Open in app

Sign in

Write

Sign in

4 Level of Android App Network Transmission Security : Create Secure Android App Tips | Whatsapp End-to-End encryption

Android Code Lab
AndroidCodeLab
Published in
3 min readJul 13, 2020
Android Secure Network Transmission Tips

We can apply 4 level of Security in Network Transmission inside Android App. Who is sending, why is sending or how he is sending : We can stop everyone for our app. Make your app Safe and Secure.

Things require
1. SSL enabled URL for api transmission
2. Network Config Settings using xml

Lets do know :

  1. Enable SSL transmission only or Keep track on urls
  2. Config TLSv1.2 Transmission
  3. Enable SHA 256 PIN -> Encryption/Decryption
  4. Enable System or Own CA’s for Transmission

Lets Code :

Enable SSL transmission only or Keep track on urls

Manifest Setting

android:networkSecurityConfig="@xml/network_security_config" //A file in XML resource folder
android:usesCleartextTraffic="false" //True if any of Non SSL link exist else False

network_security_config

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="false"> // true for non SSL, false for SSL enable links
        <domain includeSubdomains="true">api.domain.com</domain>
    </domain-config>
    <debug-overrides></debug-overrides>
</network-security-config>

Config TLSv1.2 Transmission

in MyApplication Class Config for TLSv :override fun onCreate() {
        super.onCreate()
          try {
            ProviderInstaller.installIfNeeded(applicationContext)
            val sslContext = SSLContext.getInstance("TLSv1.2")
            sslContext.init(null, null, null)
            sslContext.createSSLEngine()
        } catch (e: GooglePlayServicesRepairableException) {
            e.printStackTrace()
        } catch (e: GooglePlayServicesNotAvailableException) {
            e.printStackTrace()
        } catch (e: NoSuchAlgorithmException) {
            e.printStackTrace()
        } catch (e: KeyManagementException) {
            e.printStackTrace()
        }
}

Enable SHA 256 PIN -> Encryption/Decryption

Please follow the link to create get PIN Set — 256 SHA keys for Encryption Decryption using your SSL :
https://www.ssllabs.com/ssltest/analyze.html

Keep in mind we need to Pick 2 SHA key : Check their validity before taking it.

Write down your Domain and Get your 256 SHA from SSL Certificate

<?xml version="1.0" encoding="utf-8"?>
<network-security-config><domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">smilee.techcruzers.com</domain>
        
        <pin-set>
            <pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
            <pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
        </pin-set>
    </domain-config>
   
    <debug-overrides></debug-overrides>
</network-security-config>

Enable System or Own CA’s for Transmission

Their are 3 ways to mange Network Cerficate :

1. Using Android System :

<trust-anchors>
            <certificates src="system" />
</trust-anchors>

2. Using User One :

<trust-anchors>
            <certificates src="user" />
</trust-anchors>

3. Own CA file : From our SSL Certificate

CA files are used to createn your Android App own Transmission Certificate : Its basically nothing but a Fingureprint or Key file of your CA certificate you include on your Domain to enable SSL.

<trust-anchors>
            <certificates src="@raw/my_ca" />
</trust-anchors>

Create a file in raw folder and paste your Key of SSL.

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">api.amazonaws.com</domain>
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </domain-config>
    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">api.domain.com</domain>
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
        <pin-set>
            <pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
            <pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
        </pin-set>
    </domain-config>
    <base-config> // global config enviroment
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
    <debug-overrides>
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </debug-overrides>
</network-security-config>

These are the Only steps you can easily implement for Secure Transmission in your App.

Their is another one : 5th Level : End-to-End Encyrption which is last and only aproach to enable Last bit Security using Public and Private key structure.
Will Show you another day : Happy Codiing

Android App Security
Build Secure Apps
Netowork Security Android
Secure Network Android
Safe App

--

--

Android Code Lab
AndroidCodeLab

Written by Android Code Lab

27 Followers
Editor for

Android Code Lab is a world for Android Nerds which provide Android libraries, codelabs, tutorials, Custom code classes and many more to make you 0 to infinity.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams