Automatic updates: A seemingly simple feature

2024, Jan 04

We recently introduced an auto-update feature to our app that offers the same convenience that iOS and Android users experience through their app stores.

This means that all users of our app on major platforms will automatically receive the latest version of Rice VPN without the need to download and install. Importantly, they will always enjoy security improvements and new features, while optimizing performance.
The auto-update feature is especially useful for users in countries with Internet restrictions, where they don't always have the ability to easily access VPN Rice's website to perform manual updates. With this feature, applications will automatically update when new versions are available, helping to ensure that every user always maintains a secure connection and best protection for their digital information.
We put many considerations into developing this feature, along with important technical decisions, to ensure the safety and stability of using this automatic update feature.
Security challenges with auto-updates

Auto-update is not an important feature for most users, as they are used to the auto-update process on their mobile phones. In fact, enabling automatic updates is often considered a good security measure to ensure users are always using the latest version of an application.
While having most customers on the latest version benefits app creators, there can be dire consequences in the event of auto-update problems. For an app to update automatically, it first needs to recognize that an update is available. This requires the developer to notify when an update is available, which was regularly sent weekly in our case. Once the app knows an update is available, the second part is delivering that update to the app, and this is where the risk can occur.
While auto-updates can be a target for malicious actors in a supply chain attack, some terrible consequences can occur if this feature is not secure. There are cases emerging in the technology ocean where major companies, including PC manufacturers, have been infected with malware at some stage during development or distribution.
As for security, the automatic update process can become a target for a supply chain attack, where malware can be inserted into the update distribution process. This creates a need to verify the integrity of the software after installation, to prevent tampering and replacement of the installer with a malicious version. This verification also includes checking the authenticity of the software to ensure that it is from a trusted developer.
During the implementation of automatic updates, we have established special procedures to prevent malware infections during the development cycle and have been independently audited by Singapore-based auditors. This helps maintain the authenticity and integrity of the code as it is delivered to users, and increases the trust users place in us when using our applications.
Key considerations when implementing automatic updates
This is a classic technical question: Will you build the capability yourself or buy the capability from a third party? Companies, including us, often prefer to use thoroughly tested solutions from third parties to achieve greater efficiency. However, in the case of automatic updates, using a third-party service means handing over a lot of power to your computer. We also recognize that the complexity of such services, which often come with many unnecessary features, can lead to problems.
Our internal security review discovered ways in which we could use those third parties to defeat the security measures we strive to build. For automatic updates in the application we decided to use the mechanism of the original operating system. This means we purchased this capability from the most trusted source - the operating system vendors rather than from other third parties. The operating system knows how to check whether the software comes from us or not, and we only need to provide a signature and authentication information to perform the update.

The native mechanisms on each platform have been tried and tested, proving their safety. Staying close to the native experience also provides better visualization for users familiar with each of our platforms.
During development, we built extensive threat models for Windows, Mac, and Linux to ensure every security threat can be detected and mitigated. This led to some common design decisions for auto-updates across all three platforms, regardless of implementation.
1.Update packages are cryptographically signed to ensure their authenticity and integrity. This is done through the use of a public key algorithm to digitally sign data, allowing others to verify this digital signature.
2.To prevent tampering that could lead to "time from check to time of use" (TOCTOU) errors, update packages are stored in limited folders on disk. This action is intended to minimize the time gap between the last time the software was tested and the time it was used. During this period, the risk of counterfeiting may arise.
3.The update process also includes version checking to prevent downgrade attacks, which cause the software to revert to an older version that may not be as secure as possible. This puts in place an important security mechanism to ensure that users are always provided with the latest and most secure version of the software, while avoiding the risk of older versions being vulnerable. .
Streamline your experience
Deployed securely, automatic updates ensure that our users always have the latest version of the app without them having to do anything. To enjoy the benefits of automatic updates across platforms you'll probably need to update your app again manually, if your current version is out of date - but this will be the first time. you have to do this eventually.
The automatic update feature not only simplifies the process, but also brings convenience to users. Also, to discover more about the latest features on our app, including "Rice VPN Lock", you can learn more about our built-in password manager.

News Related

Dec 10, 2024

VPN for Android: How to Set Up

Setting up a VPN on your iPhone isn't complicated. Whether you want to access content from your home country while abroad, protect your connection when using public Wi-Fi, or enhance your online privacy, a VPN is the way to go. In this article, we'll show you how to easily set up and use a
Dec 10, 2024

How to protect yourself from text message scams

Text message scams, commonly known as smishing or SMS scams, are one of the most common methods criminals use to steal important personal and financial information. Recognizing text message scams is important to protect yourself from losing money, having your identity stolen, or having your privacy
Dec 10, 2024

Wi-Fi VPN: How to Keep All Public Wi-Fi Private

The most effective way to protect your data when using public Wi-Fi is to use a VPN (Virtual Private Network). A VPN encrypts your data, which blocks most, if not all, of the ways intruders can steal information via an unsecured Wi-Fi hotspot. We’ve all been tempted by free Wi-Fi —
Dec 10, 2024

What is a network security key? How to find and use a network security key?

These days, we expect hotels to provide us with our Wi-Fi passwords along with our room keys, and asking a friend for the Wi-Fi password is as natural as asking for a glass of water. Yet most of us don’t give it much thought when we log in. Have you ever noticed that it’s called a
Dec 10, 2024

What is the singularity in AI?

The AI ​​singularity is a future scenario where artificial intelligence reaches the point where it can rapidly and continuously improve itself. At that point, humans will have difficulty understanding or controlling the technologies that AI creates, which could lead to machines taking over to
Dec 10, 2024

Steps to Block Ads on Android, iOS, and Other Platforms

Blocking ads can help you have a smoother, faster, and safer online experience. Not only does it clean up your screen, it also improves your device's performance and reduces data usage. Plus, blocking ads reduces the collection of personal data and reduces the risk of encountering malicious
Dec 10, 2024

Is it safe to use Wi-Fi on my computer?

In-flight Wi-Fi poses many of the same security risks as other public Wi-Fi networks. Just like when using Wi-Fi at cafes, airports or hotels, passengers connecting to in-flight Wi-Fi need to be cautious and take protective measures to avoid cyberattacks.In a recent case, in June 2024, an
Dec 10, 2024

How to Block Ads on Android, iOS, and Other Platforms

Why block ads?Optimize device performanceMost online ads contain high-resolution images, graphics, animations, or videos that attract attention, but they also take up a significant amount of your device's processing resources. By blocking ads, you can reduce the load on your CPU, memory, and
Dec 10, 2024

How to Install VPN on Non-Smart TV

So you’ve heard about VPNs (Virtual Private Networks) and the benefits they offer, and now you’re wondering how to set one up on your TV. Whether you have a Smart TV, a regular TV, or are using a streaming device, setting up a VPN can improve your viewing experience in a variety of
Dec 10, 2024

Why do you need a travel VPN router for your family trip?

Of course, security is important. But a portable VPN router also offers convenience, making it easy for everyone in your group to connect to Wi-Fi. In this article, we'll explore why a portable VPN router is a great choice for your family trip.  1. Quickly connect all family devices to
Exclusive Offer
Get your Free 30 days access