datenanfragen / mobile-app Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Now that I've started working on implementing the mobile version of the app using Capacitor, I have noticed a few things that concern me w/r/t security.
For Electron, essentially the big revelation in terms of security was the concept of context isolation. In the initial versions and with Node integration, all privileged APIs were simply made available through the window
object. While this allowed for great developer ergonomics, it also meant that every XSS vulnerability could be turned into full RCE for free. These days, if you follow the recommendations in the docs, you have a strict separation between the privileged main process and the renderer processes. If someone manages to achieve XSS in your app, they are constrained to the renderer process and can only access the APIs that you explicitly make available. This makes it quite easy to severely restrict the attack surface and effectively limit the damage that can be done through an XSS vector. (I'm somewhat oversimplifying here, but I do think that this is a fair summary for our purposes here.)
This evolution doesn't seem to have taken place in the Cordova/Capacitor ecosystem. There doesn't seem to be any isolation between the content process and the privileged APIs. If you look at the window
(and window.navigator
) through the Chrome remote dev tools, you can see also sorts of dangerous-looking stuff.
The only reference I have found for this issue at all, is this post from 2017 talking about Cordova: https://research.securitum.com/security-problems-of-apache-cordova-steal-the-entire-contents-of-the-phone_s-memory-card-with-one-xss/
That is pretty much the exact issue I'm concerned about and the response from the maintainers wasn't great:
The Apache security team was informed about the behavior before the publication of the article. Apache will not make corrections to Cordova, as it is the developer that is responsible for the security of the application.
Capacitor does have security docs but those (as well as all of the other blog posts on the topic I've found) don't go into this isolation problem at all, they mostly talk about stuff like not embedding API keys in the app, using HTTPS, problems of deep links, etc.
They do however also mention that you should use a secure CSP. That should be enough to effectively mitigate any XSS vulnerabilities that we might have. At least, I can't think of any way an attacker could still get access to the privileged functions with a secure CSP, so this might not actually be too much of a problem for us. But I'm not sure.
To build a mobile app for Datenanfragen.de, we have decided to use React Native. The question now is how we want to do that, especially with regards to sharing code between the existing https://github.com/datenanfragen/website and the new mobile app.
<View>
, <Text>
, etc.).This essentially leaves us with three options:
website
in React Native. I'm quite strongly opposed to that.website
into one or more libraries but write a separate UI for React Native.I'm leaning quite strongly towards option 3. My reasoning:
website
isn't built as a pure Preact app, we have quite a bit of code in Hugo templates that we wouldn't be able to use anyway.letter-generator
).A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.