Posted past times Giles Hogben, Privacy Engineer together with Milinda Perera, Software Engineer
Developers already utilisation HTTPS to communicate alongside Firebase Cloud Messaging (FCM). The channel betwixt FCM server endpoint together with the device is encrypted alongside SSL over TCP. However, messages are non encrypted end-to-end (E2E) betwixt the developer server together with the user device unless developers accept especial measures.
To this end, nosotros advise developers to utilisation keys generated on the user device to encrypt force messages end-to-end. But implementing such E2E encryption has historically required pregnant technical cognition together with effort. That is why nosotros are excited to denote the Capillary opened upward origin library which greatly simplifies the implementation of E2E-encryption for force messages betwixt developer servers together with users' Android devices.
We also added functionality for sending messages that tin solely live decrypted on devices that gain got of late been unlocked. This is designed to back upward decrypting messages on devices using File-Based Encryption (FBE): encrypted messages are cached inward Device Encrypted (DE) storage together with message decryption keys are stored inward Android Keystore, requiring user authentication. This allows developers to specify messages alongside sensitive content, that rest encrypted inward cached bird until the user has unlocked together with decrypted their device.
The library handles:
- Crypto functionality together with telephone substitution management across all versions of Android dorsum to KitKat (API bird 19).
- Key generation together with registration workflows.
- Message encryption (on the server) together with decryption (on the client).
- Integrity protection to preclude message modification.
- Caching of messages received inward unauthenticated contexts to live decrypted together with displayed upon device unlock.
- Edge-cases, such equally users adding/resetting device lock later on installing the app, users resetting app storage, etc.
The library supports both RSA encryption alongside ECDSA authentication together with Web Push encryption, allowing developers to re-use existing server-side code developed for sending E2E-encrypted Web Push messages to browser-based clients.
Along alongside the library, nosotros are also publishing a testify app (at last, the Google privacy squad has its ain messaging app!) that uses the library to post E2E-encrypted FCM payloads from a gRPC-based server implementation.
What it's not
- The opened upward origin library together with testify app are non designed to back upward peer-to-peer messaging together with telephone substitution exchange. They are designed for developers to post E2E-encrypted force messages from a server to 1 or to a greater extent than devices. You tin protect messages betwixt the developer's server together with the goal device, only non conduct betwixt devices.
- It is non a comprehensive server-side solution. While heart together with someone crypto functionality is provided, developers volition take away to suit parts of the sample server-side code that are specific to their architecture (for example, message composition, database storage for populace keys, etc.)
You tin discovery to a greater extent than technical details describing how we've architected together with implemented the library together with testify here.
