/DisableDevSettings

The goal of this app is to secure an android device before it goes in production.

Primary LanguageKotlinMIT LicenseMIT

Goal

This app deactivate ADB, the development mode, revoke ADB authorisation and remove itself.

The goal is to secure an android device before it goes in production.

How to Build

You need to sign your app with the platform signature of your device. To do so set environment variables or put them in the local.properties:

KEYSTORE_FILE=/myuser/mykeystores/platform.keystore
KEYSTORE_PASSWORD=xxxxxx
KEYSTORE_ALIAS=yyyyyy
ALIAS_PASSWORD=zzzzzz

Then

./gradlew assembleRelease

How to work with hidden/system APIs

This project shows how to use system / hidden API in Android.

For most API you need to sign your application with the platform certificate (keystore) of your device:

For AOSP, you can find the platform certificates here :

AOSP repository You can transform platform.pk8 and platform.x509.pem in a keystore by doing:

openssl pkcs8 -inform DER -nocrypt -in platform.pk8 -out key.pem

openssl pkcs12 -export -in platform.x509.pem -inkey key.pem -out platform.p12 -password pass:my_key_password -name aosp_platform_key

keytool -importkeystore -deststorepass my_keystore_password -destkeystore platform.keystore -srckeystore platform.p12 -srcstoretype PKCS12 -srcstorepass my_key_password

keytool -list -v -keystore platform.keystore

To know more about those certificate see:

Android security part 1: application signatures & permissions

Because most of the API are hidden and not expose in the official SDK you need to either call those API in reflexion [1], use AIDL [2], create a stub [3] or hack the Android SDK [4] with for example :

https://github.com/anggrayudi/android-hidden-api

What I'm used to do usually, when I'm working locally, to ease the find of API, is to look into the Settings App for the API I need :

https://github.com/aosp-mirror/platform_packages_apps_settings

And then I hack the SDK [4] to test the functionnality I want.

val activityManager : ActivityManager = getSystemService(Context.ACTIVITY_SERVICE) as ActivityManager
activityManager.forceStopPackage("com.android.settings")

val usbManager = IUsbManager.Stub.asInterface(ServiceManager.getService(Context.USB_SERVICE))
usbManager.clearUsbDebuggingKeys()

Then for production I use both reflexion [1], AIDL [2] and stub [3]

val activityManager : ActivityManager = getSystemService(Context.ACTIVITY_SERVICE) as ActivityManager
// Reflexion calls
val forceStopAppMethod = activityManager.javaClass.getMethod("forceStopPackage", String::class.java)
forceStopAppMethod.invoke(activityManager,"com.android.settings")


// Use of ServiceManager.getService stub
val usbService = ServiceManager.getService(Context.USB_SERVICE)
// Use of IUsbManager AIDL
val usbManager = IUsbManager.Stub.asInterface()
usbManager.clearUsbDebuggingKeys()