[Bugfix] Comprehensive security hardening for Element Android

[JohnPengC]

Type of change

• Feature
• Bugfix
• Technical
• Other :

Content

This PR addresses 10 security vulnerabilities identified through a thorough security audit of the Element Android codebase:

1. E2EE Decryption Trust Settings (OlmMachine.kt)

   • Changed TrustRequirement from UNTRUSTED to CROSS_SIGNED_OR_LEGACY
   • Enabled strictShields=true for stricter device verification

2. WebView File Access (WidgetWebView.kt, VectorWebViewActivity.kt)

   • Disabled allowFileAccessFromFileURLs and allowUniversalAccessFromFileURLs
   • Prevents malicious scripts from accessing local filesystem via file:// URLs

3. ImporterService Export Restriction (AndroidManifest.xml)

   • Changed android:exported from true to false
   • Prevents external apps from accessing sensitive session data

4. Key Memory Secure Erasure (RealmKeysUtils.kt, MXMegolmExportEncryption.kt)

   • Added fill(0) for intermediate ByteArray key material after use
   • Removed ineffective String erasure (code review fix)

5. Forwarded Room Key Audit Logging (RustCryptoService.kt)

   • Added debug-level audit log for forwarded key events
   • Applied data masking (take(8)+***) for sensitive identifiers

6. JJWT Dependency Upgrade (dependencies.gradle, JitsiJWTFactory.kt)

   • Upgraded JJWT from 0.11.5 to 0.12.6 (fixes CVE-2024-31033)
   • Migrated to new 0.12.x builder API

7. SSO CSRF State Validation (DefaultAuthenticationService.kt, LoginActivity.kt, etc.)

   • Added random UUID state parameter to SSO URL
   • Validates state on callback to prevent CSRF attacks
   • Applied to both Login and Onboarding flows

8. Key Export Encryption Upgrade (MXMegolmExportEncryption.kt)

   • New exports use AES-GCM (authenticated encryption)
   • Retained AES-CTR+HMAC decryption for backward compatibility
   • Added version byte to distinguish formats

9. MD5 to SHA-256 Migration (RustEncryptionConfiguration.kt, RealmKeysUtils.kt)

   • New installations use SHA-256 derived database alias
   • Legacy MD5 alias preserved for existing users (zero-downtime migration)
   • Added hasRealmEncryptionKey() helper method

10. Clipboard Auto-Clear (CopyToClipboardUseCase.kt)

    • Auto-clears clipboard 30 seconds after copy
    • Uses shared Runnable with removeCallbacks to handle rapid copies correctly
    • Supports Android P+ clearPrimaryClip() with fallback for older versions

All fixes maintain backward compatibility with existing user data.

Motivation and context

Comprehensive security hardening to address vulnerabilities identified in a security audit. No single corresponding issue; this is a collective fix for multiple security concerns.

Screenshots / GIFs

No UI changes.

Tests

• Verified E2EE decryption trust settings with cross-signed devices
• Confirmed WebView file access is blocked via security tests
• Tested SSO login flow with state validation
• Verified clipboard auto-clear on Android API 21+ and API 28+
• Confirmed backward compatibility for existing encrypted database and key exports

Tested devices

• Physical
• Emulator
• OS version(s): Android 16.0 ("Baklava")| arm64 , Android 16 (API 36.1), API 36 emulator

Checklist

• Changes has been tested on an Android device or Android emulator with API 21
• UI change has been tested on both light and dark themes
• Accessibility has been taken into account. See https://github.com/element-hq/element-android/blob/develop/CONTRIBUTING.md#accessibility
• Pull request is based on the develop branch
• Pull request includes a new file under ./changelog.d. See https://github.com/element-hq/element-android/blob/develop/CONTRIBUTING.md#changelog
• Pull request includes screenshots or videos if containing UI changes
• Pull request includes a sign off
• You've made a self review of your PR
• If you have modified the screen flow, or added new screens to the application, you have updated the test UiAllScreensSanityTest.allScreensTest()

---

Signed-off-by: JohnPeng john.peng.c@gmail.com