On Mon, Nov 30, 2015 at 7:34 AM, Mark Murphy <[email protected]>
wrote:
> My apologies if this is not the right place to ask these questions (in
> which case, I'd appreciate a pointer to a better spot).
>
> First, thanks to all who presented at the Android Developer Summit last
> week!
>
> The previewed Instant Run feature of Android Studio 2.0 seems cool. From
> a security standpoint, I am worried about the implementation. Based on
> the Summit presentations, an Instant Run app has a server listening for
> outside commands to cause it to load in replacement classes and
> resources. Such a server represents a very powerful attack surface.
>
> How is this server being implemented, to ensure that the only accepted
> commands are coming from an active development session from adb on an
> authorized developer machine? For example, what's to stop another app on
> the test device from sending commands to this server? Many developers
> use personal hardware for testing, as they lack the budget for dedicated
> test hardware.
>
The IDE and the app have a shared secret (baked into the app, and the IDE
can look it up by consulting the build directory) that the IDE has to
provide as part of the message protocol when supplying patches (code,
resources). This isn't fully hooked up yet but will be soon.
Also, how can distribution channels detect an Instant Run-augmented APK?
>
The easiest way is to to inspect the apk's manifest (e.g. via aapt dump
xmltree) and see if it's pointing to the instant run bootstrap application:
$ aapt dump xmltree ./app/build/outputs/apk/app-debug.apk
AndroidManifest.xml | grep com.android.tools.fd.runtime.BootstrapApplication
A:
android:name(0x01010003)="com.android.tools.fd.runtime.BootstrapApplication"
(Raw: "com.android.tools.fd.runtime.BootstrapApplication")
> I presume that it will be difficult to somehow ship an APK with the
> Instant Run server embedded in it.
The Gradle plugin only injects this stuff for debug variants.
-- Tor
> However, Android developers are a
> very creative bunch of folks, where "difficult" is something that they
> do twice before breakfast. :-) If I were running an app distribution
> channel, I would want to scan APKs and ensure that the Instant Run's
> server isn't in there, as there is no obvious reason for this to be in a
> production APK and there's no point in running the Instant Run server
> unnecessarily.
>
> Thanks!
>
> --
> Mark Murphy (a Commons Guy)
> https://commonsware.com | https://github.com/commonsguy
> https://commonsware.com/blog | https://twitter.com/commonsguy
>
> --
> You received this message because you are subscribed to the Google Groups
> "adt-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"adt-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
