Untrusted node code in ionic app - how to define & enforce firewall rules for my own app?

Question

What are my options to have more fine-grained control of internet access of an app, that I'm develping?

We are developing an Ionic app and therefore rely on many node modules, which are per se untrusted code (see HN discussion). Since the content is sensible, I want to safe-guard against the possiblity of that untrusted sending any data in undesired ways.

For my app to function, it needs to talk only to a single IP, however I could not find a way to declare in the manifest of android or iOS to declare just that: allow talking to only a single IP/domain domain.

Is there a way to prevent (untrusted code in) my own app from talking from /to anywhere else? Preferably, the user installing the app should not be concerned with any additional steps.

1. Best would be android or iOs platform would allow to declare in the manifest that I want to have restricted internet access. I saw one can define custom-permissions and intents, but in my understanding that doesn't per se allow me to define restricted internet access. Can I declaratively restrict my owns app internet access to a specific host in the manifest?
2. If not, what I need is an app-firewall. Normally, one would install a firewall and setup firewall rules for that app. However, I can't require the app user to install and setup a firewall. Is there a way to directly setup a iftables rules using some script during app installation?
3. If not, being cordova-based, my app ship with their own browser and JS-runtime. I was looking into deliberately crippling node, such that socket.connect ignores parameters and just connects to the required hard-coded domains, sending data and only open sockets to a given IP? However, that requires me to change c/c++, which I'm not an expert in. Is there an easy & clean way to do this?

Thanks for your hints!

---

Answer 1

After understanding your problem, I would suggest you to use Whitelist Domain feature of Cordova.

Platform-specific whitelisting rules are found in res/xml/config.xml.

You need to change <access> element within the app's config.xml file to enable or restrict network access to specific domains.

By default It is <access origin="*" />, That means your app has access to all domains.

Now Let's assume IP address to which you want your app to communicate with is 192.168.10.1, Then access element should be modified as

<access origin="192.168.10.1" />

It will restrict your app's communication with all IP addresses except 192.168.10.1

In addition, On Android and iOS, the network request whitelist (see above) is not able to filter all types of requests (e.g. <video> & WebSockets are not blocked). So, in addition to the whitelist, You need to implement The Content-Security-Policy meta-tag in your HTML file to reduce the risk of XSS.

This enables you to define where resources can be loaded from, preventing web views from loading data from any other locations. This makes it harder for an attacker to inject malicious code to your site.

If you have one main file(i.e index.html), and all other pages are loaded in that main file, Then you need to define above meta tag in that main file only, otherwise you have to write CSP meta-tag in all HTML files.

To understand more about how to use CSP meta tag, Please follow the link below

How does Content Security Policy work?

I would also recommend you to read Cordova's official documentation :

https://cordova.apache.org/docs/en/latest/reference/cordova-plugin-whitelist/