@capacitor-community/security-provider
v6.0.0
Published
Capacitor plugin with methods to check and update the Android Security Provider
Downloads
662
Maintainers
vmfo
multishiv19
ionicjs
danielprrazevedo
nkalupahana
dtarnawsky
ryaa
dallasjames
tafelnl
thegnuu
pbowyer
capcombot
jcesarmobile
maxlynch
mhartington
it_mike_s
byrds
rdlabo
priyankpatel
dwieeb
stewan
arielhernandezmusa
jeepq
start9keagan
boosten
nklayman
ihadeed
ckgaparajita
jpender
nhyatt
pwespi
epicshaggy
thomasvidas
robingenz
diachedelic
johnborges
tobyas
elylucas
giodimiliaionic
brownoxford
mrbatista
bazuka5801
hemangReadme
About
Capacitor plugin with a method to check and update the Android Security Provider.
Android relies on a security Provider to provide secure network communications. However, from time to time, vulnerabilities are found in the default security provider. To protect against these vulnerabilities, Google Play services provides a way to automatically update a device's security provider to protect against known exploits. By calling Google Play services methods, you can help ensure that your app is running on a device that has the latest updates to protect against known exploits.
For example, a vulnerability was discovered in OpenSSL (CVE-2014-0224) that can leave apps open to an on-path attack that decrypts secure traffic without either side knowing. Google Play services version 5.0 offers a fix, but apps must check that this fix is installed. By using the Google Play services methods, you can help ensure that your app is running on a device that's secured against that attack.
Install
npm install @capacitor-community/security-provider
npx cap syncUsage
import { CapacitorSecurityProvider, SecurityProviderStatus } from '@capacitor-community/security-provider';
...
const result = await CapacitorSecurityProvider.installIfNeeded();
if (result.status !== SecurityProviderStatus.Success && result.status != SecurityProviderStatus.NotImplemented) {
// Do not proceed. The Android Security Provider failed to verify / install.
}See Sample Capacitor 5 application that uses this plugin.
API
installIfNeeded()
installIfNeeded() => Promise<{ status: SecurityProviderStatus; }>Returns: Promise<{ status: SecurityProviderStatus; }>
Enums
SecurityProviderStatus
| Members | Value | Description |
| --------------------------------------------- | ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| Success | 'Success' | This indicates that the provider was already up to date or was successfully updated |
| NotImplemented | 'NotImplemented' | This will occur on iOS and Web as these platforms cannot call the Android Security Provider |
| GooglePlayServicesRepairableException | 'GooglePlayServicesRepairableException' | Indicates that Google Play services is out of date, disabled, etc. If this is returned a native dialog will notify and prompt the user to update. |
| GooglePlayServicesNotAvailableException | 'GooglePlayServicesNotAvailableException' | Indicates a non-recoverable error; the ProviderInstaller can't install an up-to-date Provider. You should abort running the application. |