Smart Lock Android Application

leedvs123 · 2019-02-20 21:01:12 UTC

How do you create an android application to communicate with the electric imp? We have developed the agent and device code for the lock and just need it to communicate to an Android application. I was also curious if additional encryption will be needed on the Android application since the imp has a secure cloud service provided?

hugo · 2019-02-20 23:40:29 UTC

That’s a pretty broad question, and will depend on your threat models, but generally on Android you have to assume that there can be no secrets within the apps or the filesystem - decompilers for APK files are pretty good at finding this sort of thing, and there are plenty of rooted phones.

How is your system going to work? App talking to your servers, which then talk to the imp agent, or app talking directly to the imp agent?

Either way, you’re likely to want to secure your agent interface. Some methods to do that are detailed here: https://developer.electricimp.com/resources/agentsecurity - method 1 is the recommended one, with your app generating a unique request signing key at time of device configuration, and sharing it with the agent (and possibly your servers). From that point, any request to the agent will need to be signed with this key - if an attacker doesn’t have the key, they can’t validate requests. Unless the attacker saw the initial setup traffic, them seeing the requests doesn’t help them generate other valid requests, because they don’t know the key - just the signature.

Making the message include a counter, and having the agent only accept signed requests with a higher counter value than the last valid request, will prevent simple replay attacks - eg if a proxy on the phone is capturing outbound requests to the agent - but there are classes of MITM that could still be problematic (proxy captures a user’s attempt to unlock, but prevents it getting to the server; attacker then replays this to the agent at a later date - works if the user hasn’t successfully unlocked in the intermediate time)

Of course, if someone has access to the phone, they can access this secret and generate valid requests. You may want to encrypt this secret in the phone storage, but given an app decompiler, you’re just slowing an attacker down - not stopping them.

The key thing here is to ensure that every device has a unique signing key. Methods 3/4/5 may work ok for requests from a secure server to the agent, but are not a good idea for a phone app.

hugo · 2019-02-20 23:41:40 UTC

If you’re a commercial customer, you can also file a support ticket and detail more of your requirements and we can give a more tailored answer…

smittytone · 2019-02-21 12:39:19 UTC

Additionally, this cookbook recipe shows the basics of setting up an API in your agent through which the app (directly or via a server) can communicate.

An easier and more sophisticated approach is to use our Rocky library, which was designed specifically to allow customers to create powerful agent-served APIs. This example of serving a web UI from an agent shows Rocky in action, as does this Apple Watch example (wrong mobile OS, but you’ll get the imp-side picture).