Bootstrapping Trust¶
In order to have a trusted platform for sharing files, the Bazaar app needs to be installed
- how to represent the choice
- as much auto-detection as possible
- wizard?
User-preferred File Transfer Method¶
There are so many apps and techniques that people are using for sharing files on phones. We should make it straightforward for people to share the Bazaar app via their own preferred method
Implementation¶
- make the Bazaar APK easily available via standard Android methods
- in Bazaar, a Share APK option, which triggers a
SEND
Intent
- make Bazaar copy its own APK to the SDCard, and regularly verify its the same as the installed APK.
Issues¶
- should not encourage insecure methods, like emailing APKs
- far too broad to document
- unknown security issues
Bluetooth File Transfer¶
Most phones have a built-in method of transferring files via Bluetooth. Since its very local, and there is some security in the pairing process, there is some level of trust in the process.
Implementation¶
- test if APK can be sent, if so send it
- rename APK to apk.zip, then transfer and instruct the user to rename
Issues¶
- stock Android blocks transferring .APK files
- rename file to .ZIP to transfer, then remove .ZIP on receiving device (there is no default method of renaming files)
- zip up APK then unzip on receiving device
- tiny unzipper app could be NFC'ed or maybe QRcoded over.
- Bluetooth pairing can be confusing
local HTTPS¶
The Bazaar app can run a local HTTP server that shares out the bootstrapping app, and the rest of the process, including the index.jar.
Implementation¶
- app generates cert for signing index.jar and HTTPS
- transports
- detect whether on wifi, and present current IP
- create own wifi AP (WiFi Direct)
- adhoc wifi
- mesh
Issues¶
- dealing with a self-signed cert is often painful
- perhaps just HTTP only and enforce local-only traffic
NFC¶
NFC provides an easy way to locally swap a bit of data, which can be used to easily setup another higher bandwidth connection, like Bluetooth.
Implementation¶
Issues¶
- limited device support
- APKs not allowed to be transferred on many devices
- unproven security
ChatSecure/OTR¶
If ChatSecure is installed, then we have a trusted channel to communicate over. This would provide an easy way to bootstrap the Bazaar app.
Implementation¶
Issues¶
- ChatSecure must already be installed
Kerplapp with Pinned F-Droid¶
We can make a version of Kerplapp for the Google Play Store that includes the ability to download an F-Droid.apk and then check the hash against an included sha256. Then it could download it from multiple sources, and still be able to verify it. CiaranG said they can give us a static URL to a specific version of F-Droid for this. We can probably also rely on the APK being in the archive repo, i.e. https://f-droid.org/archive/org.fdroid.fdroid_45.apk
Bootstrap Decision Tree¶