[guardian-dev] TOFU/POP: Whole APK Hash?

Hans-Christoph Steiner hans at guardianproject.info
Wed Jan 29 18:51:04 EST 2014

Sounds like you understand correctly.  The whole APK hash is a defense against
things like the master key vulnerability, but yes, it would be a pain in the
ass to make easy to use.  For people who need that

For the specific master key bug, it would be possible to incorporate a check
for master key exploits in the APK as part of this Intent framework, but then
that would leave things open to future exploits of the odd signing format of
JARs/APKs (i.e. the signature does not cover the whole package, since its
included in the package).

As for implementations of these ideas, we have bits and pieces here and there,
but no coherent whole.  The goal is to make the useful parts into a
easy-to-use library.


On 01/29/2014 06:44 PM, Mark Murphy wrote:
> I read your blog post:
> https://guardianproject.info/2014/01/21/improving-trust-and-flexibility-in-interactions-between-android-apps/
> Is the whole-APK hash there because of the master key vulnerability? Or
> is there another attack by which the signature would appear valid but
> the APK be hacked? Or am I missing something in my current
> sleep-deprived state? :-)
> A whole-APK hash itself becomes invalid on every update of the
> to-be-hashed app. If every time the other app updates, we ask the user
> to confirm the pinned app, aren't we at risk of having the user "tune
> out" these confirmations?
> You have thought about this a lot more than I have, so I'm just curious
> as to the rationale, that's all. I cover the signature check approach in
> my book, and I'm just trying to determine if I need to be extending that
> to evangelize the whole-APK hash.
> BTW, you don't happen to have a library that implements these checks,
> with the pinning and all, do you? 
> Thanks!

PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

More information about the Guardian-dev mailing list