Apr 8
Exploring Android Protected Confirmation
Android Protected Confirmation is a security feature that was introduced back in Android 9 (API level 28). This feature enables you to use Trusted UI to confirm a certain user action (usually a transaction).
What is Trusted UI?
Trusted UI is hardware-protected user interface that facilitates high assurance to critical transactions. There are three components within Trusted UI that you need to notice:
- Prompt message: This is the message that your app wants user to confirm. In the example below, the prompt message is
You are going to transfer 4200 EUR to IBAN DE16533700240123456701 - Confirm button: This is the button that user needs to click to confirm the transaction. In the example, the confirm button is
Double-press power to confirm. - Cancel button: This is the button that user needs to click to cancel the transaction. In the example, the cancel button is
Cancel.
ā
The Android Protected Confirmation documentation specifies the steps needed to utilize this feature, starting from generating asymmetric signing key up to displaying the confirmation dialog.
In this article, we are going to create a simple application that loosely follow those steps. We are only going to implement the client-side code and ignoring the server-side (relying/remote party) code. Hereās what it will look like at the end:
Whereās the Source Code?
Step by Step Explanation
Follow the steps provided below to create this application.
1. Open Android Studio. Create new project with āEmpty Activityā option.
2. First, we need to add jackson-dataformat-cbor dependency to our app/build.gradle file. This is needed to parse CBOR data structure that will be returned by Android Protected Confirmation.
3. Next, we are going to update our layout, activity_main.xml file. The image below shows how the layout will look like. Starting from the top, there are 3 TextViews that display attestation challenge, attestation certificate issuer, and extra data. These first and last of these three things are the input of our Android Protected Confirmation. In a real app, attestation challenge and extra data can be provided by the relying party (remote server). In this article, however, these values will be hard-coded.
Below the TextViews, there is a button that will trigger the Android Protected Confirmation prompt. It will simulate a transaction of user sending their money to their mother.
Below the button, there are two TextViews that display data that was confirmed and signature. āData that was confirmedā is the success output of Android Protected Confirmation. It is formatted using CBOR data structure. This data then will be signed with a PrivateKey, resulting in the displayed signature.
To make the layout above, copy-paste the code snippet below:
4. Lastly, we are going to update our MainActivity.kt file. Go ahead and copy-paste the code snippet below. But hereās the most important things to note:
First, while we are creating a PrivateKey for signing, donāt forget to call setUserConfirmationRequired() and setAttestationChallenge() methods. The first method is used so that the PrivateKey can only be used to sign the data produced by Android Protected Confirmation. The second method is used so that we have attestation certificate that can be sent to the relying party to confirm the trustworthiness of the attestation.
Second, notice the content of MyConfirmationCallback class. If user confirms the transaction, onConfirm(dataThatWasConfirmed) will be called. Note that dataThatWasConfirmed is a CBOR structure data that will be signed by the PrivateKey.
Lastly, note the usage of ConfirmationPrompt.Builder to display the Android Protected Confirmation dialog itself.
5. Thatās it! Now run your app and you should be able to see something like this:
As always, thanks for reading!
