Updating Android Security Provider

Android relies on a security Provider to provide secure network communications. However, from time to time, vulnerabilities are found in the default security provider. To protect from these vulnerabilities, security provider needs to be updated.

Google Play Services provides a quick way[1] so that you can easily update security provider within your application with just few lines of code, but still there are lots of devices without Google Play Services, you may want to update security provider for those too. Also you may not want to include Google Play Services just for security provider. Here are simple steps to build latest security provider from source.

  1. Download the AOSP source as mentioned on AOSP site[2].
  2. Run envsetup.sh
    $ . build.envsetup.sh
  3. Run lunch, specify the desired architecture. E.g. for arm
    $ lunch aosp_arm-user
  4. Change directory to external/conscrypt
    $ cd external/conscrypt
  5. Run mma, this will build the conscrypt library, the OpenSSL provider used by Android along with its all dependencies. You can specify the number of jobs according to your CPU
    $ mma -j8
  6. Get Java library and Native shared library.
    Path for Java library : out/target/common/obj/JAVA_LIBRARIES/conscrypt_unbundled_intermediates/javalib.jar
    Path for Native library : out/target/product/generic/obj/lib/libconscrypt_jni.so
  7. You can change the name of javalib.jar and add it to your build path. To use native library, you have to put it under lib/armeabi directory at the root of your project.

You can easily add this security provider on top of default one with following code :
Security.insertProviderAt(new OpenSSLProvider("Any name"), 1);

[1]https://developer.android.com/training/articles/security-gms-provider.html
[2]https://source.android.com/source/downloading.html

Advertisements

Posted on July 3, 2015, in Uncategorized and tagged , . Bookmark the permalink. 1 Comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: