Slide 1

Slide 1 text

Why App Signing Matters for Your Android Apps Somkiat Khitwongwattana Android GDE @akexorcist

Slide 2

Slide 2 text

What’s App Signing in Android? Part of the Android app development process to ensure the integrity and authenticity of your app, and it's required for publishing your app on Google Play. .aab

Slide 3

Slide 3 text

Benefit Ensure that the app you release is the same app that you developed Security Integrity Ensure that the app you release is the same app that you developed

Slide 4

Slide 4 text

Signing Process .aab Signing Key

Slide 5

Slide 5 text

APK Signature Scheme This process verifies the authenticity and integrity of Android application packages (APKs), ensuring they haven't been tampered with and originate from the expected developer.

Slide 6

Slide 6 text

APK Signature Scheme ● Developed specifically for APK files ● Covers all files within the APK v2+ Scheme v1 Scheme ● Based on JAR Signing ● Doesn't cover all files in the APK

Slide 7

Slide 7 text

APK Signature Scheme ● Version 2 ● Version 3 ● Version 3.1 ● Version 4 v2+ Scheme v1 Scheme ● Version 1

Slide 8

Slide 8 text

v2+ Scheme Before Signing After Signing Contents of ZIP entries Central Directory End of Central Directory APK Signing Block Contents of ZIP entries Central Directory End of Central Directory

Slide 9

Slide 9 text

Signature Algorithm ● RSASSA-PSS with SHA2-256 digest, 32 bytes of salt ● RSASSA-PSS with SHA2-512 digest, 64 bytes of salt ● RSASSA-PKCS1-v1_5 with SHA2-256 digest ● RSASSA-PKCS1-v1_5 with SHA2-512 digest ● ECDSA with SHA2-256 digest ● ECDSA with SHA2-512 digest ● DSA with SHA2-256 digest

Slide 10

Slide 10 text

Signature Algorithm Supported keys sizes and EC curves ● RSA 1024, 2048, 4096, 8192, 16384 ● EC NIST P-256, P-384, P-521 ● DSA 1024, 2048, 3072

Slide 11

Slide 11 text

APK Signature Scheme v1 Supported across all Android versions Based on a technology called JAR signing, which has been used for a long time to secure Java programs. Not recommended for security and performance reasons

Slide 12

Slide 12 text

APK Signature Scheme v2 Android 7.0 (Nougat) or higher More robust way to verify the authenticity and integrity of Android application packages (APKs). It's like a tamper-evident seal for your app, ensuring that it hasn't been modified and truly comes from the developer you expect. ● Speeds up app installation times ● Verifies the integrity of the entire APK file ● Smaller APK file size

Slide 13

Slide 13 text

APK Signature Scheme v2 Android 7.0 (Nougat) or higher ● APK Signing Block ● Hashing and Signing ● Verification

Slide 14

Slide 14 text

APK Signature Scheme v3 Android 9 (Pie) or higher Builds upon the strong foundation of v2, adding a critical feature: key rotation. This allows developers to change their signing keys without disrupting app updates for users. ● Strengthens security and enables future cryptographic upgrades. ● Seamless updates from key rotation without any disruption or reinstallation

Slide 15

Slide 15 text

APK Signature Scheme v3 Android 9 (Pie) or higher ● Proof-of-Rotation ● Multiple Signers ● Verification with Key Rotation

Slide 16

Slide 16 text

APK Signature Scheme v4 Android 11 (R) or higher Employs a detached signature format. This means the signature is stored in a separate file, offering several advantages. Streaming installations, where apps can be used even while they are still being downloaded.

Slide 17

Slide 17 text

APK Signature Scheme v4 Android 11 (R) or higher ● Merkle Hash Tree ● Streaming-compatible Signing Scheme ● Incremental App Update Supports ● Verification with .idsig file

Slide 18

Slide 18 text

APK Signature Scheme v3.1 Android 13 (T) or higher Builds upon the key rotation capabilities of v3, addressing some of its limitations and offering a smoother experience for developers and users. ● Strengthens security and enables future cryptographic upgrades. ● Specify a target SDK version for each signing key in the rotation chain. ● Backward compatible with v3 ● v4 compatible

Slide 19

Slide 19 text

No content

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

// build.gradle.kts (:app) android { ... signingConfigs { create("release") { ... enableV3Signing = true enableV4Signing = true } } }

Slide 22

Slide 22 text

Play App Signing Google manages and protects your app's signing key for you and uses it to sign optimized distribution APKs that are generated from your app bundles. Keys are protected by Google’s Key Management Service.

Slide 23

Slide 23 text

Signing Process Upload Key .aab

Slide 24

Slide 24 text

Signing Process .aab App Signing Key

Slide 25

Slide 25 text

The key you use to sign your app bundle before you upload it on Google Play. Upload Key App Signing Key The key Google Play uses to sign the APKs that are delivered to a user's device.

Slide 26

Slide 26 text

Play Encrypt Private Key tool PEPK tool A tool to export private keys from a Java keystore and encrypt them for transfer to Google Play.

Slide 27

Slide 27 text

No content

Slide 28

Slide 28 text

No content

Slide 29

Slide 29 text

RSA key with 4096 bits (RSASSA_PKCS1V15) Play App Signing RSA key with 1024 bits (RSASSA_PKCS1V15) Android Studio Up to you keytool (CLI) For strong encryption strength, RSASSA-PSS with 4096 bits is recommended

Slide 30

Slide 30 text

● Android 13 (T) and above ● Android 7.0 (Nougat) to Android 12 (S) ● Below Android 7.0 (Nougat) Key upgrades on Google Play

Slide 31

Slide 31 text

Key upgrades on Google Play Android 13 (T) and above The Android platform enforces the usage of the upgraded key.

Slide 32

Slide 32 text

Key upgrades on Google Play Android 7.0 (Nougat) to Android 12 (S) The Android platform does not enforce the usage of this upgraded key and still recognizes the legacy signing key as the app signing key. Google Play Protect will check that app updates are signed with your upgraded key, unless turned off by the user.

Slide 33

Slide 33 text

Key upgrades on Google Play Below Android 7.0 (Nougat) Use the legacy signing key as the app signing key.

Slide 34

Slide 34 text

Dual Signing Android 13 and higher will use the new key, older versions will use the old key. Google Play Protect Verifies that app updates are signed with the upgraded key. Provide an extra layer of security without fully enforcing the new key at the platform level. Google Play’s approach to key upgrades

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

Source Stamp Signer A security feature introduced by Google Play to enhance the trustworthiness and security of Android apps. It essentially adds verifiable metadata to an app's manifest, indicating its origin and distribution channel.

Slide 37

Slide 37 text

Signer #1 DN: CN=Somkiat, L=Bangkok, ST=Bangkok, C=TH key algorithm: RSA key size (bits): 2048 Source Stamp Signer DN: CN=Android, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US key algorithm: RSA key size (bits): 4096

Slide 38

Slide 38 text

Post-key rotation After rotating your app signing key, you must update the SHA-1 or SHA-256 fingerprint for any services used within your app, such as Firebase, Google APIs, or Digital Asset Links. Be sure to use the fingerprint of the new app signing key.

Slide 39

Slide 39 text

Create an keystore with keytool a command-line tool that comes bundled with the Java Development Kit (JDK). It's a powerful utility for managing cryptographic keys and certificates. Example directory on macOS /Applications/Android Studio.app/Contents/jbr/Contents/Home/bin/keytool

Slide 40

Slide 40 text

keytool -genkeypair \ -alias \ -keyalg RSA \ -sigalg RSASSA-PSS \ -keystore .jks \ -keysize 4096 \ -validity 3650 \ # 10 years -storepass \ -keypass \ -dname "CN=Somkiat, L=Bangkok, ST=Bangkok, C=TH"

Slide 41

Slide 41 text

APK Signature analysis apksigner A command-line tool provided by Google as part of the Android SDK apksigtool a tool for parsing android APK Signing Blocks and verifying APK signatures https://github.com/obfusk/apksigtool

Slide 42

Slide 42 text

apksigner verify --print-certs -v .apk Verified using v1 scheme (JAR signing): true Verified using v2 scheme (APK Signature Scheme v2): true Verified using v3 scheme (APK Signature Scheme v3): true Verified using v3.1 scheme (APK Signature Scheme v3.1): true Verified using v4 scheme (APK Signature Scheme v4): false Verified for SourceStamp: true Number of signers: 1 Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate DN: #### Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-256 digest: #### Signer (minSdkVersion=33, maxSdkVersion=2147483647) key algorithm: RSA Signer (minSdkVersion=33, maxSdkVersion=2147483647) key size (bits): 4096 Signer (minSdkVersion=33, maxSdkVersion=2147483647) public key SHA-256 digest: #### Signer (minSdkVersion=24, maxSdkVersion=32) certificate DN: #### Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-256 digest: #### Signer (minSdkVersion=24, maxSdkVersion=32) key algorithm: RSA Signer (minSdkVersion=24, maxSdkVersion=32) key size (bits): 2048 Signer (minSdkVersion=24, maxSdkVersion=32) public key SHA-256 digest: #### Source Stamp Signer certificate DN: #### Source Stamp Signer certificate SHA-256 digest: #### Source Stamp Signer key algorithm: RSA

Slide 43

Slide 43 text

apksigtool parse .apk PAIR ID: 0x1b93ad61 APK SIGNATURE SCHEME v3.1 BLOCK SIGNER 0 SIGNED DATA DIGEST 0 SIGNATURE ALGORITHM ID: 0x104 (RSASSA-PKCS1-v1_5 with SHA2-512 digest) CERTIFICATE 0 X.509 SUBJECT: #### PUBLIC KEY ALGORITHM: RSA PUBLIC KEY BIT SIZE: 4096 MIN SDK: 33 MAX SDK: 2147483647 MIN SDK: 33 MAX SDK: 2147483647 SIGNATURE 0 SIGNATURE ALGORITHM ID: 0x104 (RSASSA-PKCS1-v1_5 with SHA2-512 digest) PUBLIC KEY PUBLIC KEY ALGORITHM: RSA PUBLIC KEY BIT SIZE: 4096

Slide 44

Slide 44 text

Conclusion ● Google Play manages key rotation for developers ● Use a robust signature algorithm for your key ● Keep your app signing key and upload key separate ● Enable v3 and v4 scheme to leverage App Signing features ● Disabling v1 scheme requires setting your app's minimum supported Android version to 7.0 (Nougat) or higher ● Even with strong signing keys, apps can still be reverse engineered

Slide 45

Slide 45 text

App Signing https://source.android.com/docs/security/features/apksigning Use Play App Signing https://support.google.com/googleplay/android-developer/answer/9842756 apksigner https://developer.android.com/tools/apksigner APK Signing Block considerations https://gist.github.com/obfusk/31c332b884464cd8aa06ce1ba1583c05 Resources

Slide 46

Slide 46 text

Thank You! Somkiat Khitwongwattana Android GDE @akexorcist