Work in Progress

This repository is a work in progress.

Demo - Device Security in Minutes

This application can be used to demonstrate how easy it is to add self-defense checks using AeroGear to an application.

Requirements

1. Node.js v6.11+
2. npm 5.6+
3. Ionic CLI v3.20.0 (npm install -g [email protected])
4. Android/iOS SDK & Tools
5. Minishift with Mobile Core Addon

Running the Application

Install dependencies first via npm i.

Browser

npm run ionic:serve

Android Emulator

ionic cordova emulate android

iOS Simulator

ionic cordova emulate ios

Steps to Enforce Security

1. Provision the Metrics service on OpenShift into a new or existing project
2. Create an Android/iOS Application in OpenShift and use com.redhat.acmebank as the package name.
3. Bind the Application and Metrics service then copy the resulting configuration to the src folder here and name it mobile-services.json. It should look something like this:

{
  "version": 1,
  "clusterName": "https://192.168.64.23:8443",
  "namespace": "acmebank",
  "clientId": "myapp-android",
  "services": [
    {
      "id": "metrics",
      "name": "metrics",
      "type": "metrics",
      "url": "https://aerogear-app-metrics-acmebank.192.168.64.23.nip.io/metrics",
      "config": {}
    }
  ]
}

4. Add the following AeroGear modules/plugins to this project:
   1. ionic cordova plugin add @aerogear/cordova-plugin-aerogear-security --save
   2. ionic cordova plugin add @aerogear/cordova-plugin-aerogear-metrics --save
   3. npm install @aerogear/app --save
   4. npm install @aerogear/security --save
5. Create a src/services/security.ts file and paste the following content:

import { Injectable } from '@angular/core';
import { SecurityService, SecurityCheckType, SecurityCheck } from '@aerogear/security';

@Injectable()
export class DeviceSecurity {
  private securityService: SecurityService;
  private isBrowser: boolean

  constructor() {
    this.isBrowser = document.URL.indexOf('http') === 0

    if (!this.isBrowser) {
      this.securityService = new SecurityService();

      this.securityService.checkManyAndPublishMetric(
        SecurityCheckType.notDebugMode,
        SecurityCheckType.notRooted,
        SecurityCheckType.notEmulated,
        SecurityCheckType.hasDeviceLock
      );
    }
  }

  private check (check: SecurityCheck) {
    if (this.isBrowser) {
      // Just flag everything as a "pass" in the browser
      return Promise.resolve(true)
    }

    return this.securityService.check(check)
      .then(check => check.passed)
  }

  isRooted() {
    return this.check(SecurityCheckType.notRooted)
      // invert result since isRooted should be true if the check returns false
      .then((pass) => !pass)
  }

  isDeviceLockEnabled() {
    return this.check(SecurityCheckType.hasDeviceLock)
  }
}

6. In app.component.ts add the following import and initialise the SDK before platform.ready():

// Add this to the top of the file
import { init } from '@aerogear/app';

// Necessary to prevent compiler warnings
declare var require: any

// Initialise the mobile services SDK
let appConfig = require('../mobile-services.json');
init(appConfig);

7. In login.ts add the following snippets:

   1. import { DeviceSecurity } from '../../services/security'
   2. private sec: DeviceSecurity to the constructor
   3. ionViewDidEnter() {} to the class

8. Add the following code in the ionViewDidEnter() function you created:

this.sec.isRooted()
  .then((rooted) => {
    if (rooted) {
      let alert = this.alertCtrl.create({
        title: 'Insecure Device',
        subTitle: 'We detected that this device is rooted. Running as root increases the likelihood of your device being compromised by malicious software that is designed to steal passwords and financial information. Continued use of this application is done so at your own risk.',
        buttons: ['OK']
      });

      alert.present();
    }
  })

9. In login.ts update the onPersistChange() function like so:

this.sec.isDeviceLockEnabled()
  .then((lockEnabled) => {
    if (!lockEnabled) {
      let alert = this.alertCtrl.create({
        title: 'Device Lock Required',
        subTitle: 'The "Stay Logged In" feature requires a device lock to be enabled. Update your device security settings and try again.',
        buttons: ['OK']
      });

      alert.present();

      // Don't allow the checkbox to be checked
      this.persistentLogin = false
    }
  })

10. Finally update app.module.ts by adding:
    1. import { DeviceSecurity } from '../services/security'; at the top
    2. DeviceSecurity to the providers Array in the @NgModule block

Icon Credits

Icons made by Roundicons from www.flaticon.com are licensed by CC 3.0 BY

Icons made by Freepik from www.flaticon.com are licensed by CC 3.0 BY

Icons made by Pixel Buddha from www.flaticon.com are licensed by CC 3.0 BY