Downloading Private Apps on Google Play Answers to Common Questions About Play App Signing

Total Page:16

File Type:pdf, Size:1020Kb

Downloading Private Apps on Google Play Answers to Common Questions About Play App Signing downloading private apps on google play Answers to common questions about Play App Signing. Android apps are cryptographically signed by the developer. This allows the package manager on the user’s device to verify that every app update comes from the same source and that it hasn’t been tampered with. Google Play also enforces this signature check when you upload your APK to the Google Play Console, so that even if someone had your login credentials it would be impossible to send a malicious update without also having access to your private key. Historically, developers were responsible for generating their own private keys and keeping them safe throughout the application’s lifetime. While this offered a lot of flexibility, it was also prone to mistakes: generating weak keys, accidentally checking in your private key to a public repository or even losing it altogether are just a few common ones that happen routinely even to seasoned developers. Nowadays developers have a compelling alternative to managing keys themselves: Play App Signing , in which the upload key (the one you use to upload your artifacts to Google Play) and the app signing key (the one used to sign APKs distributed to devices) can be separate, and the app signing key is stored securely on Google’s infrastructure. Even though many other popular platforms treat distribution keys this way, for many developers it’s a departure from the previous Android signing model, and some developers may feel like they’re giving up too much control over their apps. That’s why, I want to dispel some common misconceptions about Play App Signing, as well as give guidance on specific scenarios that you might encounter. This advice is based on questions our Developer Relations team has heard from developers at conferences, in online forums and our 1:1 chats. Let’s start with the most compelling reason to switch to Play App Signing: 1. I’ve lost the key used for signing release artifacts that I upload to Google Play. What are my options? Without Play App Signing : Without the app signing key, there’s nothing you or Google can do to continue updating your app due to security protections built into Android. Your only option is to create a new store listing with a new package name and start from scratch. With Play App Signing : You can request a new upload key. Play will be able to continue signing your app updates with the app signing key, which is securely stored by Google. If I were to name one reason that speaks for the adoption of app signing, it would be the one above. But before we go further and talk about specific scenarios that app signing can help you remediate (there are more!), let’s pause to answer a meta-question first: 2. Why does Google want developers to switch to Play App Signing? Google Play’s first priority is to build a trusted, safe, and secure platform for billions of users and millions of developers for many years into the future. The sustainability and success of the ecosystem depends on this. Most developers cannot match the level of security that Google can offer. The new app model, where Play ingests publishing artifacts and generates signed artifacts is designed to minimize the surfaces where the signing keys could be exposed. It is not only secure, but also more efficient, and future-looking with benefits for end-users and developers alike. For example, a number of apps currently on the Play Store still haven’t adopted the more secure v2 signing scheme. Once enrolled into Play App Signing, apps benefit from the new protections and future enhancements automatically, without developer work required. And finally, separating the publishing format (using Android App Bundles) from the serving format (split APKs) unlocks benefits for developers and users alike: from increased security, to optimization, reduced complexity and fragmentation. In order to do this, however, Play must have the ability to sign the serving artifacts. Some examples of features available right now are automatic size optimizations for app delivery, as well as new customizable delivery options for modules in your app. More importantly, it gives us a way to evolve and improve the delivery mechanisms in the future, while ensuring the trust and safety of the distributed artifacts. Even though we continue to improve our serving stack, we don’t modify and distribute your application code without your knowledge and approval, and the new optimizations Play performs are available for your inspection in the open source bundletool . Later in this FAQ I discuss some of the metadata (metadata which doesn’t impact how your app works) differences you might see between artifacts downloaded from Play and generated locally. 3. My app signing key was generated many years ago and I’m afraid its cryptographic strength no longer meets today’s standards or I believe that my app signing key has leaked. What can I do to upgrade? Without Play App Signing : As previously mentioned, you cannot simply switch to a new key, as that would mean your existing users would not be able to get app updates. You either have to continue using your existing key and risk the safety of your users’ data or start a new app entry from scratch. With Play App Signing: If you are using a weak key or your key was compromised, you can upgrade your app signing key for new installs. This works by delivering APKs signed with your legacy key to existing users when they update the app, while fresh app installations get APKs signed with the upgraded, secure key. Consider enabling app signing now and switching to using a separate upload key as soon as possible, reducing the likelihood of ever compromising the app signing key. The current process of upgrading to a new key is not instantaneous and if the app signing key leaks, your existing users will be at risk until they reinstall the app or move to a new device. Please note that the current key upgrade process does not take advantage of the key rotation feature introduced in Android 9 (Pie) and above. We are currently investigating support for key rotation using app signing v3 for devices on these OS versions and will let the developer community know once it’s ready in a separate announcement. 4. The upload key I used for signing my artifacts was stolen. What are my options? Without Play App Signing : There is no concept of a separate “upload key”, so if your release signing key leaks, you could be in big trouble: someone could create malicious or unauthorized versions of your app that would be indistinguishable (and updateable!) from your original APKs. Of course, Google account protection applies to Google Play Console access (and we recommend developers enable 2-step verification), so the attacker would still have to find a way to trick a user into sideloading such a modified APK. Nevertheless, your app’s security is weakened. Refer to the question 3. above about a compromised app signing key to see what kind of remediations are available, including key upgrade for new installs. With Play App Signing : If your upload key is separate from your app signing key (which I cannot recommend highly enough), and the upload key is the one that leaked, that means your users’ data is safe — the upload key is not enough for an attacker to be able to impersonate APKs signed with the app signing key. Simply request a new upload key. If you continued to use your app signing key for uploading to Play when you first enabled app signing, and that app signing key leaked, you are in a bit of a worse situation, but app signing can still remedy the problem. Follow the advice on how to upgrade your key for new installs. 5. I enabled Play App Signing for my app, but I changed my mind and would like to download the app signing key that is stored on Google’s infrastructure. It’s not possible for you, or anyone else on your developer account, to download and save the private key for your app that’s stored on Google’s secure infrastructure. This is to ensure the protection of your app signing key. If you foresee a situation in which you will need continued access to your app signing key, you should do the following when enabling app signing: Do not select the option for Google Play to generate the app signing key for you. Generate your signing key locally on your machine instead. Securely transfer your key to Google Play, and do not delete it from your machine. Keep the key secure , ensuring it doesn’t leak to third parties. Make sure to create and test backups of your key regularly, as you will not be able to download it from Google in case you lose it. These steps are explained in the documentation. Look for the instructions on how to “ opt in for an existing app ” to see how to encrypt your signing key to upload it to the Google Play Console from Android Studio or the command line. If you are absolutely sure you will not need continued access to your private app signing key, we recommend that you either let Play generate your key (for new apps) or that you delete your copy after transferring it to Play, and switch to using an upload key. The upload key can be reset, and it doesn’t compromise your users’ security in case it leaks. 6.
Recommended publications
  • Capitol Murder
    CAPITOL MURDER A THESIS SUBMITTED TO THE GRADUATE DIVISION OF THE UNIVERSITY OF HAWAI‘I AT MĀNOA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF ARTS IN ENGLISH DECEMBER 2012 By Sara M. K. Young Thesis Committee: Rodney Morales, Chairperson Cynthia Franklin Gary Pak ACKNOWLEDGMENTS I would like to thank the following people for their assistance with my thesis: Kai Lau, for providing his knowledge of information technology systems; Gary Pak and Cynthia Franklin, for their instruction and participation; Instructor Shawna Yang Ryan and my ENG 613C Fiction Workshop classmates for Spring and Fall 2012, for their commentary and feedback on my workshop drafts; Rodney Morales, for his literary guidance, mentorship, and overall advice; and Marcus Hayden, for his continuous encouragement and support. i TABLE OF CONTENTS ACKNOWLEDGMENTS ................................................................................................... i PROLOGUE ....................................................................................................................... 1 CHAPTER 1 ....................................................................................................................... 6 CHAPTER 2 ..................................................................................................................... 27 CHAPTER 3 ..................................................................................................................... 52 CHAPTER 4 ....................................................................................................................
    [Show full text]
  • Linux Networking Cookbook.Pdf
    Linux Networking Cookbook ™ Carla Schroder Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Linux Networking Cookbook™ by Carla Schroder Copyright © 2008 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Mike Loukides Indexer: John Bickelhaupt Production Editor: Sumita Mukherji Cover Designer: Karen Montgomery Copyeditor: Derek Di Matteo Interior Designer: David Futato Proofreader: Sumita Mukherji Illustrator: Jessamyn Read Printing History: November 2007: First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. The Cookbook series designations, Linux Networking Cookbook, the image of a female blacksmith, and related trade dress are trademarks of O’Reilly Media, Inc. Java™ is a trademark of Sun Microsystems, Inc. .NET is a registered trademark of Microsoft Corporation. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
    [Show full text]
  • Google Apps for Education Surpasses Expectations at ICHS Contents
    Summer 2013 Working With New Technologies Vol. 11, No. 2 Google Apps for Education Surpasses Expectations at ICHS By Amy B. Popp, Librar- Google Apps for Education ian, Webmaster, PR Coor- (www.google.com/enterprise/ apps/education) has fulfilled all of dinator, and Technology these requirements. Teacher at Immaculate Conception High School I had heard about Gmail being used as an email solution for edu- Immaculate Conception High cational and nonprofit organiza- School (ICHS), a Catholic co- tions. Through research, emails, educational school in Mont- and phone calls with Google, I clair, has been transformed found that our school qualified for by the implementation of the free Google Apps for Educa- Google Apps for Education. tion program. We could retain our When I was hired as Librar- email domain name ian/Webmaster in 2011, one ICHS juniors work in Popp’s (Continued on page 4) of my primary goals was to computer class: Joselyn update the content, media, Espinoza (front), Myrna Nu- functionality, and visibility of arhpa, Garyetta Vanderveer. the school’s website. As I revamped the website, I everyone in the school com- Contents noticed that the school's munity to communicate with email system was outdated, each other effectively. In addi- clunky, and barely used. It Google Apps for Education tion, students needed to col- Surpasses Expectations needed to be replaced by laborate, share, and retrieve something that would enable at ICHS 1 their work more effectively. How iPad Stations Support Early Childhood Learning 1 Message from How iPad Stations Support the President 2 Letter from the Early Childhood Learning Executive Director 3 Note from the Editor 3 By Jennifer Salt, Senior and benefits of creating an Children’s Librarian, early childhood tech station Use TechEx to Share using tablet computers.
    [Show full text]
  • Efficient and Transparent Method for Large-Scale TLS Traffic Analysis of Browsers and Analogous Programs
    Hindawi Security and Communication Networks Volume 2019, Article ID 8467081, 22 pages https://doi.org/10.1155/2019/8467081 Research Article Efficient and Transparent Method for Large-Scale TLS Traffic Analysis of Browsers and Analogous Programs Jiaye Pan , Yi Zhuang , and Binglin Sun College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 200016, China Correspondence should be addressed to Yi Zhuang; [email protected] Received 3 April 2019; Revised 16 August 2019; Accepted 20 September 2019; Published 27 October 2019 Guest Editor: Surya Nepal Copyright © 2019 Jiaye Pan et al. is is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Many famous attacks take web browsers as transmission channels to make the target computer infected by malwares, such as watering hole and domain name hijacking. In order to protect the data transmission, the SSL/TLS protocol has been widely used to defeat various hijacking attacks. However, the existence of such encryption protection makes the security software and devices confront with the diculty of analyzing the encrypted malicious trac at endpoints. In order to better solve this kind of situation, this paper proposes a new ecient and transparent method for large-scale automated TLS trac analysis, named as hyper TLS trac analysis (HTTA). It extracts multiple types of valuable data from the target system in the hyper mode and then correlates them to decrypt the network packets in real time, so that overall data correlation analysis can be performed on the target.
    [Show full text]
  • Download Thesis
    Technische Universität München Department of Civil, Geo and Environmental Engineering Chair of Cartography Prof. Dr.-Ing. Liqiu Meng Integrated Web Based Visualization of Railway Track Information Youssef Zouine Master's Thesis Duration: 01.04.2015 - 08.04.2016 Study Course: Cartography M.Sc. Supervisor: Dr. Mathias Jahnke 2016 Statement of Authorship Statement of Authorship Herewith I confirm that I am the sole author of this research report named “Integrated Web Visualization of Railway Track Information” which has been presented to the study commission. I have referenced the ideas and work of others. I declare that I submitted this work in partial fulfillment for the degree of Master of Science in Cartography, and it has not been submitted elsewhere in any other form for the fulfillment of any other degree or qualification. ________________________________ ______________________________ (place, date) (signature) i Acknowledgments Acknowledgments No one saunter alone on the journey of life. Just where you begin to thank those who walked beside you, joined you, and helped you along the way continuously urged me to write these paragraphs to put my thoughts down on over the two years I have spent in Technische Universität München, Technische Universität Wien, and Technische Universität Dresden. Also, I would like to share my insights together with the secrets to my persistent and positive approach to life. I am highly indebted to the enthusiastic supervision of Dr. Mathias Jahnke for his guidance and constant supervision as well as for providing necessary information concerning the project as well as for his support in completing the project. He inspired me greatly to work in this project, and his willingness for motivating me contributed tremendously to my master thesis.
    [Show full text]
  • Engage Magazine
    May 2019 “We're here to put a dent in the univ“ erse. Otherwise why else even be here? - Steve Jobs “ Wisdom is always an overmatch for strength “ - Phil Jackson Contents May 2019 MEMS Big Data Testing 05 07 Smart Dust - Big Data Testing - Microelectromechanical Challenges, Processes systems (MEMS) And Best Practices Imagine a world where wireless devices Understanding the data and its impact on are as small as a grain of salt. These the business is the real challenge. Also, miniaturised devices have sensors, dealing with unstructured data drawn from cameras and communication mechanisms sources such as tweets, text documents to transmit the data they collect back to a and social media posts is one of the base in order to process. biggest challenges. Author: Author: Saviour Nickolas Derel J Manoranjitham Vetriveeran Contents May 2019 CSS Listening 10 13 Mechanism of Modern The Three Levels of Cascading Style Sheets Listening (CSS) We hear through our paradigms. Test this within your own company by asking a The mechanics and practical uses of CSS cross-section of employees and leaders that will be valuable to a developer. to read the same customer story and then tell you what the customer’s challenges Author: were. Sangavi Rajendran Author: Betsy Westhafer Contents May 2019 Smart Homes Black Hole 15 18 Smarting from too much A Giant Leap By Smart! Humanity With smart homes, we have given Humans have always looked at the sky ourselves the distinct advantage of being and wondered at all the mysteries it held able to do old tasks in new, smarter ways.
    [Show full text]
  • Investigating Cryptocurrencies
    Investigating Cryptocurrencies Investigating Cryptocurrencies Understanding, Extracting, and Analyzing Blockchain Evidence Nick Furneaux Investigating Cryptocurrencies: Understanding, Extracting, and Analyzing Blockchain Evidence Published by John Wiley & Sons, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2018 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-119-48058-7 ISBN: 978-1-119-48057-0 (ebk) ISBN: 978-1-119-48056-3 (ebk) Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permis- sion of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley .com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or war- ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials.
    [Show full text]
  • Downloader and Private Browser Password How to Enable Private Browsing on Any Web Browser
    downloader and private browser password How to Enable Private Browsing on Any Web Browser. Matt Klein has nearly two decades of technical writing experience. He's covered Windows, Android, macOS, Microsoft Office, and everything in between. He's even written a book, The How-To Geek Guide to Windows 8. Read more. Private browsing has been around in one form or another since 2005, but it took some time for every browser to get behind it. Now, no matter what browser you use, you can surf the internet without leaving behind a local trail of history, passwords, cookies, and other assorted bits of information. Private browsing is useful for covering your tracks (or rather, preventing any tracks from being made in the first place), among other things. It isn’t infallible, however, and while it will prevent information from being stored on your computer, it won’t prevent your employer, Internet service provider, websites you visit, or the NSA for that matter, from collecting any information you transmit beyond your computer. Every browser has their own name for private browsing, and while accessing it is accomplished in practically the same way, there can be subtle differences from product to product. Google Chrome: Open Incognito Mode. Google Chrome remains the most used browser on the market, and calls its private browsing mode “Incognito Mode”. On Windows and Mac. You can spawn an incognito window by clicking the special menu in the top-right corner of the browser window. On Windows, it will be three line and on macOS, it will be three dots.
    [Show full text]
  • Check and Evernote Named to PC Magazine's Top 100 Android Apps
    http://www.pcmag.com/article2/0,2817,2393102,00.asp The 100 Best Android Apps of 2013 By Max Eddy ARTICLE DATE : October 28, 2013 pcmag.com It seems like only yesterday Google Play was a quiet hamlet populated by mere hundreds of thousands of apps. But as of this past summer, the official Android app store crossed the twin thresholds of a million apps and 50 billion downloads. Navigating this bustling metropolis of applications has always been difficult, which is why we've created this handy list to help guide you toward the best apps out there. We're constantly pruning and updating this list, trying to make sure it has a little something for everyone while also keeping it fresh and interesting. While our tastes and yours may be different, we think our list is a good starting point. Hopefully the next time you stop by, you'll see something new. Whoa, 10 pages? Uncool. We can all agree that paginated stories are annoying. But with 100 apps, we had to break it up just to make it readable. We've even divided the article into themed sections, so you can skip over the first 50 or so if you're only interested in, say, music apps. Also, if you're interested in more Android games (and be honest, you are) check out our list of the 10 Best Android Games. You're welcome! The 100 Best Android Apps of 2013 Hey, You Missed Something Though we are professionals, we have yet to physically and mentally merge with the Google Play store, becoming an omnipotent being of total app knowledge.
    [Show full text]
  • Pdf/Acyclic.1.Pdf
    tldr pages Simplified and community-driven man pages Generated on Sun Sep 26 15:57:34 2021 Android am Android activity manager. More information: https://developer.android.com/studio/command-line/adb#am. • Start a specific activity: am start -n {{com.android.settings/.Settings}} • Start an activity and pass data to it: am start -a {{android.intent.action.VIEW}} -d {{tel:123}} • Start an activity matching a specific action and category: am start -a {{android.intent.action.MAIN}} -c {{android.intent.category.HOME}} • Convert an intent to a URI: am to-uri -a {{android.intent.action.VIEW}} -d {{tel:123}} bugreport Show an Android bug report. This command can only be used through adb shell. More information: https://android.googlesource.com/platform/frameworks/native/+/ master/cmds/bugreport/. • Show a complete bug report of an Android device: bugreport bugreportz Generate a zipped Android bug report. This command can only be used through adb shell. More information: https://android.googlesource.com/platform/frameworks/native/+/ master/cmds/bugreportz/. • Generate a complete zipped bug report of an Android device: bugreportz • Show the progress of a running bugreportz operation: bugreportz -p • Show the version of bugreportz: bugreportz -v • Display help: bugreportz -h cmd Android service manager. More information: https://cs.android.com/android/platform/superproject/+/ master:frameworks/native/cmds/cmd/. • List every running service: cmd -l • Call a specific service: cmd {{alarm}} • Call a service with arguments: cmd {{vibrator}} {{vibrate 300}} dalvikvm Android Java virtual machine. More information: https://source.android.com/devices/tech/dalvik. • Start a Java program: dalvikvm -classpath {{path/to/file.jar}} {{classname}} dumpsys Provide information about Android system services.
    [Show full text]
  • New Britannia Mine STAFF Mines Come and Mines Go, but It Isn't Often That One Britannia Standards
    THE LAKE-LAND PHOENIX Volume 1, Issue 1 SNOW LAKE, MANITOBA September, 2004 The “NEW” New Britannia Mine STAFF Mines come and mines go, but it isn't often that one Britannia standards. In fact, during the last couple of months, opens up again after it has gone. For certain, it rarely the mine's grade has been running 0.17 - 0.18 oz. of gold per ton happens twice - and likely never happens before the mine of ore. That is almost double the grade that was coming out of officially closes. However, this appears to be what is in store for New Brit' over the past year. the community of Snow Lake's New Britannia Mine. As a result, the mine's 50% owner and operator, Kinross Gold, This week it was officially announced that the New Brit' mine has approved an exploration proposal that will see workers drive a will continue on for the next three years and if everything falls 900 ft. exploration drift just below the mine's 3600 level. As well, into place, it could possibly produce even longer. Kinross have agreed to restart New Brit's main ramp and ore "We have finally mined past a large waste inclusion within the development in the mine's Dick Zone. main orebody, which ran about 300 vertical feet in height," said Once the drift is finished, a drill will be moved in and about New Britannia Mine's General Manager, Mike Kelly early last 15,000 ft. of diamond drilling will be done in order to firm up week.
    [Show full text]
  • Giant List of Mobile Browsers
    Giant List of Mobile Browsers We are quickly moving towards a mobile world, with people increasingly accessing the internet exclusively on their devices. As mobile surfing is still relatively new compared to desktop, their browser wars are just beginning. Soon the blockchain will get involved & that will open up the field even further. Pick your pony now. 1. 360 Security http://www.360securityapps.com 2. ABC Browser Pro https://play.google.com/store/apps/details?id=com.fchatnet.minibrowser 3. Aloha https://alohabrowser.com 4. Amazon Silk https://www.amazon.com/Amazon-com-Amazon-Silk-Web-Browser/dp/B01M35MQV4 5. APUS Browser https://play.google.com/store/apps/details?id=com.apusapps.browser 6. Baidu Mobile https://mobile.baidu.com 7. Best Browser https://play.google.com/store/apps/details?id=org.zbrowser.ui.activities 8. BlackBerry Access https://www.blackberry.com/us/en/products/apps/blackberry-dynamics-apps/blackberry-access/overview 9. Blazer https://play.google.com/store/apps/details?id=com.mdjsoftware.download 10. Bolt http://www.boltbrowser.com 11. Brave https://brave.com/download 12. Browser for Android https://play.google.com/store/apps/details?id=org.easyweb.browser 13. Cake https://cakebrowser.com 14. Cameleon Privacy AdBlock & Float Browser https://play.google.com/store/apps/details?id=work.ionut.browser 15. Chrome https://play.google.com/store/apps/details?id=com.android.chrome 16. Cliqz https://cliqz.com/en/mobile 17. CM Browser https://www.cmcm.com/en-us/cm-browser 18. Cosmic https://play.google.com/store/apps/details?id=com.cosmic.webbrowser 19. Cosmic Privacy https://play.google.com/store/apps/details?id=com.cosmic.privacybrowser 20.
    [Show full text]