Use system PIN dialog in Android application

Question

Background

I am trying to write an application which works like described below.

• When user start application it check if user have registered PIN on his device.
• If user have registered PIN, application must show button "Continue with PIN".
• When user press on button "Continue with PIN" system standard PIN dialog must appears.
• User enter his PIN and press "Continue" button.
• After System must check if entered PIN is correct or no and continue working.

---

Searches

I have made some searches and found some articles on stackoverflow and other internet sources which say "There is no way to develop a new custom unlock mechanism on a non-rooted phone." or "I would be surprised if you could, because then you would be probably able to steal the pin code, and I don't think anyone would want that.".

Also I have watched some video tutorials like Tutorial: Android Internals - Building a Custom ROM, Pt. 1 of 2 and Tutorial: Android Internals - Building a Custom ROM, Pt. 2 of 2.

EDITED

I have made some searches today and found a very interesting thing, I think I am on a right way to the solution, and I want to share my ideas with you. So looking in android sources I found an interesting files ChooseLockPassword.java (packages\apps\Settings\src\com\android\settings) and LockPatternUtils.java (*frameworks\base\core\java\com\android\internal\widget*) now I am interest in:

Question

How can I call LockPatternUtils class function from my code ? Or Why I cant see that function in Eclipse ?

---

Decision

So I think that the only way to get access to the Android system PIN dialog is to root the phone make some changes in the system files and use system PIN dialod

---

Question

1. Can somebody provide me useful links about getting access to the system PIN dialog in the rooted phone.
2. Am I on a right way and can I solve my problem in this way?
3. If anybody encountered such problem please help me to solve.

Any Solutions?

Answer 1

Okay, I have solved this problem and now I want to share my solution with you.

At first as I told I have android sources so I have made some changes in android sources to get access to the PIN and Pattern dialogs. And here they are:

in ~\AndroidSources\pakages\apps\Settings\AndroidManifest.xml I have changed following lines of code

<activity android:name="ConfirmLockPattern"
          android:exported="true"> // This line was added by me.
</activity>

<activity android:name="ConfirmLockPassword"
          android:exported="true" // This line was added by me.
          android:them="@android:style/Them.NoTitleBar">
</activity>

<activity android:name="ChooseLockPattern"
          android:exported="true" // This line was added by me.
          android:label="@string/lockpattern_change_lock_pattern_label">
</activity>

This modifications allow me to call "ConfirmLockPattern", "ConfirmLockPassword" and "ChooseLockPattern" activities from my own application. After I compile android Source codes and launch system.img on my emulator.

In my application I have write following functions in order to call "ConfirmLockPattern" or "ChooseLockPattern" activities:

/**
 * Show PIN/Password confirmation dialog.
 */
void ShowConfirmLockPINActivity() {
    CustomLog.i(TAG, "Show Confirm Lock PIN Activity");
    Intent intent = new Intent(Intent.ACTION_RUN);
    intent.setComponent(new ComponentName("com.android.settings",
        "com.android.settings.ConfirmLockPassword"));
    startActivityForResult(intent, mRequestCode);
} /* ShowConfirmLockPINActivity() */

/**
 * Show set PIN/Password dialog.
 */
void ShowSetLockPINActivity() {
    CustomLog.i(TAG, "Show Set Lock PIN Activity");
    Intent intent = new Intent(Intent.ACTION_RUN);
    intent.setComponent(new ComponentName("com.android.settings",
        "com.android.settings.ChooseLockPassword"));
    startActivityForResult(intent, mRequestCode);
} /* ShowSetLockPINActivity() */

/**
 * Show Pattern Confirmation dialog.
 */
void ShowSetLockPatternActivity() {
    CustomLog.i(TAG, "Show Set Lock Pattern Activity");
    Intent intent = new Intent(Intent.ACTION_RUN);
    intent.setComponent(new ComponentName("com.android.settings",
        "com.android.settings.ConfirmLockPattern"));
    startActivityForResult(intent, mRequestCode);
} /* ShowSetLockPatternActivity() */

Answer 2

Here are some considerations regarding your question.

1. Diving deep into Android's code is not very good idea in this particular case, since verifying PIN code is an important security point and its mechanism must be hidden and well protected to avoid any malicious intentions.

2. Thus, the actions you want to perform (ask for PIN and then check it against real PIN) are prohibited and would look like an intrusion. So, you shouldn't try to get an access to the storage of user passwords.

3. It would be more correct to try launching standard PIN screen via some Intent and ask it to make all job for you. However, a brief investigation didn't give me any results in this direction; perhaps, you'll find something.

4. Modifying the ROM is obviously dead-end - no one will flash the phone to install one app. Requiring rooted phone is a bit better, there are apps that cannot run on non-rooted phone, but still it forwards us back to the point #2 (intrusion).

5. Users may disable PIN check and there are devices with no SIM.

So, according to the all mentioned I'd suggest you think of different verification method for your app.