September, 2015 is when the launch of BoringSSL, is declared to be with Android M, by Google in I/O . However, the understanding and analysis of the kind of changes BoringSSL will bring for existing Android apps are already spreading. It is expected to bring death news for the current apps on Android.
Google developed their own fork of OpenSSL, that is BoringSSL. Till now OpenSSL was the cryptography library, being used widely. But the Heartbleed vulnerability made everyone to think. Following the attention, Android decided to move from OpenSSL to BoringSSL in the AOSP.
WWDC has left a lot to look forward to but before that came Google hosted I/O, with the news of BoringSSL and predictions associated with it. Here are the changes that the shift from OpenSSL to BoringSSL, will bring.
While the BoringSSL is a good sign for the users, making sure their data remains secure at all costs, it produces a difficult time for the apps that are running freely under the rule of OpenSSL.
So if your apps are mistakenly linking to the old cryptography library (libcrypto.so or libssl.so), which is not a part of Android NDK API, it is likely to crash in the new OS, Android M.
So it’s time to modify your native code
- “Include the libssl.so and/or libcrypto.so libraries in your APK. You can include these files directly or statically link your native code with OpenSSL or another crypto library.”
- “Use JNI from your native code to call into the Java crypto API.”
These two methods are given by SourceDNA and cited by ProgrammableWeb.
SourceDNA has its own product named Searchlight. Registration to this will alert you if your app is one of those thousands to crash when Android M gets launched or will survive after all. Searchlight also suggests how to make the app survive and mentions a few changes in the code as BoringSSL mentions (http://bit.ly/1KNntxS).
While Android M and BoringSSL combined do pose issues for the app industry, it is also a consolation for smartphone and app users, making sure their data doesn’t leak and proper security is maintained. This is an opportunity in one way, wherein you can standardise your app.
While this news is making you get up from your seats and pace around the room, in the worry for your app, we are here to provide you with the solution. Whichever the app, wherever it has been made; we can make it Android M and BoringSSL friendly. Don’t let your app get killed ruthlessly. Update it now!
LET'S TALK VALIDATE YOUR IDEA!