Skip to content
/ android-security-provider Public

Capacitor plugin with method to check and update the Android Security Provider.

3 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

capacitor-community/android-security-provider

BranchesTags

Repository files navigation


Android Security Provider

@capacitor-community/security-provider

Check and update the Android Security Provider in a Capacitor app.


About

Capacitor plugin with a method to check and update the Android Security Provider.

Android relies on a security Provider to provide secure network communications. However, from time to time, vulnerabilities are found in the default security provider. To protect against these vulnerabilities, Google Play services provides a way to automatically update a device's security provider to protect against known exploits. By calling Google Play services methods, you can help ensure that your app is running on a device that has the latest updates to protect against known exploits.

For example, a vulnerability was discovered in OpenSSL (CVE-2014-0224) that can leave apps open to an on-path attack that decrypts secure traffic without either side knowing. Google Play services version 5.0 offers a fix, but apps must check that this fix is installed. By using the Google Play services methods, you can help ensure that your app is running on a device that's secured against that attack.

Install

npm install @capacitor-community/security-provider
npx cap sync

Usage

import { CapacitorSecurityProvider, SecurityProviderStatus } from '@capacitor-community/security-provider';
...
    const result = await CapacitorSecurityProvider.installIfNeeded();
    if (result.status !== SecurityProviderStatus.Success && result.status != SecurityProviderStatus.NotImplemented) {
        // Do not proceed. The Android Security Provider failed to verify / install.
    }

See Sample Capacitor 5 application that uses this plugin.

API

installIfNeeded()

installIfNeeded() => Promise<{ status: SecurityProviderStatus; }>

Returns: Promise<{ status: SecurityProviderStatus; }>

Enums

SecurityProviderStatus

Members Value Description
Success 'Success' This indicates that the provider was already up to date or was successfully updated
NotImplemented 'NotImplemented' This will occur on iOS and Web as these platforms cannot call the Android Security Provider
GooglePlayServicesRepairableException 'GooglePlayServicesRepairableException' Indicates that Google Play services is out of date, disabled, etc. If this is returned a native dialog will notify and prompt the user to update.
GooglePlayServicesNotAvailableException 'GooglePlayServicesNotAvailableException' Indicates a non-recoverable error; the ProviderInstaller can't install an up-to-date Provider. You should abort running the application.

About

Capacitor plugin with method to check and update the Android Security Provider.

Resources

Readme

Code of conduct

Code of conduct
Activity
Custom properties

Stars

3 stars

Watchers

18 watching

Forks

3 forks
Report repository

Releases 2

v6.0.0 Latest
Apr 16, 2024
+ 1 release

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages