4 Level of Android App Network Transmission Security : Create Secure Android App Tips | Whatsapp End-to-End encryption
We can apply 4 level of Security in Network Transmission inside Android App. Who is sending, why is sending or how he is sending : We can stop everyone for our app. Make your app Safe and Secure.
Things require
1. SSL enabled URL for api transmission
2. Network Config Settings using xml
Lets do know :
- Enable SSL transmission only or Keep track on urls
- Config TLSv1.2 Transmission
- Enable SHA 256 PIN -> Encryption/Decryption
- Enable System or Own CA’s for Transmission
Lets Code :
Enable SSL transmission only or Keep track on urls
Manifest Setting
android:networkSecurityConfig="@xml/network_security_config" //A file in XML resource folder
android:usesCleartextTraffic="false" //True if any of Non SSL link exist else False
network_security_config
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="false"> // true for non SSL, false for SSL enable links
<domain includeSubdomains="true">api.domain.com</domain>
</domain-config>
<debug-overrides></debug-overrides>
</network-security-config>
Config TLSv1.2 Transmission
in MyApplication Class Config for TLSv :override fun onCreate() {
super.onCreate()
try {
ProviderInstaller.installIfNeeded(applicationContext)
val sslContext = SSLContext.getInstance("TLSv1.2")
sslContext.init(null, null, null)
sslContext.createSSLEngine()
} catch (e: GooglePlayServicesRepairableException) {
e.printStackTrace()
} catch (e: GooglePlayServicesNotAvailableException) {
e.printStackTrace()
} catch (e: NoSuchAlgorithmException) {
e.printStackTrace()
} catch (e: KeyManagementException) {
e.printStackTrace()
}
}
Enable SHA 256 PIN -> Encryption/Decryption
Please follow the link to create get PIN Set — 256 SHA keys for Encryption Decryption using your SSL :
https://www.ssllabs.com/ssltest/analyze.html
Keep in mind we need to Pick 2 SHA key : Check their validity before taking it.
Write down your Domain and Get your 256 SHA from SSL Certificate
<?xml version="1.0" encoding="utf-8"?>
<network-security-config><domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">smilee.techcruzers.com</domain>
<pin-set>
<pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
<pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
</pin-set>
</domain-config>
<debug-overrides></debug-overrides>
</network-security-config>
Enable System or Own CA’s for Transmission
Their are 3 ways to mange Network Cerficate :
1. Using Android System :
<trust-anchors>
<certificates src="system" />
</trust-anchors>
2. Using User One :
<trust-anchors>
<certificates src="user" />
</trust-anchors>
3. Own CA file : From our SSL Certificate
CA files are used to createn your Android App own Transmission Certificate : Its basically nothing but a Fingureprint or Key file of your CA certificate you include on your Domain to enable SSL.
<trust-anchors>
<certificates src="@raw/my_ca" />
</trust-anchors>
Create a file in raw folder and paste your Key of SSL.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config> <domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">api.amazonaws.com</domain>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</domain-config>
<domain-config cleartextTrafficPermitted="false">
<domain includeSubdomains="true">api.domain.com</domain>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
<pin-set>
<pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
<pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
</pin-set>
</domain-config>
<base-config> // global config enviroment
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<debug-overrides>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
These are the Only steps you can easily implement for Secure Transmission in your App.
Their is another one : 5th Level : End-to-End Encyrption which is last and only aproach to enable Last bit Security using Public and Private key structure.
Will Show you another day : Happy Codiing