AppSpector is a remote debugging tool for iOS and Android applications. Developers add AppSpector’s SDK to their apps, then SDK collects app-specific data, transfers it to the AppSpector side and allows developers to monitor and alter app behaviour from any place in the world, using web interface. To satisfy the privacy demands of enterprise customers and comply with industry regulations, AppSpector required a complete sensitive data lifecycle protection, encrypting the data using end-to-end encryption within the scope of each application.
The business need was not limited to implementation of data protection in general, but to guarantee isolation and strict access control: AppSpector doesn't have access to customers' application data, neither can customers get access to other customers' data.
Products and services involved
We've designed the end-to-end encryption protocol, assisted with implementation and verification.
We've improved platform-specific security controls for data protection outside of end-to-end encryption scope.
Themis is a cross-platform high-level open-source cryptographic library. We used Themis as a building block for cryptographic protocol, relying on its interoperability among required platforms and OSs.
We've used Acra's components to encrypt data inside SDK and to decrypt it in Electron app. Acra's cryptographic design allows to separate encryption and decryption to different parts of the system while having easy-to-maintain key managements procedures.
Data protection throughout the whole data flow of the system (Android SDK, iOS SDK, Electron app, web backend) with similar security controls to provide stronger security and better maintainability.
Easy to maintain encryption engine, which can be maintained and updated by non-cryptographers without the risk of breaking cryptography, giving AppSpector team flexibility to introduce changes.
AppSpector system operates on multiple types of data: user data, data generated from devices, data generated in monitoring dashboard. All these data types are processed in different infrastructural components, all of which require protection.
App-specific data can contain personal user data, upcoming application features, logs, data from internal database and Keychain/KeyStore, screenshots.
Data protection should isolate customers' data in shared environments from each other, yet allow users to have access to multiple teams and applications.
Mobile users own multiple devices, some of them online, and some are offline at different moments, which requires careful synchronisation of encrypted data and keys.
The security solution should protect customers’ data from insiders and outside attackers.
We have designed the architecture for secure data flow based on our open-source cryptographic library Themis, components from Acra data security suite, applicable usability and security considerations, regulations and industry standards (mentioned above, and FAIR, OWASP MASVS, OWASP ASVS).
Security risk management and risk assessment:
We’ve defined the data flow, built risk and threat models aligned with security needs, product development, and business plans.
For each class of data (users' data, app-specific data, control commands from monitoring dashboard to application SDK), we’ve defined risks and appropriate security measures.
Isolation & compartmentalisation: we’ve isolated the application data and users' data on the infrastructure level using ACLs and encryption keys.
We’ve designed end-to-end encryption engine that has the following properties:
Each data blob collected from mobile SDK is encrypted before leaving a mobile device and is processed in an encrypted form through the system, being only decrypted in the Electron app after successful user authentication.
Each data blob collected from the mobile SDK is encrypted by a unique encryption key using Themis library (using AES-GCM-256 with KDF).
To protect real-time debugging sessions, Dashboard application and mobile app create Secure Session channel that provides an extra encryption layer (ECC+AES), mutual peer authentication, and replay protection.
The security system is smoothly integrated into the user flow: accessing the device sessions is as easy as entering a passphrase.
Our solution provides strong security guarantees, isolates and protects sensitive data on different levels, uses a combination of end-to-end encryption and traditional security controls, and is fully integrated into the AppSpector application flow without affecting the user experience.
Security solution is released simultaneously on mobile and Electron platforms. Our engineers worked closely with AppSpector team, designing cryptographic protocol, helping with implementation, suggesting security improvements and verifying the resulting solution. Deep integration of security controls allowed AppSpector team to target large enterprise customers and security-conscious users, and distinguish their product from competitors.