Android 依赖于安全 Provider 来提供安全的网络通信。但是,有时会在默认安全提供商中发现漏洞。为防范这些漏洞,Google Play 服务 提供了一种方法来自动更新设备的安全提供商,以防范已知的漏洞。通过调用 Google Play 服务方法,您可以帮助确保您的应用在安装了最新更新以防范已知漏洞的设备上运行。
例如,在 OpenSSL 中发现了一个漏洞(CVE-2014-0224),该漏洞可能使应用容易受到路径攻击,该攻击可以在任何一方不知情的情况下解密安全流量。Google Play 服务 5.0 版提供了解决方案,但应用必须检查此修复程序是否已安装。通过使用 Google Play 服务方法,您可以帮助确保您的应用在针对该攻击安全的设备上运行。
注意:更新设备的安全 Provider 不会更新 android.net.SSLCertificateSocketFactory,它仍然存在漏洞。我们建议应用开发者不要使用此已弃用的类,而是使用与加密交互的高级方法,例如 HttpsURLConnection。
使用 ProviderInstaller 修补安全提供商
要更新设备的安全提供商,请使用 ProviderInstaller 类。您可以通过调用该类的 installIfNeeded()(或 installIfNeededAsync())方法来验证安全提供商是否已更新(如有必要,则更新它)。本节在高级别上描述了这些选项。以下各节提供了更详细的步骤和示例。
当您调用 installIfNeeded() 时,ProviderInstaller 会执行以下操作:
- 如果设备的
Provider已成功更新(或已更新),则该方法将返回而不会引发异常。 - 如果设备的 Google Play 服务库已过期,则该方法将引发
GooglePlayServicesRepairableException。然后,应用可以捕获此异常并向用户显示适当的对话框以更新 Google Play 服务。 - 如果发生不可恢复的错误,则该方法将引发
GooglePlayServicesNotAvailableException以指示它无法更新Provider。然后,应用可以捕获异常并选择适当的处理方法,例如显示标准的 修复流程图。
installIfNeededAsync() 方法的行为类似,不同之处在于它不会引发异常,而是调用相应的回调方法以指示成功或失败。
如果安全提供商已更新,installIfNeeded() 将花费可忽略不计的时间。如果该方法需要安装新的 Provider,这可能需要 30-50 毫秒(在较新的设备上)到 350 毫秒(在较旧的设备上)。为避免影响用户体验:
- 在后台网络线程加载后立即调用
installIfNeeded(),而不是等待线程尝试使用网络。(多次调用此方法没有坏处,因为如果安全提供商不需要更新,它会立即返回。) - 如果用户体验可能会受到线程阻塞的影响(例如,如果调用来自UI线程中的活动),请调用该方法的异步版本
installIfNeededAsync()。(如果您这样做,则需要等待操作完成才能尝试任何安全通信。ProviderInstaller会调用您的侦听器的onProviderInstalled()方法来发出成功信号。)
警告:如果ProviderInstaller 无法安装更新的Provider,则您的设备的安全提供程序可能容易受到已知漏洞的攻击。您的应用应该表现得好像所有HTTP通信都是未加密的。
更新Provider 后,所有对安全 API(包括 SSL API)的调用都将通过它进行路由。(但是,这并不适用于android.net.SSLCertificateSocketFactory,它仍然容易受到诸如 CVE-2014-0224之类的漏洞的攻击。)
同步修补
修补安全提供程序的最简单方法是调用同步方法installIfNeeded()。如果在等待操作完成时线程阻塞不会影响用户体验,则此方法适用。
例如,这是一个更新安全提供程序的 worker 的实现。由于 worker 在后台运行,因此线程在等待安全提供程序更新时阻塞是可以的。worker 调用installIfNeeded() 来更新安全提供程序。如果方法正常返回,则 worker 知道安全提供程序是最新的。如果方法抛出异常,则 worker 可以采取适当的操作(例如,提示用户更新 Google Play 服务)。
Kotlin
/** * Sample patch Worker using {@link ProviderInstaller}. */ class PatchWorker(appContext: Context, workerParams: WorkerParameters): Worker(appContext, workerParams) { override fun doWork(): Result { try { ProviderInstaller.installIfNeeded(context) } catch (e: GooglePlayServicesRepairableException) { // Indicates that Google Play services is out of date, disabled, etc. // Prompt the user to install/update/enable Google Play services. GoogleApiAvailability.getInstance() .showErrorNotification(context, e.connectionStatusCode) // Notify the WorkManager that a soft error occurred. return Result.failure() } catch (e: GooglePlayServicesNotAvailableException) { // Indicates a non-recoverable error; the ProviderInstaller can't // install an up-to-date Provider. // Notify the WorkManager that a hard error occurred. return Result.failure() } // If this is reached, you know that the provider was already up to date // or was successfully updated. return Result.success() } }
Java
/** * Sample patch Worker using {@link ProviderInstaller}. */ public class PatchWorker extends Worker { ... @Override public Result doWork() { try { ProviderInstaller.installIfNeeded(getContext()); } catch (GooglePlayServicesRepairableException e) { // Indicates that Google Play services is out of date, disabled, etc. // Prompt the user to install/update/enable Google Play services. GoogleApiAvailability.getInstance() .showErrorNotification(context, e.connectionStatusCode) // Notify the WorkManager that a soft error occurred. return Result.failure(); } catch (GooglePlayServicesNotAvailableException e) { // Indicates a non-recoverable error; the ProviderInstaller can't // install an up-to-date Provider. // Notify the WorkManager that a hard error occurred. return Result.failure(); } // If this is reached, you know that the provider was already up to date // or was successfully updated. return Result.success(); } }
异步修补
更新安全提供程序最多可能需要 350 毫秒(在较旧的设备上)。如果您在直接影响用户体验的线程(例如 UI 线程)上执行更新,则不应进行同步调用来更新提供程序,因为这可能导致应用程序或设备冻结,直到操作完成。相反,请使用异步方法installIfNeededAsync()。该方法通过调用回调来指示其成功或失败。
例如,以下是一些在 UI 线程中的活动中更新安全提供程序的代码。该活动调用installIfNeededAsync() 来更新提供程序,并将其自身指定为侦听器以接收成功或失败通知。如果安全提供程序是最新的或已成功更新,则会调用该活动的 onProviderInstalled() 方法,并且该活动知道通信是安全的。如果无法更新提供程序,则会调用该活动的 onProviderInstallFailed() 方法,并且该活动可以采取适当的操作(例如,提示用户更新 Google Play 服务)。
Kotlin
private const val ERROR_DIALOG_REQUEST_CODE = 1 /** * Sample activity using {@link ProviderInstaller}. */ class MainActivity : Activity(), ProviderInstaller.ProviderInstallListener { private var retryProviderInstall: Boolean = false // Update the security provider when the activity is created. override fun onCreate(savedInstanceState: Bundle?) { super.onCreate(savedInstanceState) ProviderInstaller.installIfNeededAsync(this, this) } /** * This method is only called if the provider is successfully updated * (or is already up to date). */ override fun onProviderInstalled() { // Provider is up to date; app can make secure network calls. } /** * This method is called if updating fails. The error code indicates * whether the error is recoverable. */ override fun onProviderInstallFailed(errorCode: Int, recoveryIntent: Intent) { GoogleApiAvailability.getInstance().apply { if (isUserResolvableError(errorCode)) { // Recoverable error. Show a dialog prompting the user to // install/update/enable Google Play services. showErrorDialogFragment(this@MainActivity, errorCode, ERROR_DIALOG_REQUEST_CODE) { // The user chose not to take the recovery action. onProviderInstallerNotAvailable() } } else { onProviderInstallerNotAvailable() } } } override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent) { super.onActivityResult(requestCode, resultCode, data) if (requestCode == ERROR_DIALOG_REQUEST_CODE) { // Adding a fragment via GoogleApiAvailability.showErrorDialogFragment // before the instance state is restored throws an error. So instead, // set a flag here, which causes the fragment to delay until // onPostResume. retryProviderInstall = true } } /** * On resume, check whether a flag indicates that the provider needs to be * reinstalled. */ override fun onPostResume() { super.onPostResume() if (retryProviderInstall) { // It's safe to retry installation. ProviderInstaller.installIfNeededAsync(this, this) } retryProviderInstall = false } private fun onProviderInstallerNotAvailable() { // This is reached if the provider can't be updated for some reason. // App should consider all HTTP communication to be vulnerable and take // appropriate action. } }
Java
/** * Sample activity using {@link ProviderInstaller}. */ public class MainActivity extends Activity implements ProviderInstaller.ProviderInstallListener { private static final int ERROR_DIALOG_REQUEST_CODE = 1; private boolean retryProviderInstall; // Update the security provider when the activity is created. @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); ProviderInstaller.installIfNeededAsync(this, this); } /** * This method is only called if the provider is successfully updated * (or is already up to date). */ @Override protected void onProviderInstalled() { // Provider is up to date; app can make secure network calls. } /** * This method is called if updating fails. The error code indicates * whether the error is recoverable. */ @Override protected void onProviderInstallFailed(int errorCode, Intent recoveryIntent) { GoogleApiAvailability availability = GoogleApiAvailability.getInstance(); if (availability.isUserRecoverableError(errorCode)) { // Recoverable error. Show a dialog prompting the user to // install/update/enable Google Play services. availability.showErrorDialogFragment( this, errorCode, ERROR_DIALOG_REQUEST_CODE, new DialogInterface.OnCancelListener() { @Override public void onCancel(DialogInterface dialog) { // The user chose not to take the recovery action. onProviderInstallerNotAvailable(); } }); } else { // Google Play services isn't available. onProviderInstallerNotAvailable(); } } @Override protected void onActivityResult(int requestCode, int resultCode, Intent data) { super.onActivityResult(requestCode, resultCode, data); if (requestCode == ERROR_DIALOG_REQUEST_CODE) { // Adding a fragment via GoogleApiAvailability.showErrorDialogFragment // before the instance state is restored throws an error. So instead, // set a flag here, which causes the fragment to delay until // onPostResume. retryProviderInstall = true; } } /** * On resume, check whether a flag indicates that the provider needs to be * reinstalled. */ @Override protected void onPostResume() { super.onPostResume(); if (retryProviderInstall) { // It's safe to retry installation. ProviderInstaller.installIfNeededAsync(this, this); } retryProviderInstall = false; } private void onProviderInstallerNotAvailable() { // This is reached if the provider can't be updated for some reason. // App should consider all HTTP communication to be vulnerable and take // appropriate action. } }