Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Sign App with UICC Carrier Privileges Certificates

I was reading information on this link in regards to signing an application with carrier privileges.

I am aware of how to sign an application using a keystore for production releases, but how do I add UICC certificates to my app so it gets carrier privileges?

My main goal is to be able to call TelephonyManager functions like:

iccOpenLogicalChannel
iccCloseLogicalChannel
iccTransmitApduLogicalChannel
iccTransmitApduBasicChannel

This is the stack trace I get when calling one of the above functions:

E/AndroidRuntime: FATAL EXCEPTION: main
E/AndroidRuntime: Process: com.xxxx, PID: 2668
E/AndroidRuntime: java.lang.SecurityException: No modify permission or carrier privilege.
E/AndroidRuntime:     at android.os.Parcel.readException(Parcel.java:1599)
E/AndroidRuntime:     at android.os.Parcel.readException(Parcel.java:1552)
E/AndroidRuntime:     at com.android.internal.telephony.ITelephony$Stub$Proxy.iccOpenLogicalChannel(ITelephony.java:2966)
E/AndroidRuntime:     at android.telephony.TelephonyManager.iccOpenLogicalChannel(TelephonyManager.java:2914)
E/AndroidRuntime:     at android.view.View.performClick(View.java:5198)
E/AndroidRuntime:     at android.view.View$PerformClick.run(View.java:21147)
E/AndroidRuntime:     at android.os.Handler.handleCallback(Handler.java:739)
E/AndroidRuntime:     at android.os.Handler.dispatchMessage(Handler.java:95)
E/AndroidRuntime:     at android.os.Looper.loop(Looper.java:148)
E/AndroidRuntime:     at android.app.ActivityThread.main(ActivityThread.java:5417)
E/AndroidRuntime:     at java.lang.reflect.Method.invoke(Native Method)
E/AndroidRuntime:     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
E/AndroidRuntime:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)

Thanks in advance!

like image 342
CompEng88 Avatar asked Nov 05 '15 17:11

CompEng88


People also ask

What is the UICC on my phone?

UICC(Universal Integrated Circuit Card) is an advanced generation SIM card for laptops or smartphones that are compatible with high-speed internet networks. It can store the contacts and provide you with a reliable and secure voice, global roaming, multi-media connection, and adds new services and applications.

What is carrier privileges?

Carriers have full control of the UICC, so this mechanism provides a secure and flexible way to manage apps from the mobile network operator (MNO) hosted on generic app distribution channels (such as Google Play) while retaining special privileges on devices and without the need to sign apps with the per-device ...

What is a carrier app?

"Carrier Services enables the latest communication services from. mobile carriers, including battery-optimizations and support. for enhanced features in the Android Messages app."

What is Android carrier config?

The carrier configuration supplied by this feature is a set of key-value pairs that change various telephony-related behaviors in the platform.


1 Answers

The question that you should ask yourself is actually a different one: How do I get the certificate for my app signing key into the UICC? Once you have that, the actual signing process is no different than with any other keystore.

So, you would have a keystore containing your signing key pair and a certificate for that key. The certificate could either be a self-signed certificate (that's typically the case for Android app signing keys) or a certificate issued to you by the UICC owner (MNO/carrier). In the first case, you would need to convince the UICC owner to add that self-signed certificate to the access control list(/application) on your UICC. In the second case, the carrier would typically include the root certificate corresponding to the certificate issued to you to the UICC.

You could then use that keystore to sign an app (just as you usually do).

like image 138
Michael Roland Avatar answered Sep 19 '22 10:09

Michael Roland