In unsafe devices , If root Or unlock the phone , Running an application is usually accompanied by a certain security risk , For example, it is used by malicious virus or Trojan software root Permission to implant virus 、 Tamper with user equipment information and destroy the system . therefore , How to do a good job in the application of security protection 、 Avoid safety risks in the environment of unsafe equipment , Has become a factor that developers must consider . Regarding this , Huawei opens security detection service , Provide system integrity check （SysIntegrity API）, It can be used to detect whether the equipment environment in which the application is running is safe , If the device is root、 Being unlocked, etc .

One 、 The service is introduced

Huawei system integrity testing includes the following features ：

1. Based on trusted execution environment TEE Provide system integrity test results ： When the device starts safely , stay TEE To evaluate the integrity of the detection system , High credibility , And dynamically evaluate the integrity of the system .
2. The system integrity test results are safe and reliable ： The system integrity test results are signed by digital certificate , The test results cannot be tampered with .

The business flow chart is shown in the figure below ：

(1). Your application integration HMS Core SDK call Safety Detect service. (2). request TSMS（Trusted Security Management Service） Server signature detection results Server. (3). Your app requests its own service test results . ---- end

Two 、 Scene case introduction

Now there is finance 、 entertainment 、 Convenient life 、 News reading and many other fields App Integrated with Huawei system integrity detection ： Financial application integration Huawei SysIntegrity, It can effectively improve transaction security . for example , You can enter the credit card security code in the user （CVC） when , Make sure the system environment of the mobile phone is safe . If the mobile phone device fails to pass the system integrity test verification , You are not allowed to use the app , In order to protect the transaction security ：

life 、 News reading class application , Integrate SysIntegrity Can effectively prevent hacker attacks , Ensure the security of in app payment and other activities ：

Video entertainment application integration SysIntegrity, Can help protect content copyright ; When a user registers 、 When watching and downloading offline video , You can ensure that users are on content provider approved devices , Complete streaming and video playback ：

3、 ... and 、 Developing code

1 stay AppGallery Connect Configuration information in

Before developing applications , Need to be in AppGallery Connect Configuration information in . Specific operation steps ：https://developer.huawei.com/consumer/cn/doc/HMSCore-Guides-V5/config-agc-0000001050416303-V5

2 To configure HMS Core SDK Of Maven Warehouse address

2.1 open Android Studio Project level “build.gradle" file

2.2 add to HUAWEI agcp Plugins and Maven The code base stay allprojects-> repositories It's equipped with HMS Core SDK Of Maven Warehouse address .

1.  allprojects {  

2.      repositories {  

3.          google()  

4.          jcenter()  

5.          maven {url 'https://developer.huawei.com/repo/'}  

6.      }  

7.   }  

stay buildscript->repositories It's equipped with HMS Core SDK Of Maven Warehouse address .

1.  buildscript {  

2.     repositories {  

3.         google()  

4.         jcenter()  

5.         maven {url 'https://developer.huawei.com/repo/'}  

6.     }  

7.  }  

stay buildscript ->dependencies Add configuration to it .

1.  buildscript{  

2.      dependencies {  

3.           classpath 'com.huawei.agconnect:agcp:1.3.1.300'  

4.      }  

5.   }  

3 establish SafetyDetectClient And generate nonce value

1.  //  establish SafetyDetectClient  

2.  SafetyDetectClient mClient = SafetyDetect.getClient(MainActivity.this);  

3.  //  Generate  nonce value   

4.  byte[] nonce = new byte[24];  

5.  try {  

6.      SecureRandom random;  

7.      if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.O) {  

8.          random = SecureRandom.getInstanceStrong();  

9.      } else {  

10.         random = SecureRandom.getInstance("SHA1PRNG");  

11.     }  

12.     random.nextBytes(nonce);  

13. } catch (NoSuchAlgorithmException e) {  

14.     Log.e(TAG, e.getMessage());  

15. }  

4 Create a test result monitor

1.  //  Realization OnSuccessListener Interface , And from  onSuccess Get test results   

2.  protected class SysIntegrityOnSuccessListener implements OnSuccessListener<SysIntegrityResp> {  

3.    

4.      //  Get system integrity test results  

5.      @Override  

6.      public void onSuccess(SysIntegrityResp sysIntegrityResp) {  

7.    

8.      }  

9.    

10. }  

11. //  Realization OnFailureListener Interface , And from  onFailure Exception details   

12. protected class SysIntegrityOnFailureListener implements OnFailureListener {  

13.     //  Get exception error code, exception details   

14.     @Override  

15.     public void onFailure(Exception e) {  

16.   

17.     }  

18. }  

5 Call system integrity check

1.  //  Call the system integrity detection interface ,******** Pass in appid  

2.  Task task = mClient.sysIntegrity(nonce,"********");  

3.  task.addOnSuccessListener(new SysIntegrityOnSuccessListener()).addOnFailureListener(new SysIntegrityOnFailureListener());  

6 The results verify that

Server to verify the integrity of the system detection results can refer to the developer alliance official website .

DEMO demonstration

If you're interested in implementation , You can refer to Github Source link ：https://github.com/HMS-Core/hms-safetydetect-demo-android

More detailed development guidelines , Please refer to the official website of Huawei developer alliance ： Huawei developer Alliance ：https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/dysintegritydevelopment-0000001050156331

Get development guidance document ： https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/introduction-0000001050156325ha_source=hms1

download demo And sample code go to Github：https://github.com/HMS-Core

To solve the integration problem, please go to Stack Overflow： https://stackoverflow.com/questions/tagged/huawei-mobile-services?tab=Newest

---

Link to the original text ：https://developer.huawei.com/consumer/cn/forum/topic/0201393882637910006?fid=18

The original author ： Eat anything at night