/android-showcase-template

Showcase template app for the AeroGear Android SDK

Primary LanguageJavaApache License 2.0Apache-2.0

API Known Vulnerabilities

Secure Native Android Template

A Native Android Application that demonstrates Secure Mobile Development Practises.

For more information, please check the Mobile Security Project.

Binary Scanning with Kryptowire

Everytime when a PR is merged to master, the build script will automatically push the built binary to Kryptowire for security scanning.

Features

  • OpenID Connect Authentication

  • Mobile Access Control

  • Client Cert Authentication

  • Certificate Pinning

  • Code Obfuscation (with Proguard)

  • Secure Data Storage

  • Device Trust Checks (Root Access, Emulator Access etc)

  • 2FA with OTP (via Keycloak)

  • Authentication Brute Force Detection (via Keycloak)

  • Account Lockout Policies (via Keycloak)

  • Authentication/Access Control Auditing & Logging (via Keycloak)

  • Authenticated Calls to Protected Endpoints (via Keycloak)

Run Showcase

The master branch will always track to the latest release of the SDK.

To run the showcase app

git clone git@github.com:aerogear/android-showcase-template.git

Open showcase app in Android Studio and select the build variant release or debug to run the showcase with the latest release, or select build variant local to run the show case with a locally installed version of the SDK

Build Instructions

For full build instructions please take some time to read our Contributing Guide

Work with Different Backend Services

By default the app will use the backend services that are running on a dedicated OpenShift cluster for demonstration purpose.

You can also configure the app to run against different backend services:

Keycloak Configuration

The Keycloak configuration is saved in the mobile-services.json file.

Code
link:https://raw.githubusercontent.com/aerogear/android-showcase-template/master/app/src/main/assets/mobile-services.json[role=include]

Cert Pinning Configuration

If you are using HTTPS, update the certificate pinning configuration in network_security_config.xml file

To generate the hash value of the certificate, you can use this command:

openssl s_client -servername <hostname> -connect <hostname:port> | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64

If you are using self-signed certificate, follow the instructions in the next section.

Work with Self-signed Certificate

By default, the app will not work with self-signed certificate due to security reasons. However, to help with local development, you may need to support it. Here are the steps you can follow:

  1. Get the CA certificate of the server. You can use this command:

    openssl s_client -showcerts -connect host:port

    It will print out the full certificate chain of the server and you should save the content of the root certificate into a file.

  2. Add the CA certificate to the project. It should be placed in app/src/main/res/raw.

  3. Update the network_security_config.xml file to add the extra trust anchor like this:

    <domain-config>
...
  <trust-anchors>
    <certificates src="@raw/ca"/>
  </trust-anchors>
...
</domain-config>

    The file name should match the name of the CA certificate file.