@capacitor-community/security-provider
v6.0.0
Published
Capacitor plugin with methods to check and update the Android Security Provider
Downloads
684
Maintainers
Readme
About
Capacitor plugin with a method to check and update the Android Security Provider.
Android relies on a security Provider to provide secure network communications. However, from time to time, vulnerabilities are found in the default security provider. To protect against these vulnerabilities, Google Play services provides a way to automatically update a device's security provider to protect against known exploits. By calling Google Play services methods, you can help ensure that your app is running on a device that has the latest updates to protect against known exploits.
For example, a vulnerability was discovered in OpenSSL (CVE-2014-0224) that can leave apps open to an on-path attack that decrypts secure traffic without either side knowing. Google Play services version 5.0 offers a fix, but apps must check that this fix is installed. By using the Google Play services methods, you can help ensure that your app is running on a device that's secured against that attack.
Install
npm install @capacitor-community/security-provider
npx cap sync
Usage
import { CapacitorSecurityProvider, SecurityProviderStatus } from '@capacitor-community/security-provider';
...
const result = await CapacitorSecurityProvider.installIfNeeded();
if (result.status !== SecurityProviderStatus.Success && result.status != SecurityProviderStatus.NotImplemented) {
// Do not proceed. The Android Security Provider failed to verify / install.
}
See Sample Capacitor 5 application that uses this plugin.
API
installIfNeeded()
installIfNeeded() => Promise<{ status: SecurityProviderStatus; }>
Returns: Promise<{ status: SecurityProviderStatus; }>
Enums
SecurityProviderStatus
| Members | Value | Description |
| --------------------------------------------- | ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| Success
| 'Success' | This indicates that the provider was already up to date or was successfully updated |
| NotImplemented
| 'NotImplemented' | This will occur on iOS and Web as these platforms cannot call the Android Security Provider |
| GooglePlayServicesRepairableException
| 'GooglePlayServicesRepairableException' | Indicates that Google Play services is out of date, disabled, etc. If this is returned a native dialog will notify and prompt the user to update. |
| GooglePlayServicesNotAvailableException
| 'GooglePlayServicesNotAvailableException' | Indicates a non-recoverable error; the ProviderInstaller can't install an up-to-date Provider. You should abort running the application. |