Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code transparency key may be used for app signing #362

Open
asit-fdraschbacher opened this issue May 27, 2024 · 0 comments
Open

Code transparency key may be used for app signing #362

asit-fdraschbacher opened this issue May 27, 2024 · 0 comments

Comments

@asit-fdraschbacher
Copy link

Describe the bug
The official documentation for Code Transparency for App Bundles stresses in multiple places that the code transparency key differs from the app signing key:

e.g. "It uses a code transparency signing key, which is solely held by the app developer", or "Code transparency is independent of the signing scheme used for app bundles and APKs. The code transparency key is separate and different from the app signing key that is stored on Google’s secure infrastructure when using Play App Signing.

Indeed, if a developer is to use the app signing key for code transparency, the Code Transparency scheme is broken. Its purpose is to serve as an integrity guarantee even if the code signing key is handed over to someone else.

However, this central security requirement is never verified nor enforced by bundletool. It will happily sign APKs using the same key already used for code transparency and successfully validates APKs that use the same key for app signing and code transparency:

$ bundletool check-transparency --mode=apk --apk-zip=tmp-apks.zip
APK signature is valid. SHA-256 fingerprint of the apk signing key certificate (must be compared with the developer's public key manually): 50 AD FF E4 B4 B1 8C 04 A8 37 91 57 A4 D8 29 36 BB 80 83 7C 87 51 BD 42 D4 10 7D E1 40 E3 C0 8F
Code transparency signature is valid. SHA-256 fingerprint of the code transparency key certificate (must be compared with the developer's public key manually): 50 AD FF E4 B4 B1 8C 04 A8 37 91 57 A4 D8 29 36 BB 80 83 7C 87 51 BD 42 D4 10 7D E1 40 E3 C0 8F

Code transparency verified: code related file contents match the code transparency file.

This might lead unexperienced developers to use code transparency in a way that entirely voids its security guarantees. A simple solution to this problem would be adding a check to APK generation to ensure that Code Transparency and app signing keys are distinct. Additionally, a check should also be added during APK verification, and a warning raised if the two keys are the same.

Bundletool version(s) affected
All

Stacktrace
Not relevant

To Reproduce

  1. Add Code Transparency to an Android Application Bundle through bundletool.
  2. Use bundletool to generate APKs from the AAB and pass the key used in (1) for signing them.
  3. Bundletool will happily generate the APKs.
  4. Verifying the Code Transparency of these APKs using bundletool succeeds. There is no warning or error regarding the certificate reuse.

Expected behavior
At least a warning should be raised about the Certificate Transparency and the App Signing keys needing to be distinct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant