Android Code Lab

4 Level of Android App Network Transmission Security : Create Secure Android App Tips | Whatsapp End-to-End encryption

Written by Jatin Sahgal

We can apply 4 level of Security in Network Transmission inside Android App. Who is sending, why is sending or how he is sending : We can stop everyone for our app.

Things require 
1. SSL enabled URL for api transmission
2. Network Config Settings using xml

Lets do know :

  1. Enable SSL transmission only or Keep track on urls
  2. Config TLSv1.2 Transmission
  3. Enable SHA 256 PIN -> Encryption/Decryption
  4. Enable System or Own CA’s for Transmission

Lets Code :

Enable SSL transmission only or Keep track on urls

Manifest Setting

android:networkSecurityConfig="@xml/network_security_config" //A file in XML resource folder
android:usesCleartextTraffic="false" //True if any of Non SSL link exist else False

network_security_config

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="false"> // true for non SSL, false for SSL enable links
        <domain includeSubdomains="true">api.domain.com</domain>
    </domain-config>
    <debug-overrides></debug-overrides>
</network-security-config>

Config TLSv1.2 Transmission

in MyApplication Class Config for TLSv :
override fun onCreate() {
        super.onCreate()
          try {
            ProviderInstaller.installIfNeeded(applicationContext)
            val sslContext = SSLContext.getInstance("TLSv1.2")
            sslContext.init(null, null, null)
            sslContext.createSSLEngine()
        } catch (e: GooglePlayServicesRepairableException) {
            e.printStackTrace()
        } catch (e: GooglePlayServicesNotAvailableException) {
            e.printStackTrace()
        } catch (e: NoSuchAlgorithmException) {
            e.printStackTrace()
        } catch (e: KeyManagementException) {
            e.printStackTrace()
        }
}

Enable SHA 256 PIN -> Encryption/Decryption

Please follow the link to create get PIN Set – 256 SHA keys for Encryption Decryption using your SSL :
https://www.ssllabs.com/ssltest/analyze.html

Keep in mind we need to Pick 2 SHA key : Check their validity before taking it.

Write down your Domain and Get your 256 SHA from SSL Certificate

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>

<domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">smilee.techcruzers.com</domain>
        
        <pin-set>
            <pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
            <pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
        </pin-set>
    </domain-config>
   
    <debug-overrides></debug-overrides>
</network-security-config>

Enable System or Own CA’s for Transmission

Their are 3 ways to mange Network Cerficate :

1. Using Android System :

<trust-anchors>
            <certificates src="system" />
</trust-anchors>

2. Using User One :

<trust-anchors>
            <certificates src="user" />
</trust-anchors>

3. Own CA file : From our SSL Certificate

CA files are used to createn your Android App own Transmission Certificate : Its basically nothing but a Fingureprint or Key file of your CA certificate you include on your Domain to enable SSL.

<trust-anchors>
            <certificates src="@raw/my_ca" />
</trust-anchors>

Create a file in raw folder and paste your Key of SSL.

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>

    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">api.amazonaws.com</domain>
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </domain-config>
    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">api.domain.com</domain>
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
        <pin-set>
            <pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
            <pin digest="SHA-256">AVCDEFGHIJKLMNOPQRSTUVWXYZ12345678901234567=</pin>
        </pin-set>
    </domain-config>
    <base-config> // global config enviroment
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
    <debug-overrides>
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </debug-overrides>
</network-security-config>

These are the Only steps you can easily implement for Secure Transmission in your App.

Their is another one : 5th Level : End-to-End Encyrption which is last and only aproach to enable Last bit Security using Public and Private key structure.
Will Show you another day : Happy Codiing

About the author

Jatin Sahgal

Jamun is a collection of cool android Libraries, Elements classes and more over Utils who help other developer to build a different quality android product by putting material design themes in there mind.

Leave a Comment