I understand that to access SIM/eSE from an Android app we need to install Open Mobile API addon on Android Studio. However, is it true that it will not work on all NFC phones? For example, do some OEM limited access to SIM/eSE? Or are there phones where only custom firmware will work with Open Mobile API?
Also, is there a list of phones that support Open Mobile API by default?
That's correct. The phone needs to implement the Open Mobile API (by means of the smartcard system service) in order for your app to be able to use it. Not all devices implement this. It's mainly devices from Samsung, Sony, and HTC which support the Open Mobile API.
In addition to that restriction, you need the SE (UICC/eSE) set up to allow your application (this is handled by GlobalPlatform SE Access Control) to interact with the SE.
Finally, I'm not aware of any complete list (and ther probably is none). However, have a look at the question List of OMAPI supported devices to get some ideas on how to test devices and how to let Play Store generate a list for you.
You may also want to read our report Open Mobile API: Accessing the UICC on Android Devices to get some idea about how the Open Mobile API works.
Related
I like to have single android app in our managed devices, we want only that app to be used on the device with necessary restriction, such that,
Single use - Device will have only one app, user can't use other apps, like browsing, youtube or anything,
the initial setting like notification sound, GPS always on, notification and ring sound maximum level can't be modified.
user can not power off the device.
this setting can only be changed by our servers.
i think i have 2 option,
1) Using samsung knox sdk on samsung devices,
Here's MDM proving feature of Samsung Knox Standard!
2) General Android way, Set up Single-Purpose Devices, COSU solution
Android Developer's site.
Wanted to know your's view on this, may be if you guys have done any of the two or any other ways, i could use some of the guidelines or a path.
Thanks for reading, and please comment if i was unable to articulate the subject or it needs editing.
You can use Google's new Android Management API, it seems to suit your needs.
It is a new cloud API that allows to manage Android devices from a server, without having to build an on-device agent (a device policy controller).
I have broad experience of using Samsung Kiosk Mode from Knox Standard SDK which is free and Pro-Kiosk mode from Knox Customization SDK (which has more functions but is not free).
So I can tell you for sure that all 4 points that you have mentioned can be achieved by using Knox Standard SDK.
Singe Purpose: https://seap.samsung.com/api-references/android-standard/reference/android/app/enterprise/kioskmode/KioskMode.html
LocationPolicy (you can turn on GPS and restrict changing): https://seap.samsung.com/api-references/android-standard/reference/android/app/enterprise/LocationPolicy.html
Yes. It is possible but I forgot the exact implementation.
Yes, as well.
Only downside of using this SDK is:
You are tied to Samsung (which I personally okay with, since Samsung has such market penetration and you could get service almost anywhere in the world and in enterprise world it is critical)
About Android native functionality: never tried it
Update March 7, 2019: Now I am playing around Device Owner, we use it for Kiosk mode, works well and works on android Device with Nougat and earlier.
I want to communicate from my Android app to a Java Card applet loaded on a SIM card using APDUs under Android prior to 5.0 (4.2.2, for example). My applet is not a SIM Toolkit applet, it is a common Java Card applet.
Following this post (thanks to #vojta and #jean) and SEEK I would like to build my app using RIL (Radio Interface Layer). Where can I get those libs? The only ones I can get is for Nexus - here.
If I understand it well I will have a different .apk file for each mobile manufacturer. Am I right? If yes, is there any other way to communicate from Android to SIM applet apart from SEEK?
If I cannot avoid that (I really think SEEK is the best or the only way to communicate with my SIM applet), can someone share a step-by-step manual for building such an example APK application (including communication with the applet)?
You cannot simply add that functionality (RIL extensions to access a UICC/SIM-based secure element) to an app. Instead, the mobile phone has to support this functionality. You typically cannot replace the radio interface library/telephony framework on the fly (you could probably do such kind of patching on rooted devices, but still that's not something you would typically integrate in your app).
However, many current Android devices come with a ready-made SEEK implementation that could be used to access the UICC/SIM card (many devices by Samsung (e.g. GS3 and later), Sony, HTC, and Motorola). When it comes to Nexus devices, the Nexus 6 is the first that supports SEEK.
On devices that support SEEK (i.e. that come with the SEEK smartcard service preinstalled), you can use SEEK by linking your application to the SEEK SDK-addon or by integrating the Open Mobile API directly (either as a library project or by adding the source files) into your application (you can find the latest version here).
You can find a sample application for access to smartcard applications through SEEK here: https://github.com/seek-for-android/open-mobile-api-sample
I am planning a new application that I would like to put on the smartwatch. I would like to have it usable also when there is no phone nearby. The app needs no Internet connection to work, could synchronize data to the phone later and I do not need anything from the phone while the app is running. However I could use the phone no problem to install the app.
I have googled, there are some foggy talks on a web that this is not possible, Android watch must always be connected to the phone for apps to run. How much is it true?
With Android Wear 2.0 it is possible to now develop standalone applications and thus eliminates the need for a mobile 'companion' completely.
Please follow this link for more information: https://developer.android.com/wear/preview/index.html
As I am aware, the current Android Wear version always requires a companion app for installation purposes etc. But with 2.0 this is no longer necessary. It would probably make sense for you to start developing with 2.0 now. That being said, it is still in a development preview and can officially run on only two smart watches (Huawei Watch and LG Watch Urbane 2nd Edition)
Wearable apps are run directly on wearables and don't require presence of a phone except for installation or phone-provided features (voice recognition, SMS, internet connection etc.)
Note that some features are wearable-provided or phone-provided depending on the hardware configuration of the watch/wearable (eg. GPS).
Yes, it is most definitely possible. As long as the wearable app doesn't require any functionality from the phone then it can operate as a standalone device. It will require a companion app on the phone to install the app on the wear device.
There are several wear apps that work without the need to be tethered to the phone, including Google Play music. There is the possibility of designing wear apps for hardware on only a few wear devices - I know that Ghostracer has standalone functionality using GPS, but it requires the wear device to have a GPS chip (it is designed for the Sony SmartWatch 3).
Does anyone know how to build a test app that plays well with Samsung Knox? What do I have to so differently to build an app for samsung devices that have Knox installed on them?
From KNOX 2.0, App wrapping is not required.
This is from the Samsung KNOX 2.0 whitepaper:
The KNOX 2.0 platform features major enhancements to the Application Container from the original KNOX platform. The most significant enhancement is the elimination of application wrapping. This is achieved by leveraging technology introduced by Google in Android 4.2 to support multiple users on tablet devices. This enables enterprises to easily deploy custom applications without requiring Samsung to wrap the applications. It also reduces the barrier to entry for independent software developers wishing to develop applications for the KNOX container.
Complete White paper can be found here: http://www.samsung.com/ca/business-images/resource/white-paper/2014/03/Samsung_KNOX_tech_whitepaper_Final_140220-0.pdf
Multiple user: (Complete Ref: http://developer.android.com/about/versions/android-4.2.html#MultipleUsers)
Android now allows multiple user spaces on shareable devices such as tablets. Each user on a device has his or her own set of accounts, apps, system settings, files, and any other user-associated data.
As an app developer, there’s nothing different you need to do in order for your app to work properly with multiple users on a single device. Regardless of how many users may exist on a device, the data your app saves for a given user is kept separate from the data your app saves for other users. The system keeps track of which user data belongs to the user process in which your app is running and provides your app access to only that user’s data and does not allow access to other users’ data.
Might want to take a look through here https://www.samsungknox.com/en/blog/what-app-wrapping and here https://www.samsungknox.com/en/resources.
Looks like you have to develop the app and then send it in to Samsung to have them 'wrap' it.
Personal data on Samsung devices is protected from mobile threats such as ransomware, malware, and unauthorized rooting, even while you’re using your device.
Secure Folder
Samsung Pay
Samsung Health
Samsung Pass
Empower enterprise mobility by leveraging Samsung Knox and ensure seamless device deployment with advance security, taking device management to next level.
I have an android phone (nexus s, sdk v15) which shall send a string to a development board running in nfc-reader/writer-mode by using tag-emulation. I know this is not officially supported by android, so I could do it natively by accessing the driver directly(?).
Is there any example out there where anyone has done this before or an app which does this (and preferably is open source?)
I found some stuff on google where it is generally advised not to do this, or where people talk about how it would be possible or how they've (very generally) done it, but I couldn't find any code or precise advice.
I don't want to access the secure element or do any smartcard stuff that needs to be approved by the vendor/provider. I just want to transfer the string. I also know this could be done by the android api methods via p2p, but this doesn't work well with the board, so I give this approach a try.
For a device running stock KitKat 4.4
With Android KitKat 4.4 the ability to have the phone act as an NFC card is built into the operating system so you no longer have to rely on Cyanogenmod or a custom ROM. It won't let the phone act as a Mifare Classic tag per se but I've had great results in getting my phone to communicate with an ACR122 reader so I'd definitely recommend this option if you can get 4.4 on your device.
If you're wanting to run below 4.4 and are willing to use Cyanogenmod
It is possible to load applications onto your device and have them communicate with a reader via NFC quite easily however you must be running Cyanogenmod, this feature is present from CM 9.1.
Wanting to run on Gingerbread (the old answer)
Yes it is possible and there's been a patch put out there for 2.3.4 to enable it, I'll post a few links for you to have a read of.
They do require flashing a 2.3.4 Gingerbread ROM to your device along with some other patches to enable the card emulation features so if you're not willing to do that then they won't be of much use but as far as I'm aware it's the only way to get it working. I haven't actually tested this myself but user comments suggest it works.
Here is a link to a blog describing the whole process: http://techshek4u.blogspot.co.uk/2012/01/applying-card-emulation-patch-to_03.html
Here is a link to the original forum post with the patch for 2.3.4 to enable it:
http://forum.xda-developers.com/showthread.php?t=1281946
And a link to the original discussion where various developers are trying to get it working, depending on your technical knowledge of Android and NFC this could be more or less interesting: https://groups.google.com/forum/#!msg/android-developers/1fw1qfFqpGc/6dlzvTqExN4J
Caution: According to NFCGuy from his answer "Don't bother with downgrading your phone to GB if it is running ICS. You cannot downgrade the NFC firmware to be compatible again with GB, so NFC will simply not work if you flash your device with GB."
If you root your device, it is possible to create an app that turns on the card emulation mode. It is not too difficult, see e.g. https://stackoverflow.com/a/10506299/1202968.
However, card emulation is completely handled by the Secure Element. Your app has no access to the data that is being transferred. The only way to get control over that would be to create and install a Java Card applet on the Secure Element. However, to be able to do that you need acces to secret authentication keys that are only known to Google.
PS: Don't bother with downgrading your phone to GB if it is running ICS. You cannot downgrade the NFC firmware to be compatible again with GB, so NFC will simply not work if you flash your device with GB.
Host card emulation is now officially supported by Android, according to http://developer.android.com/guide/topics/connectivity/nfc/hce.html