Notices


Reply
Thread Tools
pacman's Avatar
Posts: 28 | Thanked: 203 times | Joined on Sep 2015
#1
I would be grateful if any real experts in Android security would comment on what I have written here. I know a little about all this, but I freely admit that my knowledge is rather superficial and I am more than willing to be corrected if I have got any of this wrong.

TL;DR: An important security protocol that is available on native Android 4.4.4 is not available under Alien Dalvik. This means that services that depend on using Android apps may not work on Alien Dalvik + SFOS, even though they do work on mainstream Android installations of the corresponding version. Android apps that work now on SFOS may stop working without warning if the services that they depend on drop support for older security protocols.

I started looking into why I could not see pictures or videos that other people sent me when using the Android Wire messenger app on SFOS, when I could see the media in the app when using it on Android. I also observed that profile pictures/avatar images and previews of shared web links are also unavailable on SFOS. Someone else posted about the same problem on TJC here: https://together.jolla.com/question/...e-no-pictures/

This GitHub issue https://github.com/wireapp/wire-android/issues/518 suggests that the problem happens when Google Play Services are not available:

* The Android Wire app tries to use GCM (Google Cloud Messaging) to retrieve shared media such as pictures, video and previews of web pages. This fails if Google Play Services are not available.
* The Wire app then falls back on a WebSocket protocol to try to retrieve the media
* The service provided by Wire requires a handshake using TLS v1.2 for the WebSocket protocol to work
* Under Android 4.4.4, TLS v1.2 is provided by Google Play Services, so the handshake fails on any Android 4.4 platform where Google Play Services is not available, including Alien Dalvik.
* Wire are not prepared to support TLS of a lower version than 1.2 on their service: that would be an unacceptable weakening of their security.

I have experimented a bit with Riot.im, and have found that with the Android Riot.im app on the matrix.org instance, images can be exchanged successfully. In principle, I could switch to this service, and try to persuade everyone that I currently communicate with on Wire to follow me to a Matrix-based service. I do not see this as a solution though: the administrators of matrix.org (or other Matrix instances) could drop support for older versions of TLS and I would then be in the same situation as I am now with Wire.

Some Android apps clearly do support TLS v1.2, for example pointing Android Firefox on SFOS to https://www.howsmyssl.com/ shows that TLS v1.2 is supported. This is presumably because the Android build of Firefox includes its own TLS library, and doesn’t rely on Google Play Services to provide it. However, it is not reasonable to expect every Android app to do this, if Google Play Services on Android 4.4.4 provides the latest version of TLS.

Is there any possibility that support for TLS v1.2 in Alien Dalvik on SFOS could be somehow be provided? Maybe in miroG, or by some kind of pass-through to SFOS itself? If this is doesn’t happen, support for Android apps in SFOS that require access to secure services will gradually degrade as service providers drop support for older versions of TLS. I suspect that Wire is not the only app affected by this. Porting security patches from Android 4.4.x to Alien Dalvik won’t make any difference to this issue.

One commenter on the TJC thread linked to above does see media load in the Wire app, and has speculated that this is because they have installed the NextCloud app and synchronise Wire media with their NextCloud storage. This is unconfirmed so far, but if it is true then it suggests that it is possible to provide support for TLS v1.2 without having to get into the internals of Alien Dalvik.

The lack of support for up-to-date security protocols in Alien Dalvik (as compared to SFOS itself) has also been noted on TJC here: https://together.jolla.com/question/...ersations-app/

As I said at the start, I would be grateful for any comments on this from anyone with real expertise in this area.
 

The Following 13 Users Say Thank You to pacman For This Useful Post:
Community Council | Posts: 4,158 | Thanked: 10,035 times | Joined on May 2012 @ Southerrn Finland
#2
Originally Posted by pacman View Post
...
TL;DR: An important security protocol that is available on native Android 4.4.4 is not available under Alien Dalvik. This means that services that depend on using Android apps may not work on Alien Dalvik + SFOS, even though they do work on mainstream Android installations of the corresponding version. Android apps that work now on SFOS may stop working without warning if the services that they depend on drop support for older security protocols.
...
...
* The Android Wire app tries to use GCM (Google Cloud Messaging) to retrieve shared media such as pictures, video and previews of web pages. This fails if Google Play Services are not available.
* The Wire app then falls back on a WebSocket protocol to try to retrieve the media
* The service provided by Wire requires a handshake using TLS v1.2 for the WebSocket protocol to work
* Under Android 4.4.4, TLS v1.2 is provided by Google Play Services, so the handshake fails on any Android 4.4 platform where Google Play Services is not available, including Alien Dalvik.
* Wire are not prepared to support TLS of a lower version than 1.2 on their service: that would be an unacceptable weakening of their security.
Weeelll... technically you are correct but WTF!

Anything that depends on Google Services cannot be secure by any lenght of imagination, the whole bloody pile exists there just for the purpose of taking your control away and massaging you into nice munchable bites of data for the G-machine...!

I suggest that you do the sensible thing and lose android, which means both the real thing and anything that is capable of running those applications...
 

The Following 7 Users Say Thank You to juiceme For This Useful Post:
pacman's Avatar
Posts: 28 | Thanked: 203 times | Joined on Sep 2015
#3
Originally Posted by juiceme View Post
Weeelll... technically you are correct but WTF!

Anything that depends on Google Services cannot be secure by any lenght of imagination, the whole bloody pile exists there just for the purpose of taking your control away and massaging you into nice munchable bites of data for the G-machine...!

I suggest that you do the sensible thing and lose android, which means both the real thing and anything that is capable of running those applications...
As far as Wire is concerned, my understanding is that the situation isn't that bad: for the WebSocket fallback to work, it is only necessary that TLS v1.2 is available, and it may be possible to provide that to Alien Dalvik on SFOS by other methods than Google Play Services. This is really what my question is about. As I noted, Android Firefox seems to support TLS v1.2 without depending on Google Play Services.

If Wire absolutely required GCM and there was no fallback, then you are right, and I would have already dropped Wire
 

The Following 4 Users Say Thank You to pacman For This Useful Post:
Posts: 213 | Thanked: 284 times | Joined on Aug 2010 @ The Netherlands
#4
Originally Posted by juiceme View Post
I suggest that you do the sensible thing and lose android...
It is a pity that almost every discussion about Alien Dalvik ends up in this kind of statement. I trust the advice was given with the best intentions, but it does not help people like myself, and it doesn't help the discussion.

As it is, SailfishOS is being presented with an Android layer so "you don't have to miss your favorite apps." Right now, I couldn't do without. I have only 1 phone with me, running SailfishX. My network, family included, communicates through Whatsapp. I want to take a glimpse at my bank account occasionally, and I like to play Wordfeud. Losing the Android layer would force me towards an Android phone and I don't like that idea.

I think pacman's question raises some sorrows for Jolla/SailfishOS for the usefulness of the Android layer in the future. And already now, some apps won't install even though the minimum requirement of Android 4.4 seems to have been met in SailfishOS. I hope we can get and keep proper compatibility.
__________________
Palm Treo -> N900 -> N9 -> Jolla
Developer mode novice, and enjoying it
 

The Following 18 Users Say Thank You to rob_kouw For This Useful Post:
Community Council | Posts: 4,158 | Thanked: 10,035 times | Joined on May 2012 @ Southerrn Finland
#5
No no, @rob_kow; I am not purposefully bashing AD here, of course it is the lesser evil when compared to a fullblown android. (but you still should not poison your installation with gapps...)

What I am condemning is the whole idea of "apps", you are better off without.
You know, abstinence makes you saintful, right?
 

The Following 7 Users Say Thank You to juiceme For This Useful Post:
Posts: 269 | Thanked: 179 times | Joined on Jan 2006 @ Cambridge, England
#6
Originally Posted by pacman View Post
I have experimented a bit with Riot.im, and have found that with the Android Riot.im app on the matrix.org instance, images can be exchanged successfully. In principle, I could switch to this service, and try to persuade everyone that I currently communicate with on Wire to follow me to a Matrix-based service. I do not see this as a solution though: the administrators of matrix.org (or other Matrix instances) could drop support for older versions of TLS and I would then be in the same situation as I am now with Wire.
A sports app I used has now been updated and insists on Google Play Services, Google has a lot to answer for!

With regards to Matrix have you seen there is a native Matrix client in openrepos here? I haven't used it myself yet, but thought it might be of help to you.
 

The Following 2 Users Say Thank You to richie For This Useful Post:
pacman's Avatar
Posts: 28 | Thanked: 203 times | Joined on Sep 2015
#7
Originally Posted by richie View Post
A sports app I used has now been updated and insists on Google Play Services, Google has a lot to answer for!

With regards to Matrix have you seen there is a native Matrix client in openrepos here? I haven't used it myself yet, but thought it might be of help to you.
Yes, I can't help worrying about support for Android apps on SFOS, things seem to be getting worse as Android/Google gradually becomes more proprietary and more and more apps depend on Google Play Services. Support for Android apps is important for the medium-term future of SFOS, IMHO: it will be a long time before native SFOS apps can cover smartphone use beyond the basics (even allowing for the contents of OpenRepos). I don't know how much life there is in Alien Dalvik, but if adding support for current versions of TLS is possible, perhaps by adding it to microG, it would be worth it I think. In the longer term, it looks to me like Anbox or Shashlik may need to plug the gap, unless there is a sudden flurry of native SFOS app development.

As for Matriski, it is a text-only client.
 

The Following 4 Users Say Thank You to pacman For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 20:46.