On insecure devices, such as rooted or unlocked mobile phones, running applications is usually accompanied by certain security risks, such as malicious viruses or *** software using root privileges to implant viruses, tampering with user device information, and destroying systems. Therefore, how to do a good job in application security protection and avoid security risks in the environment of unsafe devices has become a factor that its developers must consider. In this regard , Huawei has opened up security testing services, providing system integrity testing (SysIntegrity API), which can detect whether the device environment where the application is running is secure, such as whether the device is rooted or unlocked.
1. Service introduction
Huawei system integrity inspection includes the following features:
-
Based on the trusted execution environment TEE, the system integrity detection result is provided: when the device starts safely, the system integrity is evaluated in the TEE, which has high credibility and dynamically evaluates the system integrity.
- The system integrity test result is safe and reliable: the system integrity test result is signed by a digital certificate, and the test result cannot be tampered with.
Its business flow chart is shown below:
(1) Your application integrates the HMS Core SDK to call the Safety Detect service.
(2) Request TSMS (Trusted Security Management Service) server signature detection result Server.
(3) Your application requests its own service test results.
---- End
Two, scene case introduction
At present, there are apps in many fields such as finance, entertainment, convenient life, news reading, etc., which integrate Huawei system integrity detection:
Financial applications integrate Huawei SysIntegrity, which can effectively improve transaction security. For example, when the user enters a credit card security code (CVC), it can confirm whether the mobile phone's system environment is safe. If the mobile device fails the system integrity check and verification, the application is not allowed to use to protect the transaction security:
Life and news reading applications, integrated with SysIntegrity, can effectively prevent ****** and ensure the safety of in-app payment and other activities:
Video entertainment applications integrate SysIntegrity, which can help protect content copyright; when users register, watch, and download offline playback videos, they can ensure that users complete streaming and video playback on devices approved by the content provider:
Three, develop code
1 Configure related information in AppGallery Connect
Before developing an application, you need to configure relevant information in AppGallery Connect.
Specific steps:https://developer.huawei.com/consumer/cn/doc/HMSCore-Guides-V5/config-agc-0000001050416303-V5
2 Configure the Maven warehouse address of the HMS Core SDK
2.1 Open the Android Studio project-level "build.gradle" file
2.2 Add HUAWEI agcp plugin and Maven code base
- Configure the Maven repository address of the HMS Core SDK in allprojects-> repositories.
1. allprojects {
2. repositories {
3. google()
4. jcenter()
5. maven {url 'https://developer.huawei.com/repo/'}
6. }
7. }
- Configure the Maven repository address of the HMS Core SDK in buildscript->repositories.
1. buildscript {
2. repositories {
3. google()
4. jcenter()
5. maven {url 'https://developer.huawei.com/repo/'}
6. }
7. }
- Add configuration in buildscript ->dependencies.
1. buildscript{
2. dependencies {
3. classpath 'com.huawei.agconnect:agcp:1.3.1.300'
4. }
5. }
3 Create SafetyDetectClient and generate nonce value
1. // 创建SafetyDetectClient
2. SafetyDetectClient mClient = SafetyDetect.getClient(MainActivity.this);
3. // 生成 nonce值
4. byte[] nonce = new byte[24];
5. try {
6. SecureRandom random;
7. if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.O) {
8. random = SecureRandom.getInstanceStrong();
9. } else {
10. random = SecureRandom.getInstance("SHA1PRNG");
11. }
12. random.nextBytes(nonce);
13. } catch (NoSuchAlgorithmException e) {
14. Log.e(TAG, e.getMessage());
15. }
4 Create a test result monitor
1. // 实现OnSuccessListener接口,并从 onSuccess获取检测结果
2. protected class SysIntegrityOnSuccessListener implements OnSuccessListener<SysIntegrityResp> {
3.
4. // 获取系统完整性检测结果
5. @Override
6. public void onSuccess(SysIntegrityResp sysIntegrityResp) {
7.
8. }
9.
10 }
11. // 实现OnFailureListener接口,并从 onFailure异常详情
12. protected class SysIntegrityOnFailureListener implements OnFailureListener {
13. // 获取异常错误码已经异常详情
14. @Override
15. public void onFailure(Exception e) {
16.
17. }
18. }
5 Call system integrity check
1. // 调用系统完整性检测接口,********传入appid
2. Task task = mClient.sysIntegrity(nonce,"********");
3. task.addOnSuccessListener(new SysIntegrityOnSuccessListener()).addOnFailureListener(new SysIntegrityOnFailureListener());
6 Result verification
You can refer to the official website of the Developer Alliance for the results of the verification system integrity test in the server.
If you are interested in the implementation, you can refer to the Github source link:https://github.com/HMS-Core/hms-safetydetect-demo-android
For more detailed development guidelines, please refer to the official website of Huawei Developer Alliance:
Huawei Developer Alliance:https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/dysintegritydevelopment-0000001050156331
Obtain development guidance documents:
https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/introduction-0000001050156325ha_source=hms1
To download the demo and sample code, please go to Github:https://github.com/HMS-Core
To solve integration problems, please go to Stack Overflow:
https://stackoverflow.com/questions/tagged/huawei-mobile-services?tab=Newest
Original link:
https://developer.huawei.com/consumer/cn/forum/topic/0201393882637910006?fid=18
Author: eat anything at night