tidying up and comments

fa0a5a20 · Janik Besendorf · 62ae7411 · fa0a5a20
Commit fa0a5a20 authored 4 years ago by Janik Besendorf
--- a/app/src/main/java/com/besendorf/androidsecurityscanner/MainActivity.java
+++ b/app/src/main/java/com/besendorf/androidsecurityscanner/MainActivity.java
+/*
+    Android Security Scanner
+    Copyright (C) 2021  besendorf
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
 package com.besendorf.androidsecurityscanner;
 import android.annotation.SuppressLint;
-import android.app.KeyguardManager;
 import android.hardware.fingerprint.FingerprintManager;
-import android.media.Image;
 import android.os.Build;
 import android.os.Bundle;
 import android.security.keystore.KeyGenParameterSpec;
 import android.security.keystore.KeyProperties;
 import android.security.keystore.StrongBoxUnavailableException;
 import android.view.View;
-import android.widget.ImageView;
 import android.widget.TextView;
 import android.content.pm.PackageManager;
 import androidx.appcompat.app.AppCompatActivity;
 import org.json.JSONException;
 import org.json.JSONObject;
 import java.io.BufferedReader;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.lang.reflect.Method;
 import java.math.BigInteger;
 import java.security.InvalidAlgorithmParameterException;
-import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.Security;
-import java.util.Arrays;
-import java.util.Comparator;
-import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 public class MainActivity extends AppCompatActivity {
-    private KeyStore keyStore;
+    private TextView reportTextView;
-    private TextView textViewFingerprintManager, reportTextView;
    private FingerprintManager fingerprintManager;
-    private KeyguardManager keyguardManager;
    private PackageManager pm;
    private JSONObject json;
    private String sreport;
@@ -52,16 +57,11 @@ public class MainActivity extends AppCompatActivity {
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        reportTextView = (TextView) findViewById(R.id.reportTextView);
        json = new JSONObject();
        pm = getPackageManager();
    }
        public void onBtnClick(View view){
            try {
                json.put("MANUFATURER", Build.MANUFACTURER);
@@ -71,7 +71,6 @@ public class MainActivity extends AppCompatActivity {
                json.put("CPU_MANUFACTURER", getCpu());
                json.put("CPU", getProp("ro.board.platform"));
                json.put("FINGERPRINT",fingerprint());
-                json.put("KEYSTORE",keyStorePresence());
                json.put("ro.product.first_api_level",getProp("ro.product.first_api_level"));
                json.put("ro.boot.flash.locked",getProp("ro.boot.flash.locked"));
                json.put("ro.boot.verifiedbootstate",getProp("ro.boot.verifiedbootstate"));
@@ -91,7 +90,6 @@ public class MainActivity extends AppCompatActivity {
        }
        private boolean fingerprint(){
            //FingerprintManager needs Android 6.0
            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
@@ -103,6 +101,7 @@ public class MainActivity extends AppCompatActivity {
        }
        private boolean keyStorePresence(){
+            // to check for KeyStore presence we try to get an Instance of KeyStore and if we get the Exception we return false
            try {
                ks = KeyStore.getInstance(KeyStore.getDefaultType());
                return true;
@@ -112,21 +111,19 @@ public class MainActivity extends AppCompatActivity {
        }
        private boolean isStrongbox(){
+            // similar to keyStorePresence we use .setIsStrongBoxBacked to make using Strongbox mandatory for a dummy Key Generation which will result in StrongBoxUnavailableException if Strongbox is not available
            KeyGenerator kg = null;
            try {
                kg = KeyGenerator.getInstance(
                        KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
-            } catch (NoSuchAlgorithmException e) {
+            } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
-                return false;
-            } catch (NoSuchProviderException e) {
                return false;
            }
            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
                try {
                    kg.init(new KeyGenParameterSpec.Builder("keystore1", 0)
                            .setCertificateSerialNumber(BigInteger.valueOf(1L))
-                            //.setCertificateSubject()
                            .setIsStrongBoxBacked(true) /* Enable StrongBox */
                            .build());
                } catch (InvalidAlgorithmParameterException e) {
@@ -146,27 +143,8 @@ public class MainActivity extends AppCompatActivity {
        }
-    private JSONObject securityProviders() throws JSONException {
-        Provider[] providers = Security.getProviders();
-        JSONObject providergroup = new JSONObject();
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) Arrays.sort(providers, new Comparator<Provider>() {
-            @Override
-            public int compare(final Provider o1, final Provider o2) {
-                return (o1.getName().compareTo(o2.getName()));
-            }
-        });
-        for (int i = 0; i < providers.length; i++) {
-            JSONObject provider = new JSONObject().put("Info",providers[i].getInfo());
-            provider.put("Version",String.valueOf(providers[i].getVersion()));
-            provider.put("Class",providers[i].getClass().getName());
-            providergroup.put(providers[i].getName(), provider);
-        }
-        return providergroup;
-    }
-// from kaltura-device-info-android
    static String getProp(String s) {
+        // from https://bitbucket.org/oF2pks/kaltura-device-info-android/src/master/app/src/main/java/com/oF2pks/kalturadeviceinfos/Utils.java licenced under GPLv3
        try {
            @SuppressLint("PrivateApi")
            Class<?> aClass = Class.forName("android.os.SystemProperties");
@@ -181,6 +159,7 @@ public class MainActivity extends AppCompatActivity {
    }
    private static String getCpu() {
+        // from https://bitbucket.org/oF2pks/kaltura-device-info-android/src/master/app/src/main/java/com/oF2pks/kalturadeviceinfos/Collector.java licenced under GPLv3
        try {
            Process p = Runtime.getRuntime().exec("cat /proc/cpuinfo");
            InputStream is = null;