Connect IQ 2: Security
06/17/16 @ 01:08 PM
At Garmin we are focused on the security of our devices and our services. As Connect IQ grows and expands on the functionality and user identifiable information available on our devices we have overhauled our security model. This new security model in Connect IQ 2 is built to give the developer and the user the tools to know that their device and their information is safe with Garmin.
Connect IQ 2 introduces new levels of trust for apps:
Trusted - Content that has been approved by the app store. These apps have passed the Garmin review process and was downloaded from the Connect IQ store.
Developer - Content that has been written by an individual developer, but has not been published by the Connect IQ store. This content can be used for testing, but is not an officially released app.
Untrusted - Rabble. Should not be run on device.
These levels of trust are enforced using digital signatures. A new key management system has been worked into the app store, the device, and the developer SDK. The goal is to make sure that apps loaded from developers only come from two locations - the app store or a trusted developer.
The Connect IQ compiler requires a developer key be provided to for signing when compiling and packaging apps. The required key must be a RSA 4096 bit private key.
Note: It’s important you keep track of the key you use to sign app packages. You will need to use the same key to sign updates to an existing app on the store. If you lose your original signing key you will not be able to update your app.
Generating a Key Using OpenSSL
If you’re working from the command line you can generate a RSA key using OpenSSL. The following command will generate a valid signing key.
> openssl genrsa -out developer_key.pem 4096
> openssl pkcs8 -topk8 -inform PEM -outform DER -in developer_key.pem -out developer_key.der -nocrypt
This developer key, developer_key.der, is passed to the compiler using the `-y` command line option.
Generating a Key Using the Eclipse Plug-in
If you’re using the Eclipse Plug-in there is a key generation utility built in. The tool can be accessed through the compiler preferences page (Preferences > Connect IQ > Compiler). Clicking the Generate button will open the wizard. Set the output path in the wizard and click Finish.
The developer key specified in the Connect IQ compiler preferences will automatically be passed to the compiler when a project is compiled.
Running on Device
Apps will now be required to be signed to run on a Garmin device, and unsigned apps will be deleted by the device. Unsigned apps already on a user’s device when the new security system is implemented will be grandfathered, but any updates to those apps must be signed.
The Monkey C tool will automatically sign your app based on your key. Your apps will run at the Developer privilege level. Apps signed by the app store run at the Trusted privilege level. The content of their object store will be encrypted and unreadable from the Connect IQ developer tools.
Uploading To The Store
After the official Connect IQ Biker Monkey release the app store will require IQ files to be digitally signed. Your upload will be rejected If the developer key has changed since your last upload.
Any SDK that deals with user-identifiable information needs to have a security layer in place to protect the user from malicious apps. Otherwise, a malicious app could compromise another app and gain access to that app’s credentials, which could lead to access to a user’s login, credit card numbers, or worse. In order to protect the user, a level of trust needs to exist. The new Connect IQ security model adds some new security protections to Connect IQ enabled devices to enforce chain of trust from the developer to the end user.
Categories: Connect IQ SDK