search

AndroidVTS / android-vts

Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.
Other
1.02k stars 272 forks source link

Check for update using the github API #105

Closed SandroMachado closed 8 years ago

SandroMachado commented 8 years ago

Since the application was removed from the Google Play Store, a new method to warn the users that a new version of the application is available should be created.

Using the Github API it is possible to get the releases information and we can use that to query for the latest build and check if the app is already on that build. If not, prompt the user to update to the most updated release.

curl -i https://api.github.com/repos/nowsecure/android-vts/releases/latest

{
  "url": "https://api.github.com/repos/nowsecure/android-vts/releases/2291163",
  "assets_url": "https://api.github.com/repos/nowsecure/android-vts/releases/2291163/assets",
  "upload_url": "https://uploads.github.com/repos/nowsecure/android-vts/releases/2291163/assets{?name,label}",
  "html_url": "https://github.com/nowsecure/android-vts/releases/tag/v.13",
  "id": 2291163,
  "tag_name": "v.13",
  "target_commitish": "master",
  "name": "AndroidVTS v.13",
  "draft": false,
  "author": {
    "login": "Fuzion24",
    "id": 772364,
    "avatar_url": "https://avatars.githubusercontent.com/u/772364?v=3",
    "gravatar_id": "",
    "url": "https://api.github.com/users/Fuzion24",
    "html_url": "https://github.com/Fuzion24",
    "followers_url": "https://api.github.com/users/Fuzion24/followers",
    "following_url": "https://api.github.com/users/Fuzion24/following{/other_user}",
    "gists_url": "https://api.github.com/users/Fuzion24/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/Fuzion24/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/Fuzion24/subscriptions",
    "organizations_url": "https://api.github.com/users/Fuzion24/orgs",
    "repos_url": "https://api.github.com/users/Fuzion24/repos",
    "events_url": "https://api.github.com/users/Fuzion24/events{/privacy}",
    "received_events_url": "https://api.github.com/users/Fuzion24/received_events",
    "type": "User",
    "site_admin": false
  },
  "prerelease": false,
  "created_at": "2015-12-15T15:01:43Z",
  "published_at": "2015-12-15T15:04:55Z",
  "assets": [
    {
      "url": "https://api.github.com/repos/nowsecure/android-vts/releases/assets/1130370",
      "id": 1130370,
      "name": "androidVTS.apk",
      "label": null,
      "uploader": {
        "login": "Fuzion24",
        "id": 772364,
        "avatar_url": "https://avatars.githubusercontent.com/u/772364?v=3",
        "gravatar_id": "",
        "url": "https://api.github.com/users/Fuzion24",
        "html_url": "https://github.com/Fuzion24",
        "followers_url": "https://api.github.com/users/Fuzion24/followers",
        "following_url": "https://api.github.com/users/Fuzion24/following{/other_user}",
        "gists_url": "https://api.github.com/users/Fuzion24/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/Fuzion24/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/Fuzion24/subscriptions",
        "organizations_url": "https://api.github.com/users/Fuzion24/orgs",
        "repos_url": "https://api.github.com/users/Fuzion24/repos",
        "events_url": "https://api.github.com/users/Fuzion24/events{/privacy}",
        "received_events_url": "https://api.github.com/users/Fuzion24/received_events",
        "type": "User",
        "site_admin": false
      },
      "content_type": "application/vnd.android.package-archive",
      "state": "uploaded",
      "size": 2350365,
      "download_count": 2652,
      "created_at": "2015-12-15T15:04:49Z",
      "updated_at": "2015-12-15T15:04:53Z",
      "browser_download_url": "https://github.com/nowsecure/android-vts/releases/download/v.13/androidVTS.apk"
    }
  ],
  "tarball_url": "https://api.github.com/repos/nowsecure/android-vts/tarball/v.13",
  "zipball_url": "https://api.github.com/repos/nowsecure/android-vts/zipball/v.13",
  "body": " - Prioritize vulnerables which were positive on the device\r\n - Add intro/welcome screens\r\n - Add a test for CVE-2015-6616 from the December sec bulletin"
}

@Fuzion24 please let me know what do you think of this.

Fuzion24 commented 8 years ago

I really like this idea. I have been (passively) working on a getting a github page up for the project, too. We can use this to allow people to sideload it.

shark0der commented 8 years ago

+1

alanthehat commented 8 years ago

https://f-droid.org/repository/browse/?fdfilter=apktrack&fdid=fr.kwiatkowski.ApkTrack uses several sources (but not GitHub) to find latest versions.

It's also worth looking into adding VTS to F-Droid

106 referenced above looks good once it's installed

SandroMachado commented 8 years ago

Since the application is only on github and all the development is based on github. Check only for the update on github should be enough. A better improvement to #106 is also introduce that check on a service that runs periodically on the device instead of just wait for the user action to check for updates.

z3ntu commented 8 years ago

The original url doesn't work anymore: it's https://api.github.com/repositories/40509121/releases/latest now.

SandroMachado commented 8 years ago

@z3ntu, thanks, I will make a PR to update the URL.