In unsafe devices , If root Or unlock the phone , Running an application is usually accompanied by a certain security risk , For example, it is used by malicious virus or Trojan software root Permission to implant virus 、 Tamper with user equipment information and destroy the system . therefore , How to do a good job in the application of security protection 、 Avoid safety risks in the environment of unsafe equipment , Has become a factor that developers must consider . Regarding this , Huawei opens security detection service , Provide system integrity check (SysIntegrity API), It can be used to detect whether the equipment environment in which the application is running is safe , If the device is root、 Being unlocked, etc .
One 、 The service is introduced
Huawei system integrity testing includes the following features :
- Based on trusted execution environment TEE Provide system integrity test results : When the device starts safely , stay TEE To evaluate the integrity of the detection system , High credibility , And dynamically evaluate the integrity of the system .
- The system integrity test results are safe and reliable : The system integrity test results are signed by digital certificate , The test results cannot be tampered with .
The business flow chart is shown in the figure below :
(1). Your application integration HMS Core SDK call Safety Detect service.
(2). request TSMS(Trusted Security Management Service) Server signature detection results Server.
(3). Your app requests its own service test results .
---- end
Two 、 Scene case introduction
Now there is finance 、 entertainment 、 Convenient life 、 News reading and many other fields App Integrated with Huawei system integrity detection :
Financial application integration Huawei SysIntegrity, It can effectively improve transaction security . for example , You can enter the credit card security code in the user (CVC) when , Make sure the system environment of the mobile phone is safe . If the mobile phone device fails to pass the system integrity test verification , You are not allowed to use the app , In order to protect the transaction security :
life 、 News reading class application , Integrate SysIntegrity Can effectively prevent hacker attacks , Ensure the security of in app payment and other activities :
Video entertainment application integration SysIntegrity, Can help protect content copyright ; When a user registers 、 When watching and downloading offline video , You can ensure that users are on content provider approved devices , Complete streaming and video playback :
3、 ... and 、 Developing code
1 stay AppGallery Connect Configuration information in
Before developing applications , Need to be in AppGallery Connect Configuration information in .
Specific operation steps :https://developer.huawei.com/consumer/cn/doc/HMSCore-Guides-V5/config-agc-0000001050416303-V5
2 To configure HMS Core SDK Of Maven Warehouse address
2.1 open Android Studio Project level “build.gradle" file
2.2 add to HUAWEI agcp Plugins and Maven The code base
stay allprojects-> repositories It's equipped with HMS Core SDK Of Maven Warehouse address .
1. allprojects {
2. repositories {
3. google()
4. jcenter()
5. maven {url 'https://developer.huawei.com/repo/'}
6. }
7. } stay buildscript->repositories It's equipped with HMS Core SDK Of Maven Warehouse address .
1. buildscript {
2. repositories {
3. google()
4. jcenter()
5. maven {url 'https://developer.huawei.com/repo/'}
6. }
7. } stay buildscript ->dependencies Add configuration to it .
1. buildscript{
2. dependencies {
3. classpath 'com.huawei.agconnect:agcp:1.3.1.300'
4. }
5. } 3 establish SafetyDetectClient And generate nonce value
1. // establish SafetyDetectClient
2. SafetyDetectClient mClient = SafetyDetect.getClient(MainActivity.this);
3. // Generate nonce value
4. byte[] nonce = new byte[24];
5. try {
6. SecureRandom random;
7. if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.O) {
8. random = SecureRandom.getInstanceStrong();
9. } else {
10. random = SecureRandom.getInstance("SHA1PRNG");
11. }
12. random.nextBytes(nonce);
13. } catch (NoSuchAlgorithmException e) {
14. Log.e(TAG, e.getMessage());
15. } 4 Create a test result monitor
1. // Realization OnSuccessListener Interface , And from onSuccess Get test results
2. protected class SysIntegrityOnSuccessListener implements OnSuccessListener<SysIntegrityResp> {
3.
4. // Get system integrity test results
5. @Override
6. public void onSuccess(SysIntegrityResp sysIntegrityResp) {
7.
8. }
9.
10. }
11. // Realization OnFailureListener Interface , And from onFailure Exception details
12. protected class SysIntegrityOnFailureListener implements OnFailureListener {
13. // Get exception error code, exception details
14. @Override
15. public void onFailure(Exception e) {
16.
17. }
18. } 5 Call system integrity check
1. // Call the system integrity detection interface ,******** Pass in appid
2. Task task = mClient.sysIntegrity(nonce,"********");
3. task.addOnSuccessListener(new SysIntegrityOnSuccessListener()).addOnFailureListener(new SysIntegrityOnFailureListener()); 6 The results verify that
Server to verify the integrity of the system detection results can refer to the developer alliance official website .
DEMO demonstration
If you're interested in implementation , You can refer to Github Source link :https://github.com/HMS-Core/h...
More detailed development guidelines , Please refer to the official website of Huawei developer alliance :
Huawei developer Alliance :https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/dysintegritydevelopment-0000001050156331
Get development guidance document :
https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/introduction-0000001050156325ha_source=hms1
download demo And sample code go to Github:https://github.com/HMS-Core
To solve the integration problem, please go to Stack Overflow:
https://stackoverflow.com/que...
Link to the original text :https://developer.huawei.com/consumer/cn/forum/topic/0201393882637910006?fid=18
The original author : Eat anything at night
