Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[0x05a] Add APK Signature Scheme (v4) #1937

Merged
merged 6 commits into from
Oct 14, 2021
Merged

[0x05a] Add APK Signature Scheme (v4) #1937

merged 6 commits into from
Oct 14, 2021

Conversation

Saket-taneja
Copy link
Contributor

References - https://source.android.com/security/apksigning/v4
https://source.android.com/security/features/apk-verity

Thank you for submitting a Pull Request to the Mobile Security Testing Guide. Please make sure that:

  • Your contribution is written in the 2nd person (e.g. you)
  • Your contribution is written in an active present form for as much as possible.
  • You have made sure that the reference section is up to date (e.g. please add sources you have used, make sure that the references to MITRE/MASVS/etc. are up to date)
  • Your contribution has proper formatted markdown and/or code
  • Any references to website have been formatted as [TEXT](URL “NAME”)
  • You verified/tested the effectiveness of your contribution (e.g.: is the code really an effective remediation? Please verify it works!)

If your PR is related to an issue. Please end your PR test with the following line:
This PR closes #< insert number here >.

@cpholguera cpholguera changed the title Update 0x05a-Platform-Overview.md 0x05a - APK Signature Scheme (v4 Scheme) Oct 9, 2021
@Saket-taneja
Copy link
Contributor Author

@cpholguera Check this one too

cpholguera
cpholguera requested changes Oct 13, 2021
View reviewed changes
Copy link
Collaborator

@cpholguera cpholguera left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for sending the PR @Saket-taneja. With this we stay up-to-date with the signature schemes ;) Please take a look at the suggestions. In the one about "v4" I put the focus more on "what we can tell about it that can be relevant to the tester, why was this introduced?" rather than on what can be anyway read on Android dev. docs (anyone interested e.g. on the crypto behind can open the links and keep reading). And to that I added the only thing I think it's relevant for testers for now which is the flag for the verification. What do you think?

Document/0x05a-Platform-Overview.md Outdated Show resolved Hide resolved
Document/0x05a-Platform-Overview.md Outdated Show resolved Hide resolved
Document/0x05a-Platform-Overview.md Outdated Show resolved Hide resolved
Saket-taneja and others added 3 commits October 14, 2021 17:07
@Saket-taneja @cpholguera
Update Document/0x05a-Platform-Overview.md
00d9dbf 
Co-authored-by: cpholguera <perezholguera@gmail.com>
@Saket-taneja @cpholguera
Update Document/0x05a-Platform-Overview.md
5a6cf3d 
Co-authored-by: cpholguera <perezholguera@gmail.com>
@Saket-taneja @cpholguera
Update Document/0x05a-Platform-Overview.md
b0d2da0 
Co-authored-by: cpholguera <perezholguera@gmail.com>
Saket-taneja
Saket-taneja commented Oct 14, 2021
View reviewed changes
Copy link
Contributor Author

@Saket-taneja Saket-taneja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is to give the basic understanding about the signature scheme to the security researchers as well as developers

cpholguera
cpholguera requested changes Oct 14, 2021
View reviewed changes
Copy link
Collaborator

@cpholguera cpholguera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's fix the linting and we can merge ;)

Document/0x05a-Platform-Overview.md Outdated Show resolved Hide resolved
cpholguera
cpholguera approved these changes Oct 14, 2021
View reviewed changes
Copy link
Collaborator

@cpholguera cpholguera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Saket-taneja for the nice addition! Keep them coming 😊

@cpholguera cpholguera merged commit b78ac7f into OWASP:master Oct 14, 2021
@Saket-taneja
Copy link
Contributor Author

@cpholguera This is again showing as rejected , can you check

@cpholguera
Copy link
Collaborator

Hi @Saket-taneja I've already merged it so everything is fine.

The "links check" it's not being very reliable so usually you can ignore it. We'll discuss internally how to deal with it. But for now you don't need to worry about it.

For new PRs the most important check is the lint check. Bit as long as you use a markdown linter on your IDE you won't have issues with it.

@cpholguera cpholguera mentioned this pull request Oct 18, 2021
Merged
6 tasks
@Saket-taneja
Copy link
Contributor Author

@cpholguera But in this case it is not mine , it is taking this from the LAST PR , I Haven't added this link/content maybe some other researcher

@cpholguera
Copy link
Collaborator

@Saket-taneja don't worry, no one is to blame. As I explained the link check has issues on it's own. So please don't worry, everything is alright. We'll take care of that :)

@cpholguera cpholguera changed the title 0x05a - APK Signature Scheme (v4 Scheme) [0x05a] Add APK Signature Scheme (v4) Dec 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpholguera cpholguera cpholguera approved these changes

Assignees
No one assigned
Labels
change-mstg
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Saket-taneja @cpholguera