Saleh
Reputation: 1931
Build AOSP so it has a hidden key value only available to system apps
I am building a AOSP ROM for my tv box. I have a system app developed and put it in AOSP as a priv-app.
I want to track hardware itself so I will be able to uniquely identify the box at server side. BUT I don't want this ID, leak to other apps any user can install on it. (so an adversary can not find out key via installing his app on many devices)
So far I was able to burn a key and reading it via this code:
String serial = null;
try {
Class<?> c = Class.forName("android.os.SystemProperties");
Method get = c.getMethod("get", String.class);
serial = (String) get.invoke(c, "ro.boot.mycustomserialnumber");
} catch (Exception ignored) {
}
But this code can be run by any app without any permission. Can I prevent regular apps to access to this value?
Upvotes: 0
Views: 262
Answers (1)
You Kim
Reputation: 2815
Add custom name/value pair in SettingsProvider or You can make own Provider. Guard a name/value pair with custom permission, and give that permission to your app only.
Upvotes: 2
Related Questions
- AOSP building: replace my own keys with default test-keys
- When building AOSP, how to prevent ADB access to services.jar?
- How do you set ANDROID_VENDOR_KEYS on an AOSP build?
- Building AOSP and adding a system app with runtime permission
- How to configure the various PRODUCT_AAPT_ properties for AOSP?
- Hide API Key in Manifest and in source code android
- How to hide API Keys in Android
- AOSP: How to restrict app accessing Camera, Location?
- How can I make my API key hidden so that anyone decompling my app wouldn't see it?
- Hiding API keys used in an open source application