Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Brainstorming ideas for com package name to service mapping #9

Open
limpkin opened this issue Jan 24, 2022 · 6 comments
Open

Brainstorming ideas for com package name to service mapping #9

limpkin opened this issue Jan 24, 2022 · 6 comments

Comments

@limpkin
Copy link
Contributor

limpkin commented Jan 24, 2022

As many services offer companion apps in the form of com.packagename.tld we need a way to map that com.packagename.tld to a standard service name.

In the case of ebay, the service a given user may have created credentials for may be ebay.fr, ebay.de, ebay.com ....

Here's a simple idea: allow the user in mooltifill to specify a default TLD (and more?) so that mooltifill tries to query package. to the device

@limpkin
Copy link
Contributor Author

limpkin commented Jan 24, 2022

tagging @mathfactory

@Hootie81
Copy link

I stumbled across this that may be relevant, but possibly going the wrong way.. https://developer.android.com/reference/kotlin/android/service/autofill/AutofillService#web-security

@mathfactory
Copy link
Collaborator

@limpkin package names on Android are reversed wrt usual domain names, so the scheme for companion apps is akin to "tld.domain.subdomain", e.g. your for ebay example: com.ebay.mobile.

I see multiple steps for which we could each add options in the app:

  1. reverse identifier segments for companion apps (com.ebay.mobile -> mobile.ebay.com)
  2. strip at subdomain part (mobile.ebay.com -> ebay.com)
  3. replace com-tld with user defined tld (e.g. ebay.com -> ebay.fr ...)

I don't know if this procedure is universal enough for most apps though, maybe we can get some more examples before implementing this? What if some package names should be mapped to .fr, but others to .com for example?

How about the idea to add a "translation table" for identifiers (i.e. the user can add an entry for each package name, e.g. for "com.ebay.mobile" -> "ebay.fr"). This would be more flexible but also more effort for the user of course. Also, this would effectively build a database of some services the user is using on the app side, which may have security implications. Currently we do not store any information about services in the app itself, and I'm inclined to keep it that way. ;)

Opinions?

@Hootie81
Copy link

while that is the standard its not enforced and looking at all the package names on my device I can see several that are different.
For example the local buy&sell site in australia is Gumtree, however the app name is com.ebay.gumtree.au. and of course my ebay and gumtree accounts have different logins.. because Mooltipass!

what if there was an option if the credentials aren't found with the reversed package name, then allow the user to search the credentials on the device (like manual login) and when they select one have it link/mirror that credential. this could combine the feature request here as well [https://github.com/mooltipass/minible/issues/123]. this could be controlled by a menu option to allow credential linking/mirroring.

not sure of the inner workings of the database on the MP, could a mirrored site just create a new service name, and have the mirrored service saved in the username field and have a new category "mirror". then the MP could look at the category and know that the username is the service its looking for?

in moolticute this would allow easy editing/updating of the mirrored services

mathfactory pushed a commit to mathfactory/android_companion that referenced this issue Feb 26, 2022
@limpkin
Copy link
Contributor Author

limpkin commented Mar 2, 2022

sorry for my delay @mathfactory : I completely agree with your approach.
I'd also argue that we should also remove duplicates: for example, i have an app whose package name is ch.anibis.anibis. In that case, we'd like anibis.ch to be sent to the device.
@Hootie81 Credential mirroring indeed is something we really need to get to...

mathfactory pushed a commit to mathfactory/android_companion that referenced this issue Mar 6, 2022
mathfactory pushed a commit to mathfactory/android_companion that referenced this issue Mar 7, 2022
mathfactory pushed a commit to mathfactory/android_companion that referenced this issue Mar 7, 2022
mathfactory pushed a commit to mathfactory/android_companion that referenced this issue Mar 7, 2022
mathfactory pushed a commit to mathfactory/android_companion that referenced this issue Mar 7, 2022
@Freakus
Copy link

Freakus commented Mar 17, 2022

Just throwing in my two pence for the suggestion by Hootie81, this sounds like the best approach from my perspective.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants