From fa0a5a20002381c22e5867fb43897238f4bf21ab Mon Sep 17 00:00:00 2001
From: Janik Besendorf <janik@besendorf.org>
Date: Mon, 18 Jan 2021 16:58:13 +0100
Subject: [PATCH] tidying up and comments
---
.../androidsecurityscanner/MainActivity.java | 75 +++++++------------
1 file changed, 27 insertions(+), 48 deletions(-)
diff --git a/app/src/main/java/com/besendorf/androidsecurityscanner/MainActivity.java b/app/src/main/java/com/besendorf/androidsecurityscanner/MainActivity.java
index af69145..35f4f77 100644
--- a/app/src/main/java/com/besendorf/androidsecurityscanner/MainActivity.java
+++ b/app/src/main/java/com/besendorf/androidsecurityscanner/MainActivity.java
@@ -1,48 +1,53 @@
+/*
+ Android Security Scanner
+ Copyright (C) 2021 besendorf
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ */
+
package com.besendorf.androidsecurityscanner;
import android.annotation.SuppressLint;
-import android.app.KeyguardManager;
import android.hardware.fingerprint.FingerprintManager;
-import android.media.Image;
import android.os.Build;
import android.os.Bundle;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProperties;
import android.security.keystore.StrongBoxUnavailableException;
import android.view.View;
-import android.widget.ImageView;
import android.widget.TextView;
import android.content.pm.PackageManager;
-
import androidx.appcompat.app.AppCompatActivity;
-
import org.json.JSONException;
import org.json.JSONObject;
-
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
-import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.Security;
-import java.util.Arrays;
-import java.util.Comparator;
-
-import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
+
public class MainActivity extends AppCompatActivity {
- private KeyStore keyStore;
- private TextView textViewFingerprintManager, reportTextView;
+ private TextView reportTextView;
private FingerprintManager fingerprintManager;
- private KeyguardManager keyguardManager;
private PackageManager pm;
private JSONObject json;
private String sreport;
@@ -52,16 +57,11 @@ public class MainActivity extends AppCompatActivity {
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
-
reportTextView = (TextView) findViewById(R.id.reportTextView);
json = new JSONObject();
-
pm = getPackageManager();
-
-
-
-
}
+
public void onBtnClick(View view){
try {
json.put("MANUFATURER", Build.MANUFACTURER);
@@ -71,7 +71,6 @@ public class MainActivity extends AppCompatActivity {
json.put("CPU_MANUFACTURER", getCpu());
json.put("CPU", getProp("ro.board.platform"));
json.put("FINGERPRINT",fingerprint());
- json.put("KEYSTORE",keyStorePresence());
json.put("ro.product.first_api_level",getProp("ro.product.first_api_level"));
json.put("ro.boot.flash.locked",getProp("ro.boot.flash.locked"));
json.put("ro.boot.verifiedbootstate",getProp("ro.boot.verifiedbootstate"));
@@ -91,7 +90,6 @@ public class MainActivity extends AppCompatActivity {
}
-
private boolean fingerprint(){
//FingerprintManager needs Android 6.0
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
@@ -103,6 +101,7 @@ public class MainActivity extends AppCompatActivity {
}
private boolean keyStorePresence(){
+ // to check for KeyStore presence we try to get an Instance of KeyStore and if we get the Exception we return false
try {
ks = KeyStore.getInstance(KeyStore.getDefaultType());
return true;
@@ -112,21 +111,19 @@ public class MainActivity extends AppCompatActivity {
}
private boolean isStrongbox(){
+ // similar to keyStorePresence we use .setIsStrongBoxBacked to make using Strongbox mandatory for a dummy Key Generation which will result in StrongBoxUnavailableException if Strongbox is not available
KeyGenerator kg = null;
try {
kg = KeyGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
- } catch (NoSuchAlgorithmException e) {
- return false;
- } catch (NoSuchProviderException e) {
+ } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
return false;
}
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
try {
kg.init(new KeyGenParameterSpec.Builder("keystore1", 0)
.setCertificateSerialNumber(BigInteger.valueOf(1L))
- //.setCertificateSubject()
.setIsStrongBoxBacked(true) /* Enable StrongBox */
.build());
} catch (InvalidAlgorithmParameterException e) {
@@ -146,27 +143,8 @@ public class MainActivity extends AppCompatActivity {
}
- private JSONObject securityProviders() throws JSONException {
- Provider[] providers = Security.getProviders();
- JSONObject providergroup = new JSONObject();
- if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) Arrays.sort(providers, new Comparator<Provider>() {
- @Override
- public int compare(final Provider o1, final Provider o2) {
- return (o1.getName().compareTo(o2.getName()));
- }
- });
- for (int i = 0; i < providers.length; i++) {
- JSONObject provider = new JSONObject().put("Info",providers[i].getInfo());
-
- provider.put("Version",String.valueOf(providers[i].getVersion()));
- provider.put("Class",providers[i].getClass().getName());
- providergroup.put(providers[i].getName(), provider);
-
- }
- return providergroup;
- }
-// from kaltura-device-info-android
static String getProp(String s) {
+ // from https://bitbucket.org/oF2pks/kaltura-device-info-android/src/master/app/src/main/java/com/oF2pks/kalturadeviceinfos/Utils.java licenced under GPLv3
try {
@SuppressLint("PrivateApi")
Class<?> aClass = Class.forName("android.os.SystemProperties");
@@ -181,6 +159,7 @@ public class MainActivity extends AppCompatActivity {
}
private static String getCpu() {
+ // from https://bitbucket.org/oF2pks/kaltura-device-info-android/src/master/app/src/main/java/com/oF2pks/kalturadeviceinfos/Collector.java licenced under GPLv3
try {
Process p = Runtime.getRuntime().exec("cat /proc/cpuinfo");
InputStream is = null;
--
GitLab