Skip to content

Security Considerations.md

Latest commit

 

History

History
404 lines (351 loc) · 21.1 KB

Security Considerations.md

File metadata and controls

404 lines (351 loc) · 21.1 KB

Security Considerations

**Referenced Files in This Document** - [SecureConfig.kt](file://app/src/main/java/com/suvojeet/suvmusic/util/SecureConfig.kt) - [AESUtil.kt](file://app/src/main/java/com/suvojeet/suvmusic/util/AESUtil.kt) - [secure_config.cpp](file://app/src/main/cpp/secure_config.cpp) - [CrashReportSender.kt](file://app/src/main/java/com/suvojeet/suvmusic/crash/CrashReportSender.kt) - [CrashReportSenderFactory.kt](file://app/src/main/java/com/suvojeet/suvmusic/crash/CrashReportSenderFactory.kt) - [org.acra.sender.ReportSenderFactory](file://app/src/main/resources/META-INF/services/org.acra.sender.ReportSenderFactory) - [SuvMusicApplication.kt](file://app/src/main/java/com/suvojeet/suvmusic/SuvMusicApplication.kt) - [NetworkMonitor.kt](file://app/src/main/java/com/suvojeet/suvmusic/util/NetworkMonitor.kt) - [PermissionUtils.kt](file://app/src/main/java/com/suvojeet/suvmusic/util/PermissionUtils.kt) - [AndroidManifest.xml](file://app/src/main/AndroidManifest.xml) - [LocalAudioRepository.kt](file://app/src/main/java/com/suvojeet/suvmusic/data/repository/LocalAudioRepository.kt) - [YouTubeConfig.kt](file://app/src/main/java/com/suvojeet/suvmusic/data/repository/youtube/internal/YouTubeConfig.kt) - [ListeningHistoryRepository.kt](file://app/src/main/java/com/suvojeet/suvmusic/data/repository/ListeningHistoryRepository.kt) - [AppLog.kt](file://app/src/main/java/com/suvojeet/suvmusic/util/AppLog.kt)

Table of Contents

  1. Introduction
  2. Project Structure
  3. Core Components
  4. Architecture Overview
  5. Detailed Component Analysis
  6. Dependency Analysis
  7. Performance Considerations
  8. Troubleshooting Guide
  9. Conclusion
  10. Appendices

Introduction

This document consolidates SuvMusic’s security posture across configuration management, encryption utilities, crash reporting, API key handling, data protection, permissions, privacy controls, network security, local storage safeguards, and third-party integrations. It also outlines vulnerability assessment, auditing, and incident response considerations derived from the codebase.

Project Structure

Security-relevant modules and files are organized by responsibility:

  • Configuration and encryption utilities reside under app/src/main/java/com/suvojeet/suvmusic/util and app/src/main/cpp.
  • Crash reporting integrates with ACRA and is customized via a factory and sender.
  • Network monitoring and permissions are centralized utilities.
  • Privacy-sensitive repositories and application lifecycle manage logging and telemetry.
  • Manifest enforces secure defaults such as disabling cleartext traffic and declaring required permissions.
graph TB
subgraph "App Layer"
Util["Utilities<br/>SecureConfig, AESUtil, NetworkMonitor, PermissionUtils, AppLog"]
Crash["Crash Reporting<br/>CrashReportSender, CrashReportSenderFactory"]
Repo["Repositories<br/>LocalAudioRepository, ListeningHistoryRepository"]
Config["Configs<br/>YouTubeConfig"]
App["Application<br/>SuvMusicApplication"]
Manifest["AndroidManifest.xml"]
end
subgraph "Native Layer"
SecCPP["secure_config.cpp<br/>Native key derivation"]
end
Util --> SecCPP
Crash --> App
App --> Manifest
Repo --> App
Config --> App
Loading

Diagram sources

  • SecureConfig.kt:1-61
  • secure_config.cpp:1-61
  • CrashReportSender.kt:1-144
  • CrashReportSenderFactory.kt:1-19
  • SuvMusicApplication.kt:1-129
  • AndroidManifest.xml:1-224
  • LocalAudioRepository.kt:1-432
  • ListeningHistoryRepository.kt:1-179
  • YouTubeConfig.kt:1-20

Section sources

  • AndroidManifest.xml:1-224
  • SuvMusicApplication.kt:1-129

Core Components

  • Secure configuration management: Runtime AES decryption of sensitive strings with native-derived keys to reduce reverse-engineering risk.
  • Encryption utilities: AES/CBC/PKCS5Padding for pre-encrypted secrets.
  • Crash reporting: ACRA-backed reporting with user-friendly sharing and file export.
  • Network monitoring: Reactive connectivity checks with Wi-Fi detection.
  • Permissions: Dynamic permission lists aligned with platform versions.
  • Privacy controls: Privacy mode gating for analytics and history recording.
  • Logging: Debug-gated persistent logs with opt-in.

Section sources

  • SecureConfig.kt:1-61
  • AESUtil.kt:1-62
  • secure_config.cpp:1-61
  • CrashReportSender.kt:1-144
  • CrashReportSenderFactory.kt:1-19
  • NetworkMonitor.kt:1-98
  • PermissionUtils.kt:1-29
  • ListeningHistoryRepository.kt:1-179
  • AppLog.kt:1-113

Architecture Overview

The security architecture combines:

  • Native key derivation for sensitive configuration.
  • ACRA crash pipeline with custom sender and factory.
  • Manifest-enforced transport security and minimal permissions.
  • Privacy-aware repositories and logging utilities.
graph TB
App["SuvMusicApplication"]
ACRA["ACRA Core"]
SenderFactory["CrashReportSenderFactory"]
Sender["CrashReportSender"]
Log["AppLog"]
NetMon["NetworkMonitor"]
Perm["PermissionUtils"]
SecCfg["SecureConfig"]
AES["AESUtil"]
Native["secure_config.cpp"]
RepoHist["ListeningHistoryRepository"]
App --> ACRA
ACRA --> SenderFactory
SenderFactory --> Sender
App --> Log
App --> NetMon
App --> Perm
SecCfg --> AES
SecCfg --> Native
RepoHist --> App
Loading

Diagram sources

  • SuvMusicApplication.kt:1-129
  • CrashReportSenderFactory.kt:1-19
  • CrashReportSender.kt:1-144
  • AppLog.kt:1-113
  • NetworkMonitor.kt:1-98
  • PermissionUtils.kt:1-29
  • SecureConfig.kt:1-61
  • AESUtil.kt:1-62
  • secure_config.cpp:1-61
  • ListeningHistoryRepository.kt:1-179

Detailed Component Analysis

Secure Configuration Management

  • Purpose: Protect sensitive endpoints and credentials by storing only encrypted strings and deriving keys at runtime in native code.
  • Implementation highlights:
    • Pre-encrypted constants stored in Kotlin.
    • Native key derivation functions returning 16-byte and 8-byte keys.
    • AES decryption invoked only when needed, with safe fallbacks on exceptions.
  • Security benefits:
    • Reduces exposure of plaintext secrets in APK.
    • Obfuscates key derivation logic in native code.
  • Risks and mitigations:
    • Risk: Key derivation exposed via reverse engineering.
    • Mitigation: Fragmented seeds and transformations in native code; runtime-only decryption.
classDiagram
class SecureConfig {
+getRemote AudioBaseUrl() String
+getRemote AudioDesKey() String
+checkDeveloperPassword(input) Boolean
-nDeriveKey() String
-nDeriveDesKey() String
}
class AESUtil {
+encrypt(plainText, key) String
+decrypt(encryptedText, key) String
}
class secure_config_cpp {
+deriveKeyNative() String
+deriveDesKeyNative() String
}
SecureConfig --> AESUtil : "decrypts"
SecureConfig --> secure_config_cpp : "derives keys"
Loading

Diagram sources

  • SecureConfig.kt:1-61
  • AESUtil.kt:1-62
  • secure_config.cpp:1-61

Section sources

  • SecureConfig.kt:10-60
  • secure_config.cpp:17-46
  • AESUtil.kt:12-60

Encryption Utilities (AES)

  • Purpose: Provide AES/CBC/PKCS5Padding encryption/decryption for sensitive strings.
  • Implementation highlights:
    • IV included with ciphertext; Base64-encoded combined payload.
    • Safe decryption with fallback to empty string on failure.
  • Security considerations:
    • Ensure consistent key length and avoid reuse of IVs across messages.
    • Limit exposure of decrypted values to runtime scopes.
flowchart TD
Start(["Decrypt Entry"]) --> Decode["Decode Base64 payload"]
Decode --> Split["Split IV (first 16 bytes) and Ciphertext"]
Split --> InitCipher["Initialize Cipher with Key and IV"]
InitCipher --> DoFinal["Decrypt Ciphertext"]
DoFinal --> Return["Return Decrypted Text"]
Decode --> |Exception| Fallback["Return Empty String"]
Split --> |Exception| Fallback
InitCipher --> |Exception| Fallback
Loading

Diagram sources

  • AESUtil.kt:41-60

Section sources

  • AESUtil.kt:12-60

Crash Reporting Security Implications

  • ACRA integration with a custom sender and factory enables controlled crash reporting.
  • Sender writes reports to a cache directory, shares via FileProvider, and attempts to open a preferred app (Telegram) with a chooser fallback.
  • Security implications:
    • Reports include device and app metadata; users must consent to share.
    • FileProvider grants read URI permission; ensure only intended recipients receive logs.
    • Avoid attaching sensitive data; the current implementation focuses on stack traces and logcat.
sequenceDiagram
participant App as "App"
participant ACRA as "ACRA"
participant Factory as "CrashReportSenderFactory"
participant Sender as "CrashReportSender"
participant FS as "FileProvider"
App->>ACRA : "Crash occurs"
ACRA->>Factory : "Create sender"
Factory-->>ACRA : "CrashReportSender"
ACRA->>Sender : "send(context, report)"
Sender->>Sender : "writeCrashReportFile()"
Sender->>FS : "getUriForFile(...)"
Sender-->>App : "Open Share Intent (Chooser)"
Loading

Diagram sources

  • SuvMusicApplication.kt:43-60
  • CrashReportSenderFactory.kt:12-18
  • CrashReportSender.kt:26-39
  • org.acra.sender.ReportSenderFactory:1-2

Section sources

  • SuvMusicApplication.kt:43-60
  • CrashReportSenderFactory.kt:12-18
  • CrashReportSender.kt:26-99
  • org.acra.sender.ReportSenderFactory:1-2

API Key Management and Data Protection

  • API endpoints and developer credentials are encrypted and decrypted at runtime using native-derived keys.
  • Data at rest:
    • No evidence of encrypted local databases; rely on Android Keystore for future enhancements.
  • Data in transit:
    • Manifest disables cleartext traffic globally.
    • Network monitoring ensures validated internet availability before operations.
flowchart TD
A["Load Native Lib"] --> B["Derive Key (Native)"]
B --> C["Decrypt Endpoint (AES)"]
C --> D["Use HTTPS Endpoint"]
Loading

Diagram sources

  • SecureConfig.kt:12-36
  • secure_config.cpp:17-34
  • AESUtil.kt:41-55
  • AndroidManifest.xml:71

Section sources

  • SecureConfig.kt:12-36
  • secure_config.cpp:17-34
  • AndroidManifest.xml:71

Privacy Protection and Consent

  • Privacy mode gating prevents recording listening history when enabled.
  • Logging can be enabled/disabled; logs are written to cache for optional persistence.
  • Manifest permissions are scoped to functional needs (media, notifications, foreground services).
flowchart TD
Start(["Record Play"]) --> CheckPM["Check Privacy Mode"]
CheckPM --> |Enabled| Skip["Skip Recording"]
CheckPM --> |Disabled| Upsert["Upsert History Record"]
Skip --> End(["Done"])
Upsert --> End
Loading

Diagram sources

  • ListeningHistoryRepository.kt:24-95

Section sources

  • ListeningHistoryRepository.kt:24-30
  • AppLog.kt:28-41
  • AndroidManifest.xml:9-31

Permission Handling and Data Collection

  • Required permissions are determined dynamically based on OS version.
  • Permissions include media access, notifications, and foreground services for playback.
  • Data collection is minimized; repository queries use projections and selections to limit scope.

Section sources

  • PermissionUtils.kt:10-27
  • LocalAudioRepository.kt:26-52

Network Communications Security

  • Manifest enforces no cleartext traffic.
  • Network monitor validates internet capability and Wi-Fi presence for informed decisions.
  • YouTube client configuration uses HTTPS endpoints.

Section sources

  • AndroidManifest.xml:71
  • NetworkMonitor.kt:29-76
  • YouTubeConfig.kt:17-18

Local Storage Security

  • Logs are written to cache; optional persistent logging can be enabled.
  • Media access uses ContentResolver with explicit projections and selections.
  • No evidence of encrypted local storage; consider Android Keystore for future enhancements.

Section sources

  • AppLog.kt:30-41
  • LocalAudioRepository.kt:69-122

Third-Party Integration Security

  • ACRA crash reporting is integrated; custom sender and factory registered via service loader.
  • FileProvider is used for sharing crash logs securely.
  • Manifest declares package visibility and deep links with auto-verification for trusted domains.

Section sources

  • CrashReportSenderFactory.kt:12-18
  • CrashReportSender.kt:28-38
  • org.acra.sender.ReportSenderFactory:1-2
  • AndroidManifest.xml:104-148

Dependency Analysis

  • SecureConfig depends on AESUtil and native key derivation.
  • Crash reporting depends on ACRA, custom factory, and sender.
  • Application initializes ACRA and logging; repositories depend on session/privacy controls.
graph LR
SecCfg["SecureConfig"] --> AES["AESUtil"]
SecCfg --> Native["secure_config.cpp"]
App["SuvMusicApplication"] --> ACRA["ACRA"]
ACRA --> Factory["CrashReportSenderFactory"]
Factory --> Sender["CrashReportSender"]
RepoHist["ListeningHistoryRepository"] --> App
Loading

Diagram sources

  • SecureConfig.kt:12-36
  • AESUtil.kt:12-60
  • secure_config.cpp:17-34
  • SuvMusicApplication.kt:43-60
  • CrashReportSenderFactory.kt:12-18
  • CrashReportSender.kt:26-39
  • ListeningHistoryRepository.kt:14-18

Section sources

  • SecureConfig.kt:12-36
  • SuvMusicApplication.kt:43-60
  • ListeningHistoryRepository.kt:14-18

Performance Considerations

  • Avoid frequent decryption operations; cache decrypted values per session where appropriate.
  • Minimize log volume when persistent logging is enabled to reduce I/O overhead.
  • Use network monitoring to defer operations until validated connectivity.

[No sources needed since this section provides general guidance]

Troubleshooting Guide

  • Crash reporting not appearing:
    • Verify ACRA initialization and custom factory registration.
    • Confirm FileProvider authority and share intent creation.
  • Decryption failures:
    • Ensure native library loads and key derivation returns valid strings.
    • Validate encrypted payload format and key length.
  • Logging issues:
    • Confirm logging is enabled and cache directory is writable.
    • Clear logs if they grow excessively.

Section sources

  • SuvMusicApplication.kt:43-60
  • CrashReportSenderFactory.kt:12-18
  • CrashReportSender.kt:26-39
  • SecureConfig.kt:12-18
  • AppLog.kt:102-111

Conclusion

SuvMusic employs layered security practices: native-derived keys for configuration, ACRA-based crash reporting with user-controlled sharing, manifest-enforced transport security, and privacy-aware repositories. To further strengthen security, consider integrating Android Keystore for sensitive data at rest, adopting certificate pinning for outbound requests, and establishing formal vulnerability assessment and incident response procedures.

[No sources needed since this section summarizes without analyzing specific files]

Appendices

  • Best practices:
    • Rotate keys periodically and re-encrypt stored values.
    • Enforce strict input validation and sanitize logs before sharing.
    • Limit persisted data and apply least-privilege permissions.
    • Conduct periodic security audits and penetration testing.

[No sources needed since this section provides general guidance]