应用内结算API(IAB版本3)的安全性
[英]In-app Billing API (IAB Version 3) Security
问题描述
Right now I'm adding IAB for the first time. 
现在,我是第一次添加IAB。 I've read the documentation, downloaded the sample and it seems to work. 我已经阅读了文档,下载了示例,它似乎可以正常工作。 However, setting things up isn't my problem I want to understand the following two recommendation's by Google which should improve security 但是,设置不是我的问题,我想了解Google的以下两项建议,这些建议可以提高安全性
- Encrypt the public key 加密公钥
If an attacker decompiles my app he can also remove my encrypting-, string-split- or bit shifting- stuff. 如果攻击者对我的应用程序进行反编译,他还可以删除我的加密,字符串拆分或位移比特的东西。
- The Developer Payload 开发人员有效载荷
Same thing here. 这里也是一样。 Actually I can do it the way google has recommended that. 实际上,我可以按照Google推荐的方式来做。 I have the user ID's on my server and can put this to request and compare it afterwards… But I think it's quite easy to remove this logic from code when my app is decompiled. 我的服务器上有用户ID,以后可以将其请求并进行比较……但是,我认为在反编译我的应用程序时,从代码中删除此逻辑非常容易。
I obfuscate my code with Proguard and I always decompile my App before I upload it to Google Play to see if it works and is setup correctly. 我使用Proguard混淆了我的代码,在将其上传到Google Play之前,我总是对其应用程序进行反编译,以查看其是否正常运行并正确设置。 That's why I say that these two recommendations don't bring a big security benefit. 这就是为什么我说这两个建议并没有带来很大的安全利益。
I also know how the private/public key system works. 我也知道私钥/公钥系统的工作方式。 That's why I can say that it is impossible to let my app communicate with a "fake" server without decompiling it. 因此,我可以说,如果不对我的应用程序进行反编译,就无法使其与“假”服务器进行通信。 If Google wouldn't use some kind of async encryption I may understand why I have to check if the response came from a fake server... 如果Google不使用某种异步加密,我可能会理解为什么我必须检查响应是否来自假服务器...
Can you help me understand that? 你能帮我理解吗?
Cheers, Stefan 干杯,斯特凡
1 个解决方案
解决方案1
1 已采纳 2014-01-26 23:23:21
Security is all about tradeoff between invested effort into hacking your app and gained benefit from hacking it. 安全就是在投入大量精力来入侵您的应用程序与从入侵它获得收益之间进行权衡。 If your app costs 99 cents and a hacker needs 3 hours to hack it, and he needs to hack every new version again and again, then it makes no sense to invest his time in hacking it, although he can technically do this. 如果您的应用程序花费99美分,并且黑客需要3个小时来对其进行黑客攻击,并且他需要一次又一次地对每个新版本进行黑客攻击,那么将时间花在对它进行黑客攻击上就没有任何意义,尽管他可以从技术上做到这一点。 Just implement as much security to make your app unattractive target for hackers. 只需实施尽可能多的安全性,使您的应用程序对黑客来说就没有吸引力。
Insecurely stored public key will allow attackers to replace it with own public key easily. 不安全地存储的公钥将使攻击者可以轻松地用自己的公钥替换它。 If your public key is replaced, then your app will successfully validate responses signed by attacker's server. 如果替换了您的公钥,则您的应用程序将成功验证攻击者服务器签名的响应。 That is why you need to make finding and replacement of your public key in the app more difficult. 这就是为什么您需要使在应用程序中查找和替换公钥变得更加困难。
Development Payload. 开发有效载荷。 It is used for protecting your app from the attacks, when an attacker tries to give your app a valid signed response back, which has been already used by another purchase from another user in the past. 当攻击者试图给您的应用一个有效的签名响应时,它用于保护您的应用免受攻击,该响应过去曾被另一位用户的另一次购买所使用。 For instance, I bought an extension of your app in the past and I stored Google Play response in byte form. 例如,我过去购买了您应用的扩展程序,并以字节形式存储了Google Play响应。 If your code cannot differentiate two valid responses from each other, then I can give this response to other users and they can use it for further purchase. 如果您的代码无法区分两个有效的响应,那么我可以将此响应提供给其他用户,他们可以将其用于进一步的购买。 That is why Google suggests to add a development payload, which you can verify when a valid response comes back. 这就是Google建议添加开发有效负载的原因,您可以在需要有效响应时验证该负载。 In a simple case this can be user's e-mail. 在简单的情况下,这可以是用户的电子邮件。 In more complex cases, you need a server, which will generate a string for a user's purchase and store it in a database. 在更复杂的情况下,您需要一台服务器,该服务器将为用户的购买生成一个字符串并将其存储在数据库中。 Later, when response comes back it will validate this response agains that generated string. 稍后,当响应返回时,它将再次验证生成的字符串的响应。
I hope this gives you a better understanding why this is needed. 我希望这可以使您更好地理解为什么需要这样做。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.