APEX — Android’s new file format
Android Pony EXpress (APEX) what’s new in the security game?
Android is our old buddy which is under dynamic adaptation for years to make user experience great while balancing the security and privacy aspects. With the launch of new android Q or as they call it “Android 10”, they also bought something new … Project Mainline.
Now what’s project mainline and how it’s related to our topic, well that’s what this post is all about.
Project Mainline
The project mainline for android Q is Google’s latest attempt to speed up security updates.
The most obvious problem for Google seems to be maintaining the vast family of android versions that they have produced and it’s kind-of hard job to maintain all of them to the latest security standards, and this “Version / Generation Gap” as I like to say it is the thing Google has been trying to overcome for sometime. To tackle scattered versions they have already launched Project here is XDA-Developer’s article on that.
“Mainline is another change that will help Android phones get critical and essential updates a lot sooner because none of the changes will require a system update from the phone manufacturer.” — android authority
Mainline takes 12 core components of Android and makes them a little more modular. Previously these components required a full system update if any changes were made, but with Mainline they can be updated through the Play Store. Google breaks these 12 components into three categories:
- Security: Media Codecs, Media Framework Components, DNS Resolver, Conscrypt
- Privacy: Documents UI, Permission Controller, ExtServices
- Consistency: Timezone data, ANGLE (developers opt-in), Module Metadata, Networking components, Captive Portal Login, Network Permission Configuration
These are low-level functions that need to be working right in order for your phone to work at all.
Here is a detailed read about Project Mainline and it’s functions:
So, At Google I/O 2019, the company announced its latest initiative to speed up security updates: Project Mainline for Android Q.
What’s the deal with APEX then?
Well with all the information we get, APEX file format is Google’s approach for Project Mainline.
Android Pony Express (APEX) is a new package type that’s similar to an APK. Instead of housing an Android application, however, APEX is home to a native or class library, pre-compiled code that can be called by Android apps, Hardware Abstraction Layers (HAL), and the Android Run-time (ART). Like the APK, APEX packages can be served to users over traditional package installation methods in Android: the Google Play Store/package manager or ADB.
this will be used in the install flow for lower-level system modules. This format facilitates the updates of system components that don’t fit into the standard Android application model. Some example components are native services and libraries, hardware abstraction layers (HALs), runtime (ART), and class libraries.
APEX Design
At the top level, an APEX file is a zip file in which files are stored uncompressed and located at 4 KB boundaries.
The four files in an APEX file are:
apex_manifest.jsonAndroidManifest.xmlapex_payload.imgapex_pubkey
The apex_manifest.json file contains the package name and version, which identify an APEX file.
The AndroidManifest.xml file allows the APEX file to use APK-related tools and infrastructure such as ADB, PackageManager, and package installer apps (such as Play Store). For example, the APEX file can use an existing tool such as aapt to inspect basic metadata from the file. The file contains package name and version information. This information is generally also available in apex_manifest.json. AndroidManifest.xml might contain additional targeting information that can be used by the existing app publishing tools.
apex_manifest.json is recommended over AndroidManifest.xml for new code and systems that deal with APEX.
apex_payload.img is an ext4 file system image backed by dm-verity. The image is mounted at runtime via a loop device. Specifically, the hash tree and metadata block are created using libavb. The file system payload isn't parsed (because the image should be mountable in place). Regular files are included inside the apex_payload.img file.
apex_pubkey is the public key used to sign the file system image. At runtime, this key ensures that the downloaded APEX is signed with the same entity that signs the same APEX in the built-in partitions.
APEX MANAGER
The APEX manager (or apexd) is a native daemon responsible for verifying, installing, and uninstalling APEX files. This process is launched and is ready early in the boot sequence. APEX files are normally pre-installed on the device under /system/apex. The APEX manager defaults to using these packages if no updates are available.
APEX is APK-ish
APEX files are valid APK files because they are signed zip archives (using the APK signature scheme) containing an AndroidManifest.xml file. This allows APEX files to use the infrastructure for APK files, such as a package installer app, the signing utility, and the package manager.
The AndroidManifest.xml file inside an APEX file is minimal, consisting of the package name, versionCode, and optional targetSdkVersion, minSdkVersion, and maxSdkVersion for fine-grained targeting. This information allows APEX files to be delivered via existing channels such as package installer apps and ADB.
APEX supported file types
The APEX format supports these file types:
- Native shared libraries
- Native executable
- JAR files
- Data files
- Config files
The APEX format can only update some of these file types. Whether a file type can be updated depends on the platform and how stable the interfaces for the files types are defined.
Closing words
Well this is new format hence it means lot to discover in the field, and of-course we will slash and dice the new format and will examine it thoroughly.
For this post I will leave you here NOW we know there is one more NEW thing to play with in android and to exploit this SAFETY feature.
upcoming post thoughts :- Reversing APEX files.
