Dev platform
2018
End-to-end encryption for remote debugging tool
AppSpector is a remote debugging tool for iOS and Android applications. Developers add AppSpector's SDK to their apps, then SDK collects app-specific data, transfers it to the AppSpector side and allows developers to monitor and alter app behaviour from any place in the world, using web interface. To satisfy the privacy demands of enterprise customers and comply with industry regulations, AppSpector required a complete sensitive data lifecycle protection, encrypting the data using end-to-end encryption within the scope of each application.
The business need was not limited to implementation of data protection in general, but to guarantee isolation and strict access control: AppSpector doesn't have access to customers' application data, neither can customers get access to other customers' data.
Industry
B2B solution for software engineering teams
Technology stack
iOS
Android
Electron
PostgreSQL
Regulations
GDPR
Encryption Export Regulations
Android privacy policy guidance
Technology requirements
Data security and isolation
Protection and isolation of customers' data and compliance with data privacy regulations (GDPR, App Store safety guidelines, Security and privacy policy for Android apps).
Protect the data from mobile SDK to dashboard
Data protection throughout the whole data flow of the system (Android SDK, iOS SDK, Electron app, web backend) with similar security controls to provide stronger security and better maintainability.
Easy to maintain encryption engine
Easy to maintain encryption engine, which can be maintained and updated by non-cryptographers without the risk of breaking cryptography, giving AppSpector team flexibility to introduce changes.
Challenges
Different types of sensitive data
AppSpector system operates on multiple types of data: user data, data generated from devices, data generated in monitoring dashboard. All these data types are processed in different infrastructural components, all of which require protection.
Multi-device synchronisation
Mobile users own multiple devices, some of them online, and some are offline at different moments, which requires careful synchronisation of encrypted data and keys.
Numerous data sources
App-specific data can contain personal user data, upcoming application features, logs, data from internal database and Keychain/KeyStore, screenshots.
Customer's data isolation and insider risks
Data protection should isolate customers' data in shared environments from each other, yet allow users to have access to multiple teams and applications. The security solution should protect customers' data from insiders and outside attackers.
Solution
We have designed the architecture for secure data flow based on our open-source cryptographic library Themis, SDKs from Acra data security suite, applicable usability and security considerations, regulations and industry standards (mentioned above, and FAIR, OWASP MASVS, OWASP ASVS).
Security risk management and risk assessment:
- We've defined the data flow, built risk and threat models aligned with security needs, product development, and business plans.
- For each class of data (users' data, app-specific data, control commands from monitoring dashboard to application SDK), we've defined risks and appropriate security measures.
- Isolation & compartmentalisation: we've isolated the application data and users' data on the infrastructure level using ACLs and encryption keys.
We've designed end-to-end encryption engine that has the following properties:
- Each data blob collected from mobile SDK is encrypted before leaving a mobile device and is processed in an encrypted form through the system, being only decrypted in the Electron app after successful user authentication.
- Each data blob collected from the mobile SDK is encrypted by a unique encryption key using Themis library (using AES-GCM-256).
- To protect real-time debugging sessions, Dashboard application and mobile app create Secure Session channel that provides an extra encryption layer (ECC+AES), mutual peer authentication, and replay protection.
- The security system is smoothly integrated into the user flow: accessing the device sessions is as easy as entering a passphrase.
Products and services involved
Themis, a cross-platform crypto library
We used cryptographic library Themis as a building block for transport layer encryption on application level, relying on its interoperability among required platforms and OSs.
Read more
Acra, a database security suite
Acra's cryptographic design allows to separate encryption and decryption to different parts of the system while storing data in encrypted format and providing easy-to-maintain key managements procedures.
Read more
Cryptography engineering
We've designed the end-to-end encryption protocol, assisted with its implementation and verification.
Read more
Security engineering
We've improved platform-specific security controls for data protection outside of end-to-end encryption scope.
Read more
Results and outcomes
Our solution satisfies security requirements, isolates and protects sensitive data on different levels, and uses end-to-end encryption and traditional security controls.
The security system went through mobile and Electron platforms and was released simultaneously. Our engineers worked closely with AppSpector engineers, designing the cryptographic layer, assisting with implementation, suggesting and verifying security controls.
Deep integration of the security layer allowed AppSpector to target large enterprise customers and security-conscious users and distinguish their product from competitors.
Extend what's possible with custom solutions
We help you focus on serving your customers better, while relieving your team from security engineering pains and making your users confident that their data is safe with you.
