Android App Security Review
FlowCrypt has once again partnered with the offensive security firm Cure53. This time they condacted an audit of our Android application. Thanks to our positive past experiences with Cure53, we were excited to learn what exploits they would uncover in our app, so we could protect our users and patch the weaknesses quickly. As expected, Cure53 didn’t disappoint us, and they identified several exploits that we’ve since patched!
So, what did they find?
Unencrypted cache exposes plaintext emails
The local app cache contained raw MIME messages from the emails viewed in the app. We fixed this by encrypting the messages in the cache. Additionally, we added a feature expiring cached messages after a certain time period.
HTTP leaks via style attribute on em tag
Senders could include an em
tag that used an inline style to call an attacker controlled URL, thus exposing the recipient’s IP address and request headers (for instance, including user agent).
To prevent this, we forbid network requests via WebView settings, and for added robustness, we’ll soon be adding a Content Security Policy(CSP) that would also mitigate this risk.
Arbitrary file-write via attachments
Attachment filenames were not sanitized, allowing an attacker to traverse directories and overwrite arbitrary files on the recipient’s system. This is by far the most severe vulnerability uncovered in the report, and we’re grateful that Cure53 found it rather than a malicious actor. The fix was easy; we just had to sanitize filenames.
Overly large public keys lead to Denial-of-Service
We didn’t limit the size of imported keys and the number of included identities. This allowed absurdly large keys, which caused a persistent Denial-of-Service in the application. To prevent this, we’ve implemented a size limit for public keys that is still very generous.
Missing config allows MitM attacks for SMTP/IMAP
This critical vulnerability was possible because the app didn’t verify the SSL certificates of encrypted connections, allowing attackers to run Man-in-the-Middle attacks against users. We now verify certificates to prevent this kind of attack.
Vulnerability assessment summary
All of the fixes above were confirmed by Cure53 prior to the publication of the report.
FlowCrypt’s partnerships with offensive security firms will continue as we strive to make our applications as secure as possible for our users. We pay researchers to find bugs before the attackers do.