undefined | Better HN

0 pointsForbo9y ago0 comments

The scenario I'm imagining is that Google and OWS receive NSLs requiring them to push a modified APK that could do nefarious things.

0 comments

haffenloher9y ago

This is a common misconception: NSLs are a legal tool that can be used to extract certain types of information (such as subscriber information and maybe a little bit of transactional information) that a service provider already has stored on their servers [0]. However, they cannot be used to force a service provider to write and deploy code.

[0] NSLs are not magic - https://www.youtube.com/watch?v=YN_qVqgRlx4&t=20m16s

ForboOP9y ago

He mentions "technical assistance orders" but doesn't really elaborate any more on them. I'm having a difficult time finding any information on these orders, does anyone else have information on the capability of these orders?

ForboOP9y ago

Replying to my own comment, as I found some more information in a Black Hat talk regarding technical assistance orders:

https://youtu.be/PX2RjJAfTYg?t=770

ajamesm9y ago

I was wondering about the extent of NSLs in that regard. Thanks for clarifying.

sliken9y ago

Google can't push a new Signal APK, it's signed by OWS, not google.

3rd parties can download the signal source and compile it. Not sure if there's enough information available to product a bit identical (and thus verifiable binary).

I guess a NSL might compel OWS to push a binary specifically for a targetted user. If that's in your threat model you definitely need to take additional steps.

pfg9y ago

> I guess a NSL might compel OWS to push a binary specifically for a targetted user.

To my (admittedly fairly limited) knowledge, that's something the courts have yet to rule on. They can definitely ask to you give them any data they store about their users (and force you to keep quiet about it), but whether they could force you to develop a backdoor (and ship it to someone) remains to be seen. That's basically what the FBI vs. Apple case was about, which the FBI sadly pulled before courts got to rule on it.

MichaelGG9y ago

So Android checks the APK is signed by the same publisher on update? What about for new users? Nothing stops Google from just changing which package is on Play Store, right? Where does signature validation come in, and how would a user tell?

twr9y ago

> When the system is installing an update to an app, it compares the certificate(s) in the new version with those in the existing version. The system allows the update if the certificates match. If you sign the new version with a different certificate, you must assign a different package name to the app—in this case, the user installs the new version as a completely new app.

https://developer.android.com/studio/publish/app-signing.htm...

If you want to install an update that was signed with a different private key, the app would need to be uninstalled first, which would also delete any sensitive data in private app storage.

This is enforced at the platform framework level, from what I loosely remember of scanning the AOSP source code.

Yes, Google could hijack packages sent to first-time downloaders. That's usually the downside with trust on first use. If the initial download isn't trustworthy, the whole verification scheme falls apart. It would be better off if Android had the APK equivalent of Certificate Transparency. That, and if Google Play made all developer-uploaded APK builds available to users, for awareness.

ajamesm9y ago

Can I just chime in again and say, if your threat model includes an adversary who could compromise the Google Play Store deployment process, then you should be comfortable with validating the SHA hash on your APK binaries.

Android is pretty open about letting you sideload and run binaries, which you can do easily as a non-rooted end user. You can personally GitHub pull & compile the Signal app and you're good to go (w/r/t compromised software download).

x0x09y ago

Google/Apple could also receive a NLS ordering them to write and install a keylogger on your specific device in their next OS update. There's really not much you can do about that.

Borating9y ago

If Signal was federated anyone could write a signal client to openBSD or Alpine Linux.

hkt9y ago

This does somewhat break Signal's security model..

j / k navigate · click thread line to collapse

0 comments

haffenloher9y ago

[0] NSLs are not magic - https://www.youtube.com/watch?v=YN_qVqgRlx4&t=20m16s

ForboOP9y ago

Replying to my own comment, as I found some more information in a Black Hat talk regarding technical assistance orders:

https://youtu.be/PX2RjJAfTYg?t=770

ajamesm9y ago

I was wondering about the extent of NSLs in that regard. Thanks for clarifying.

sliken9y ago

Google can't push a new Signal APK, it's signed by OWS, not google.

3rd parties can download the signal source and compile it. Not sure if there's enough information available to product a bit identical (and thus verifiable binary).

I guess a NSL might compel OWS to push a binary specifically for a targetted user. If that's in your threat model you definitely need to take additional steps.

pfg9y ago

> I guess a NSL might compel OWS to push a binary specifically for a targetted user.

MichaelGG9y ago

twr9y ago

https://developer.android.com/studio/publish/app-signing.htm...

If you want to install an update that was signed with a different private key, the app would need to be uninstalled first, which would also delete any sensitive data in private app storage.

This is enforced at the platform framework level, from what I loosely remember of scanning the AOSP source code.

ajamesm9y ago

x0x09y ago

Google/Apple could also receive a NLS ordering them to write and install a keylogger on your specific device in their next OS update. There's really not much you can do about that.

Borating9y ago

If Signal was federated anyone could write a signal client to openBSD or Alpine Linux.

hkt9y ago

This does somewhat break Signal's security model..

j / k navigate · click thread line to collapse