 MAX SDK: 2147483647 MIN SDK: 33 MAX SDK: 2147483647 SIGNATURE 0 SIGNATURE ALGORITHM ID: 0x104 (RSASSA-PKCS1-v1_5 with SHA2-512 digest) PUBLIC KEY PUBLIC KEY ALGORITHM: RSA PUBLIC KEY BIT SIZE: 4096

44. Conclusion • Google Play manages key rotation for developers •

    Use a robust signature algorithm for your key • Keep your app signing key and upload key separate • Enable v3 and v4 scheme to leverage App Signing features • Disabling v1 scheme requires setting your app's minimum supported Android version to 7.0 (Nougat) or higher • Even with strong signing keys, apps can still be reverse engineered

45. App Signing https://source.android.com/docs/security/features/apksigning Use Play App Signing https://support.google.com/googleplay/android-developer/answer/9842756 apksigner https://developer.android.com/tools/apksigner

    APK Signing Block considerations https://gist.github.com/obfusk/31c332b884464cd8aa06ce1ba1583c05 Resources

46. Thank You! Somkiat Khitwongwattana Android GDE @akexorcist