How to prevent the risk caused by the root of the mobile phone?

Posted by The Midnighter on Thu, 27 Jan 2022 01:59:38 +0100

Problem scenario

The new mobile phone is too expensive. Users want to buy it, but they suffer from limited funds. They go to the second-hand market and find that the price is much cheaper than the positive price in the market. They buy it immediately. Unexpectedly, the mobile phone has been used by the root. What can we do? Buying a mobile phone that has been root does not pose any risk to the root behavior itself, but adds a high risk to the environment in which the application runs. For example, a specific application installed by the root device is easy to be installed with malicious review viruses. These malicious reviews are easy to reduce the score of the application in the app store and eventually lead to the loss of users. On the other hand, the root device application faces the risk of illegal intrusion. Once it is illegally invaded, the advertisements in the application are deleted and the ad free version of the application is cracked, which is easy to bring direct benefit losses to the application.

It is impossible for developers to directly green the channels for users to buy mobile phones, and it is impossible to prohibit users from visiting the second-hand market or buying mobile phones from bad agents. It can not be stopped from the root. Once the mobile phone is damaged, it will cause unexpected consequences.

What is the root of the phone?

Simply put, "your mobile phone is root" means that the mobile phone has been granted the highest permission by a third party. He / she can access and modify almost all files in the mobile phone operating system at will.

What do you mean? Root is equivalent to the nerve center of the mobile phone. It can access and modify almost all the files of the mobile phone. These things may be things that the company making the mobile phone is unwilling to modify and touch, because they may affect the stability of the mobile phone and are easy to be invaded by some hackers.

What's the harm of Root?

From the definition of being root, once the mobile phone is root, it is equivalent to the nerve center being attacked, and the harm can be imagined. The specific manifestations are as follows:

  • Viruses and Trojans are easy to invade
  • The mobile phone system is unstable
  • After obtaining root permission, the mobile phone manufacturer does not give warranty
  • If the operation is wrong, the mobile phone system may be damaged

So what harm does the root phone do to developers?

As described in the problem scenario at the beginning, once the mobile phone is root, it may cause the application to be installed with malicious brush review virus, and the bad evaluation will reduce the score of the application in the app store, and finally lead to the loss of users; On the other hand, once the root device application is illegally invaded, the advertisements in the application will be deleted, or the ad free version will be cracked, and the direct interests of developers will be uncontrollably endangered.

How to prevent the risk caused by the root of the mobile phone?

To solve this problem, you need to call the system integrity detection capability of Huawei Safety Detect. System integrity detection capability, which can provide system integrity detection API to facilitate users to evaluate whether the device environment running their App is safe (whether it is root). This capability can save the test results at TEE level and can not be modified. It can ensure the application security to the greatest extent, and the integration is simple. The access can be completed with one person / day development workload. How to operate?

It is mainly divided into three steps:

1. Get nonce

When calling the Safety Detect SysIntegrity API, you must pass in a nonce value. The nonce value will be included in the detection result. You can verify the nonce value to ensure that the returned result can correspond to your request and is not attacked by replay. If the nonce value length exceeds the range of 16-66 bytes, the call will fail.

2. Request Safety Detect SysIntegrity

Safety Detect SysIntegrity provides two interfaces. Only the parameters of the call are different. The parameters that need to be passed in are nonce and APP ID. sysIntegrity(SysIntegrityRequest sysIntegrityRequest) The interface also needs to be SysIntegrityRequest The verification method of the incoming signature will be consistent with the alg in the Header of the JWS you obtained.

Nonce: the nonce value we obtained in the previous step.
APP ID: APP ID can be obtained in the following ways.
Log in to the AppGallery Connect website and click "my projects". Find your project in the project list, and click the application that needs to configure the signature certificate fingerprint in the project. In the application area of the Project Settings > General page, you can view the APP ID of the application.

private void invokeSysIntegrity() {
   SafetyDetectClient mClient = SafetyDetect.getClient(getActivity());
   // TODO(developer): Change the nonce generation to include your own, used once value,
   // ideally from your remote server.
   byte[] nonce = ("Sample" + System.currentTimeMillis()).getBytes();
   SysIntegrityRequest  sysintegrityrequest = new SysIntegrityRequest();
   sysintegrityrequest.setAppId("3*******");
   sysintegrityrequest.setNonce(nonce);
   sysintegrityrequest.setAlg(alg);                                                              
   Task task = mClient.sysIntegrity(sysintegrityrequest);
   task.addOnSuccessListener(new OnSuccessListener<SysIntegrityResp>() {
       @Override
       public void onSuccess(SysIntegrityResp response) {
           // Indicates communication with the service was successful.
           // Use response.getResult() to get the result data.
           String jwsStr = response.getResult();
       }
   }).addOnFailureListener(new OnFailureListener() {
       @Override
       public void onFailure(Exception e) {
           // An error occurred while communicating with the service.
           if (e instanceof ApiException) {
               // An error with the HMS API contains some
               // additional details.
               ApiException apiException = (ApiException) e;
               // You can retrieve the status code using
               // the apiException.getStatusCode() method.
               Log.e(TAG, "Error: " + SafetyDetectStatusCodes.getStatusCodeString(apiException.getStatusCode()) + ": " + apiException.getMessage());
           } else {
               // A different, unknown type of error occurred.
               Log.e(TAG, "ERROR:" + e.getMessage());
           }
       }
   });
}

3. Verify the test results in the server.
Send the verification result to the Huawei server to verify the accuracy of the certificate, and return the verification result through sysintegrity resp. Use the getResult method of this object to obtain the response in the form of JSON WEB signature (JWS).

a. Parse JWS and obtain header, payload and signature.
b. Obtain the certificate chain from the header and verify it with Huawei CBG Root CA certificate.
c. Ye Zhengshu domain name in the verification certificate chain, domain name: sysintegrity platform. hicloud. com.
d. Get the signature from signature and verify its signature.
e. Obtain the integrity verification results from the payload. The format and sample excerpts are as follows:

{
         "advice": "RESTORE_TO_FACTORY_ROM",
         "apkCertificateDigestSha256": ["gwpz0q/WtjtJZZK5lTXl74fI/8QAKGLAhdhlznKkLhQ="],
         "apkDigestSha256": "nBrInk2DLVQrgcQ1DXYnIUIMnjJ+mVo0lwUicF7OzJM=",
         "apkPackageName": "com.huawei.hms.safetydetectsample",
         "appId": "1*******",
         "basicIntegrity": false,
         "detail": ["root", "unlocked"],
         "nonce": "UjJScmEyNGZWbTV4YTJNZw==",
         "timestampMs": 1612683290520
}

When the basic integrity in the detection result is false, you can decide whether to remind the user according to the security requirements of your own functions.

>>Visit the official website of Huawei security detection service for more information
>>Obtain Huawei security detection service development guidance document
>>Huawei HMS Core official forum
>>Huawei security detection service open source warehouse address: GitHub,Gitee

Click the attention on the right side of the avatar in the upper right corner to learn the latest technology of Huawei mobile services for the first time~

Topics: Design Pattern security