Apex Manager Update out!

I wanted to show some love to the Apex Manager app. Looks like an update dropped last night.

Version: 3.0.1
Change Log:

  • Rebase of all NFC communication logic to use our new in-house NFC library, Intra.
  • Added configuration support for the HMAC SHA-1 applet.
  • Added an experimental “Advanced NFC Sharing” option.
  • Sped up NFC operations tremendously through multiple forms of optimization.
  • Support for renaming existing OTP credentials.
  • OTP scans will now prefetch the next OTP code in the series to avoid the need for rescanning.
  • Added applet version detection.
  • AMOLED black background option.

Thanks for your hard work @hoker!

13 Likes

Nice!

That’s amazing work. Applet version was something I was thinking to bring up as a feature request, but sounds like it was been considered and now implemented.
What is interesting is that for example not all applets display versions, for example smart pgp.
Others like spark are missing completely. My ultimate feature for this app would be a crypto wallet that supports eth and bc.

1 Like

I appreciate the love @Jammyjellyfish !

So the explanation here is that if an applet does not show a version number, it’s because the applet version you have is older than the applet version feature. Basically, @StarGate01 added logic in the applet itself for it to report out it’s version number, which I interact with. If it doesn’t show up, that just means you have an older applet that doesn’t support it.

You can always uninstall/reinstall an applet to get the feature, just be careful in doing so, as uninstalling an applet will obviously delete any associated data. Be sure to back up your stuff.

6 Likes

Thanks @hoker This explains things. For the applet reinstall, I am aware that it also nukes all applet associated data.

1 Like

Also love that it’s showing my Flex Secure correctly, as opposed to the Apex Flex that is showed before

Do you think it will be possible to install/update/remove applets on the flex secure through the app at some point?

3 Likes

If I were you I would remove this screenshot with the uid of your apex

4 Likes

@hoker okay we have the versions, what if a new version is pushed to fidesmo. Is the apex manager going to indicate somehow that there is an update?

1 Like

Updated, thank you. Is it really a security concern?

3 Likes

Shouldn’t be a big issue, but I support the idea that it’s better to share less sensitive information :slight_smile:

4 Likes

I absolutely respect that and share the same philosophy

1 Like

Fidesmo does not support applet versioning, however we might be able to implement something in the future which checks our own deployment servers for applet version information… but this is far future at this point, and probably would coincide with;

2 Likes

So without getting too much into the nitty gritty of things. It is possible to add deployment/removal of applets for Fidesmo provisioned Apex devices in Apex Manager using a Fidesmo SDK they have provided. It’s a bit of a lift, but I would love to visit this for the next major release of the application. I do have a couple other VK/DT applications that are close to release that I’m going to focus on first, but afterwards I’d love to add this into Apex Manager.

For Flex Secure devices, it gets a bit harder. It would essentially require a completely in-house implementation for manual javacard applet deployment and removal that would be quite the task. In fact, one of the core reasons we partner with Fidesmo in the first place is to avoid having to do this. I’m not gonna say it won’t ever happen, but it’s definitely not a plan in the near term.

We could do that, yeah. It would likely require setting up some simple API I can hit in order to fetch the latest versions, but that wouldn’t be too difficult.

@amal , thoughts on this?

Edit: lol, you posted before I sent this message. I’m too slow

7 Likes

basically @StarGate01 will have to implement something on our deployment server for all our apps and basically be able to report current version available on Fidesmo so you can compare, but that will involve “quite a lift” as you say because we don’t use our deployment server for all our apps yet, just the ones that need special handling.

6 Likes

I am all eyes and ears

2 Likes

I’ll just say that this next one is totally novel, and very useful. It’s been a lot of blood, sweat, and elbow grease making it:)

5 Likes

I am a fan of KISS principle. So I try to keep things simple and not overengineer. Before writing next, I should say that I have no idea how fidesmo backed looks like, if they have some api which you can query with a special key. In general I also do not know how your delivery pipeline looks like. If I am tasked to build it I would do the following. Client aka apex manager pulls a static file from a webserver, html, json, yaml, pick your poison. Then compare with data reported from applets. On the “backend” either use deployment pipeline, which I assume builds the applet and publish it to fidesmo, then string replace the file, or updates the data in some db, then using it to generate the file based on db content, or if that’s possible, having a script that pulls from fidesmo directly(may not be possible). I do not think you need to have an api to do this specific thing(because each iteraction to either fidesmo or a db would take more time than serving file with 10 strings inside), but I am just the random guy on the internet who gives ideas :slight_smile:

1 Like

Yep! This is actually what I was thinking when I said setup an API. Just some basic ass endpoint with the latest version numbers. We could even just update it manually until we get a better way of automating version increments.

I do wish there was an easier way to actually update Applets, but we’re kind of powerless with that unfortunately:/

2 Likes

Spot on! This will decouple the dependency till automation gets up to speed!
Great minds think alike

1 Like

No credential manager tho?

2 Likes