feat: password protection & hardware security & app signature added

* chore: ktlint

Signed-off-by: Denis Dobanda <[email protected]>

* feat: password protection check added

Signed-off-by: Denis Dobanda <[email protected]>

* feat: password protection check added

Signed-off-by: Denis Dobanda <[email protected]>

* feat: app signature missmatch detection added

Signed-off-by: Denis Dobanda <[email protected]>

---------

Signed-off-by: Denis Dobanda <[email protected]>

Author: theDeniZ

.editorconfig

@@ -0,0 +1,20 @@
+root = true
+
+[*]
+insert_final_newline = true
+
+[{*.kt,*.kts}]
+ij_kotlin_code_style_defaults = KOTLIN_OFFICIAL
+ktlint_code_style = android_studio
+ktlint_function_signature_rule_force_multiline_when_parameter_count_greater_or_equal_than = 3
+max_line_length = 80
+
+ktlint_function_naming_ignore_when_annotated_with = Composable
+
+ij_kotlin_allow_trailing_comma = true
+ij_kotlin_allow_trailing_comma_on_call_site = true
+
+#  Disable wildcard imports entirely with the following three configurations
+ij_kotlin_name_count_to_use_star_import = 2147483647
+ij_kotlin_name_count_to_use_star_import_for_members = 2147483647
+ij_kotlin_packages_to_use_import_on_demand = unset

README.md

@@ -20,6 +20,9 @@ Already implemented Features are:
 - [x] Jailbreak or Root Detection
 - [x] Hooks Detection
 - [x] Simulator Detection
+- [x] Device Passcode Check
+- [x] Hardware Security Check
+- [x] App Signature Check
 
 You can see them in action with the [Example App](./example)
 we've provided
@@ -99,11 +102,8 @@ reportedThreats.contains(ThreatDetectionCenter.Threat.SIMULATOR)
 
 Next features to be implemented:
 
-- [ ] App Signature Check
 - [ ] Debugger Detection
-- [ ] Device Passcode Check
 - [ ] Integrity Check
-- [ ] Hardware Security Check
 
 ## Contributing
 

example/app/build.gradle.kts

@@ -25,18 +25,15 @@ android {
             isMinifyEnabled = false
             proguardFiles(
                 getDefaultProguardFile("proguard-android-optimize.txt"),
-                "proguard-rules.pro"
+                "proguard-rules.pro",
             )
-            // Don't do this, just just to test
+            // Don't do this, just to test
             signingConfig = signingConfigs.getByName("debug")
         }
     }
     compileOptions {
-        sourceCompatibility = JavaVersion.VERSION_1_8
-        targetCompatibility = JavaVersion.VERSION_1_8
-    }
-    kotlinOptions {
-        jvmTarget = "1.8"
+        sourceCompatibility = JavaVersion.VERSION_21
+        targetCompatibility = JavaVersion.VERSION_21
     }
     buildFeatures {
         compose = true
@@ -70,4 +67,4 @@ dependencies {
     androidTestImplementation(libs.androidx.ui.test.junit4)
     debugImplementation(libs.androidx.ui.tooling)
     debugImplementation(libs.androidx.ui.test.manifest)
-}
+}

example/app/src/androidTest/java/com/exxeta/mobilesecuritytoolkitexample/ExampleInstrumentedTest.kt

@@ -1,13 +1,11 @@
 package com.exxeta.mobilesecuritytoolkitexample
 
-import androidx.test.platform.app.InstrumentationRegistry
 import androidx.test.ext.junit.runners.AndroidJUnit4
-
+import androidx.test.platform.app.InstrumentationRegistry
+import org.junit.Assert.*
 import org.junit.Test
 import org.junit.runner.RunWith
 
-import org.junit.Assert.*
-
 /**
  * Instrumented test, which will execute on an Android device.
  *
@@ -19,6 +17,9 @@ class ExampleInstrumentedTest {
     fun useAppContext() {
         // Context of the app under test.
         val appContext = InstrumentationRegistry.getInstrumentation().targetContext
-        assertEquals("com.exxeta.mobilesecuritytoolkitexample", appContext.packageName)
+        assertEquals(
+            "com.exxeta.mobilesecuritytoolkitexample",
+            appContext.packageName,
+        )
     }
-}
+}

example/app/src/main/java/com/exxeta/mobilesecuritytoolkitexample/MainActivity.kt

@@ -4,7 +4,6 @@ import android.os.Bundle
 import androidx.activity.ComponentActivity
 import androidx.activity.compose.setContent
 import androidx.activity.enableEdgeToEdge
-import androidx.compose.ui.platform.LocalContext
 import com.exxeta.mobilesecuritytoolkitexample.ui.theme.MobileSecurityToolkitExampleTheme
 
 class MainActivity : ComponentActivity() {
@@ -17,4 +16,4 @@ class MainActivity : ComponentActivity() {
             }
         }
     }
-}
+}

example/app/src/main/java/com/exxeta/mobilesecuritytoolkitexample/ThreatStatusList.kt

@@ -28,7 +28,6 @@ import com.exxeta.securitytoolkit.ThreatDetectionCenter
 
 @Composable
 fun ThreatStatusList() {
-
     val context = LocalContext.current
     val detectionCenter = ThreatDetectionCenter(context)
     detectionCenter.threats
@@ -46,7 +45,9 @@ fun ThreatStatusList() {
         ThreatStatus(
             "Root",
             "Is a way of acquiring privileged control over the operating system of a device. Tools such as Magisk or Shadow can hide the privileged access",
-            reportedThreats.contains(ThreatDetectionCenter.Threat.ROOT_PRIVILEGES),
+            reportedThreats.contains(
+                ThreatDetectionCenter.Threat.ROOT_PRIVILEGES,
+            ),
         ),
         ThreatStatus(
             "Hooks",
@@ -58,11 +59,30 @@ fun ThreatStatusList() {
             "Running the application in an Emulator",
             reportedThreats.contains(ThreatDetectionCenter.Threat.SIMULATOR),
         ),
+        ThreatStatus(
+            "Passcode",
+            "Indicates if current device is unprotected with a passcode. Biometric protection requires a passcode to be set up",
+            reportedThreats.contains(
+                ThreatDetectionCenter.Threat.DEVICE_WITHOUT_PASSCODE,
+            ),
+        ),
+        ThreatStatus(
+            "Hardware protection",
+            "Refers to hardware capabilities of current device, specific to hardware-backed cryptography operations. If not available, no additional hardware security layer can be used when working with keys, certificates and keychain",
+            reportedThreats.contains(
+                ThreatDetectionCenter.Threat.HARDWARE_PROTECTION_UNAVAILABLE,
+            ),
+        ),
+        ThreatStatus(
+            "Signature missmatch",
+            "Expects app to be signed with a given certificate. For PlayStore should match the one provided by the store via Play Console",
+            detectionCenter.hasAppSignatureMissmatch("INVALID"),
+        ),
     )
 
     LazyColumn(
         modifier = Modifier
-            .padding(16.dp)
+            .padding(16.dp),
     ) {
         item {
             Spacer(modifier = Modifier.height(48.dp))
@@ -71,7 +91,7 @@ fun ThreatStatusList() {
                 contentDescription = "stethoscope_24px",
                 modifier = Modifier
                     .fillMaxWidth()
-                    .size(80.dp)
+                    .size(80.dp),
             )
             Spacer(modifier = Modifier.height(24.dp))
             Text(
@@ -80,7 +100,7 @@ fun ThreatStatusList() {
                 modifier = Modifier
                     .fillMaxWidth()
                     .padding(bottom = 8.dp),
-                textAlign = TextAlign.Center
+                textAlign = TextAlign.Center,
             )
             Text(
                 text = "Here is a list of the threats that could put you at risk",
@@ -89,7 +109,7 @@ fun ThreatStatusList() {
                     .fillMaxWidth()
                     .padding(bottom = 16.dp),
                 textAlign = TextAlign.Center,
-                color = Color.Gray
+                color = Color.Gray,
             )
         }
         items(threats) { item ->
@@ -98,7 +118,7 @@ fun ThreatStatusList() {
                     .padding(8.dp)
                     .fillMaxWidth(),
                 shape = MaterialTheme.shapes.medium,
-                elevation = CardDefaults.cardElevation(1.dp)
+                elevation = CardDefaults.cardElevation(1.dp),
             ) {
                 ThreatStatusRow(threatStatus = item)
             }
@@ -112,4 +132,4 @@ private fun Preview() {
     MobileSecurityToolkitExampleTheme {
         ThreatStatusList()
     }
-}
+}

example/app/src/main/java/com/exxeta/mobilesecuritytoolkitexample/ThreatStatusRow.kt

@@ -46,22 +46,24 @@ fun ThreatStatusRow(threatStatus: ThreatStatus) {
             Box(
                 modifier = Modifier
                     .clip(RoundedCornerShape(CornerSize(size = 4.dp)))
-                    .background(if (threatStatus.isDetected) redColor else greenColor)
+                    .background(
+                        if (threatStatus.isDetected) redColor else greenColor,
+                    ),
             ) {
                 Text(
                     text = if (threatStatus.isDetected) "DETECTED" else "SAFE",
                     color = MaterialTheme.colorScheme.background,
                     style = MaterialTheme.typography.bodySmall,
                     modifier = Modifier
                         .padding(vertical = 2.dp)
-                        .padding(horizontal = 8.dp)
+                        .padding(horizontal = 8.dp),
                 )
             }
         }
         Text(
             threatStatus.description,
             style = MaterialTheme.typography.titleMedium,
-            color = Color.Gray
+            color = Color.Gray,
         )
     }
 }
@@ -72,8 +74,10 @@ private fun Preview() {
     MobileSecurityToolkitExampleTheme {
         ThreatStatusRow(
             ThreatStatus(
-                "Jailbreak", "Description", false,
-            )
+                "Jailbreak",
+                "Description",
+                false,
+            ),
         )
     }
-}
+}

example/app/src/main/java/com/exxeta/mobilesecuritytoolkitexample/ui/theme/Color.kt

@@ -8,4 +8,4 @@ val Pink80 = Color(0xFFEFB8C8)
 
 val Purple40 = Color(0xFF6650a4)
 val PurpleGrey40 = Color(0xFF625b71)
-val Pink40 = Color(0xFF7D5260)
+val Pink40 = Color(0xFF7D5260)

example/app/src/main/java/com/exxeta/mobilesecuritytoolkitexample/ui/theme/Theme.kt

@@ -1,6 +1,5 @@
 package com.exxeta.mobilesecuritytoolkitexample.ui.theme
 
-import android.app.Activity
 import android.os.Build
 import androidx.compose.foundation.isSystemInDarkTheme
 import androidx.compose.material3.MaterialTheme
@@ -14,13 +13,13 @@ import androidx.compose.ui.platform.LocalContext
 private val DarkColorScheme = darkColorScheme(
     primary = Purple80,
     secondary = PurpleGrey80,
-    tertiary = Pink80
+    tertiary = Pink80,
 )
 
 private val LightColorScheme = lightColorScheme(
     primary = Purple40,
     secondary = PurpleGrey40,
-    tertiary = Pink40
+    tertiary = Pink40,
 
     /* Other default colors to override
     background = Color(0xFFFFFBFE),
@@ -30,28 +29,34 @@ private val LightColorScheme = lightColorScheme(
     onTertiary = Color.White,
     onBackground = Color(0xFF1C1B1F),
     onSurface = Color(0xFF1C1B1F),
-    */
+     */
 )
 
 @Composable
 fun MobileSecurityToolkitExampleTheme(
     darkTheme: Boolean = isSystemInDarkTheme(),
     // Dynamic color is available on Android 12+
     dynamicColor: Boolean = true,
-    content: @Composable () -> Unit
+    content: @Composable () -> Unit,
 ) {
     val colorScheme = when {
-      dynamicColor && Build.VERSION.SDK_INT >= Build.VERSION_CODES.S -> {
-        val context = LocalContext.current
-        if (darkTheme) dynamicDarkColorScheme(context) else dynamicLightColorScheme(context)
-      }
-      darkTheme -> DarkColorScheme
-      else -> LightColorScheme
+        dynamicColor && Build.VERSION.SDK_INT >= Build.VERSION_CODES.S -> {
+            val context = LocalContext.current
+            if (darkTheme) {
+                dynamicDarkColorScheme(
+                    context,
+                )
+            } else {
+                dynamicLightColorScheme(context)
+            }
+        }
+        darkTheme -> DarkColorScheme
+        else -> LightColorScheme
     }
 
     MaterialTheme(
-      colorScheme = colorScheme,
-      typography = Typography,
-      content = content
+        colorScheme = colorScheme,
+        typography = Typography,
+        content = content,
     )
-}
+}

example/app/src/main/java/com/exxeta/mobilesecuritytoolkitexample/ui/theme/Type.kt

@@ -13,8 +13,8 @@ val Typography = Typography(
         fontWeight = FontWeight.Normal,
         fontSize = 16.sp,
         lineHeight = 24.sp,
-        letterSpacing = 0.5.sp
-    )
+        letterSpacing = 0.5.sp,
+    ),
     /* Other default text styles to override
     titleLarge = TextStyle(
         fontFamily = FontFamily.Default,
@@ -30,5 +30,5 @@ val Typography = Typography(
         lineHeight = 16.sp,
         letterSpacing = 0.5.sp
     )
-    */
-)
+     */
+)

example/app/src/test/java/com/exxeta/mobilesecuritytoolkitexample/ExampleUnitTest.kt

@@ -1,8 +1,7 @@
 package com.exxeta.mobilesecuritytoolkitexample
 
-import org.junit.Test
-
 import org.junit.Assert.*
+import org.junit.Test
 
 /**
  * Example local unit test, which will execute on the development machine (host).
@@ -14,4 +13,4 @@ class ExampleUnitTest {
     fun addition_isCorrect() {
         assertEquals(4, 2 + 2)
     }
-}
+}

example/build.gradle.kts

@@ -2,4 +2,4 @@
 plugins {
     alias(libs.plugins.android.application) apply false
     alias(libs.plugins.jetbrains.kotlin.android) apply false
-}
+}

example/gradle/libs.versions.toml

@@ -25,7 +25,7 @@ androidx-ui-tooling-preview = { group = "androidx.compose.ui", name = "ui-toolin
 androidx-ui-test-manifest = { group = "androidx.compose.ui", name = "ui-test-manifest" }
 androidx-ui-test-junit4 = { group = "androidx.compose.ui", name = "ui-test-junit4" }
 androidx-material3 = { group = "androidx.compose.material3", name = "material3" }
-android-security-toolkit = { module = "com.github.EXXETA:Android-Security-Toolkit", version.ref = "androidSecurityToolkit" }
+android-security-toolkit = { module = "com.local.project:securitytoolkit", version.ref = "androidSecurityToolkit" }
 
 [plugins]
 android-application = { id = "com.android.application", version.ref = "agp" }