Verifying Signature of OS: Determining Custom ROM Environment
487 views
Skip to first unread message
Oyin Oluwatimi
Nov 7, 2013, 10:07:09 PM11/7/13
to android-...@googlegroups.com
Hey ladies and gents.
I am working on this application to provide security services. I also have a custom operating system to work in conjunction with the app if the user desires additional features.
Now the problem:
The app can run on both stock Android OS and my custom OS. I do not want the application to run on anyone else's custom ROM.
I know that someone can modify the BUILD constants of the device by rooting it and modifying the build.prop file that.
I basically can not use any Android SDK API because that could have been modified in a custom build.
Does anyone have an idea to ensuring an app is not running on a custom build?
Will using System.getProperty("os.version") work?
ROMs have to be signed, so is it possible to verify the signature of the currently running ROM?
Thanks in advance.
shridutt kothari
Nov 8, 2013, 3:08:05 AM11/8/13
to android-...@googlegroups.com
Hi Oyin,
As you mentioned that "The app can run on both stock Android OS and your custom OS" and "you do not want the application to run on anyone else's custom ROM".
out of which you If you want to verify that is it your custom Rom in your application you could do the by verifying the platform signature and if that matches with your custom Rom signature it is your Rom.
but i don't know how can you check it's any stock Rom of certain manufacturer or anyone's custom Rom, as in both case there's no way we can identify the signature of Rom that is the signature is of manufacturer or someone else.
Thanks,
Shridutt Kothari
Impetus Infotech ltd.
Mark Murphy
Nov 8, 2013, 7:09:36 AM11/8/13
to android-...@googlegroups.com
On Thu, Nov 7, 2013 at 10:07 PM, Oyin Oluwatimi
<david.e...@gmail.com> wrote:
> The app can run on both stock Android OS and my custom OS. I do not want the
> application to run on anyone else's custom ROM.
Every Android device runs a "custom ROM", whether made by the device
<david.e...@gmail.com> wrote:
> The app can run on both stock Android OS and my custom OS. I do not want the
> application to run on anyone else's custom ROM.
manufacturer or somebody else. Hence, if your app is running, it is
running on a custom ROM.
> Does anyone have an idea to ensuring an app is not running on a custom
> build?
manufacturer or somebody else. Hence, if your app is running, it is
running on a custom build.
> ROMs have to be signed, so is it possible to verify the signature of the
> currently running ROM?
request that in the app via <uses-permission>, and sign both with the
same signing key. If you got the signature-level permission, then you
are running on your own custom ROM, or somebody stole your signing
key.
--
Mark Murphy (a Commons Guy)
http://commonsware.com | http://github.com/commonsguy
http://commonsware.com/blog | http://twitter.com/commonsguy
_The Busy Coder's Guide to Android Development_: 2,500+ Pages, Updated
Frequently!
Reply all
Reply to author
Forward
0 new messages