Abstract
Current mobile app distribution systems use (asymmetric) digital signatures to ensure integrity and authenticity for their apps. However, there are realistic threat models under which trust in such signatures is compromised. One example is an unconsciously leaked signing key that allows an attacker to distribute malicious updates to an existing app; other examples are intentional key sharing as well as insider attacks. Recent app store policy changes like Google Play Signing (and other similar OEM and free app stores like F-Droid) are a practically relevant case of intentional key sharing: such distribution systems take over key handling and create app signatures themselves, breaking up the previous end-to-end verifiable trust from developer to end-user device. This paper addresses these threats by proposing a system design that incorporates transparency logs and end-to-end verification in mobile app distribution systems to make unauthorized distribution attempts transparent and thus detectable. We analyzed the relevant security considerations with regard to our threat model as well as the security implications in the case where an attacker is able to compromise our proposed system. Finally, we implemented an open-source prototype extending F-Droid, which demonstrates practicability, feasibility, and performance of our proposed system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
As developer identities are not directly verified by most Android app distribution systems, authenticity of signing keys is typically only guaranteed in the Trust-on-First-Use (TOFU) model.
- 2.
We consider a particular tree to be fully represented by its root hash, which can in turn be contained within an updated or larger tree with a different root hash. Within the scope of inclusion proofs we thus use the terms ‘tree’ and ‘root hash’ interchangeably wrt. the provided security guarantee.
- 3.
- 4.
Payment and IP protection mechanisms are already addressed in existing systems and considered out of scope of the threat model in this paper.
- 5.
Note that global passive adversaries may learn which apps are installed by clients by monitoring transmitted inclusion proofs, leaf log entries, and/or the embedded APK metadata. However, as there are many other ways to learn the same information under our threat model, we consider this as out of scope and not a reason for keeping such data confidential.
- 6.
https://f-droid.org/repo/index-v2.json (accessed: 2023-02-07).
- 7.
In terms of efficiency comparison, we are not even assuming proof-of-work consensus algorithms, but permissioned ledgers comparable to the authentication of submitters performed by the personality.
References
Aryan, S., Aryan, H., Halderman, J.A.: Internet censorship in Iran: a first look. In: 3rd USENIX Workshop on Free and Open Communications on the Internet (FOCI 2013), Washington, DC, USA. USENIX Association (2013). https://www.usenix.org/conference/foci13/workshop-program/presentation/aryan
Barrera, D., McCarney, D., Clark, J., van Oorschot, P.C.: Baton: certificate agility for android’s decentralized signing infrastructure. In: WiSec 2014: Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks, Oxford, United Kingdom, pp. 1–12. ACM (2014). https://doi.org/10.1145/2627393.2627397
Basin, D., Cremers, C., Kim, T.H.J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: CCS 2014: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, pp. 382–393. ACM (2014). https://doi.org/10.1145/2660267.2660298
Chacon, S., Straub, B.: Pro Git, 2nd edn. Apress, Berkeley (2022). https://git-scm.com/book/en/v2
Coufalìková, A., Klaban, I., Šlajs, T.: Complex strategy against supply chain attacks. In: 2021 International Conference on Military Technologies (ICMT), Brno, Czech Republic, pp. 1–5. IEEE (2021). https://doi.org/10.1109/ICMT52455.2021.9502768
Cutter, A., Drysdale, D.: Trillian Personalities (2022). https://github.com/google/trillian/blob/05001d1876f9340e42ba8b839c94e1b79246207b/docs/Personalities.md
Di Pierro, M.: What is the blockchain? Comput. Sci. Eng. 19(5), 92–95 (2017). https://doi.org/10.1109/MCSE.2017.3421554
Eijdenberg, A., Laurie, B., Cutter, A.: Verifiable data structures (2015). https://github.com/google/trillian/blob/30160804ab5203cde4412fe26f55a4149112bd92/docs/papers/VerifiableDataStructures.pdf
F-Droid: Docs - F-Droid - Free and Open Source Android App Repository (2023). https://f-droid.org/docs/. Accessed 23 Jan 2023
Google: Certificate Transparency (2023). https://certificate.transparency.dev/. Accessed 23 Jan 2023
Google: How Log Proofs Work - Certificate Transparency (2023). https://sites.google.com/site/certificatetransparency/log-proofs-work. Accessed 23 Jan 2023
Google: Use Play App Signing - Play Console Help (2023). https://support.google.com/googleplay/android-developer/answer/9842756. Accessed 12 Jan 2023
Herr, T., Loomis, W., Scott, S., Lee, J., Schroeder, E.: Breaking Trust - Shades of Crisis Across an Insecure Software Supply Chain (2021). https://www.usenix.org/conference/enigma2021/presentation/herr
Kumar, R., Virkud, A., Raman, R.S., Prakash, A., Ensafi, R.: A large-scale investigation into geodifferences in mobile apps. In: Proceedings of the 31st USENIX Security Symposium (USENIX Security 2022), Boston, MA, USA, pp. 1203–1220. USENIX Association (2022). www.usenix.org/conference/usenixsecurity22/presentation/kumar
Laurie, B., Langley, A., Kasper, E.: RFC 6962: Certificate Transparency (2013). https://doi.org/10.17487/RFC6962
Laurie, B., Messeri, E., Stradling, R.: RFC 9162: Certificate Transparency Version 2.0 (2021). https://doi.org/10.17487/RFC9162
Mayrhofer, R., Stoep, J.V., Brubaker, C., Kralevich, N.: The Android platform security model. ACM Trans. Priv. Secur. 24(3), 1–35 (2021). https://doi.org/10.1145/3448609
Meiklejohn, S., et al.: Think global, act local: gossip and client audits in verifiable data structures. Computing Research Repository (CoRR) (2020). arXiv:2011.04551. https://doi.org/10.48550/ARXIV.2011.04551
Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: Proceedings of the 24th USENIX Security Symposium (USENIX Security 2015), Washington, DC, USA, pp. 383–398. USENIX Association (2015). https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/melara
Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_32
Mozilla: Certificate Transparency (2023). https://developer.mozilla.org/en-US/docs/Web/Security/Certificate_Transparency. Accessed 23 Jan 2023
Nicas, J., Zhong, R., Wakabayashi, D.: Censorship, surveillance and profits: a hard bargain for Apple in China. The New York Times (2021). https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html. Accessed 23 Jan 2023
Nikitin, K., et al.: CHAINIAC: proactive software-update transparency via collectively signed skipchains and verified builds. In: Proceedings of the 26th USENIX Security Symposium (USENIX Security 2017), Vancouver, BC, Canada, pp. 1271–1287. USENIX Association (2017). www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/nikitin
Nordberg, L., Gillmor, D.K., Ritter, T.: Gossiping in CT. Internet-Draft draft-ietf-trans-gossip-05, Internet Engineering Task Force (2018). https://datatracker.ietf.org/doc/draft-ietf-trans-gossip/05/. Work in Progress
Steiner, H.C.: Binary Transparency Log for https://guardianproject.info/fdroid (2023). https://github.com/guardianproject/binary_transparency_log. Accessed 23 Jan 2023
Syta, E., et al.: Keeping authorities “honest or bust” with decentralized witness cosigning. In: 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, pp. 526–545. IEEE (2016). https://doi.org/10.1109/SP.2016.38
The MITRE Corporation: Supply Chain Compromise (2023). https://attack.mitre.org/techniques/T1195/. Accessed 23 Jan 2023
The Tor Project: Tor Project - Anonymity Online (2023). https://www.torproject.org/. Accessed 07 Feb 2023
Acknowledgment
This work has been carried out within the scope of Digidow, the Christian Doppler Laboratory for Private Digital Authentication in the Physical World and has partially been supported by the LIT Secure and Correct Systems Lab. We gratefully acknowledge financial support by the Austrian Federal Ministry of Labour and Economy, the National Foundation for Research, Technology and Development, the Christian Doppler Research Association, 3 Banken IT GmbH, ekey biometric systems GmbH, Kepler Universitätsklinikum GmbH, NXP Semiconductors Austria GmbH & Co KG, Österreichische Staatsdruckerei GmbH, and the State of Upper Austria.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Availability
A Availability
Our prototype implementation consists of the following component repositories and is publicly available.
-
F-Droid server: The relevant source code segments have been extracted from the fork of the official F-Droid server code. Source Code: https://github.com/mobilesec/fdroidserver_transparencyextension
-
Personality: The personality project contains the code for the application-specific interface between the client library, the F-Droid server, and the Google Trillian logging infrastructure. Source Code: https://github.com/mobilesec/mobiletransparency-personality
-
Android library: The Android library project contains the code for the end-to-end verification of APK files. Source Code: https://github.com/mobilesec/mobiletransparency-androidlibrary
-
Evaluation setup: Contains the test script, configuration file and reference data of our performance evaluation. Source Code: https://github.com/mobilesec/mobiletransparency-data
We also provide a running personality with this version of the codebase along with a transparency log running the unmodified Google Trillian case (from https://github.com/google/trillian) that has been pre-filled with APK metadata from the index of the official F-Droid repository as well as some of our test apps using the Android library for verification. It is available through a Tor Onion service at http://madtl6agno7zze4ll66ylxmb4lkmb72attwfhcmfbspyx35v4e6ut5ad.onion/Log/ListTrees.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Lins, M., Mayrhofer, R., Roland, M., Beresford, A.R. (2024). Mobile App Distribution Transparency (MADT): Design and Evaluation of a System to Mitigate Necessary Trust in Mobile App Distribution Systems. In: Fritsch, L., Hassan, I., Paintsil, E. (eds) Secure IT Systems. NordSec 2023. Lecture Notes in Computer Science, vol 14324. Springer, Cham. https://doi.org/10.1007/978-3-031-47748-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-47748-5_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47747-8
Online ISBN: 978-3-031-47748-5
eBook Packages: Computer ScienceComputer Science (R0)