• 0 Posts
  • 23 Comments
Joined 1 year ago
cake
Cake day: June 9th, 2023

help-circle






  • They occupy a strange niche full of contradictions.

    Entering the code on the device itself should increase security as opposed to entering it on a compromised computer.

    But plugging it into a compromised computer means the data is compromised anyway.

    Their security is way harder to audit than a software solution like PGP. The actual “encryption” varies from actual decent setups to “entering the code connects the data pins with no actual encryption on the storage chip”

    Not having to instal/use software to use them means they are suitable for non-technical users which in turn means more support calls for “I forgot the pin, it wiped itself, can you restore my data”

    They are kind of useful to check the “data is transported on encrypted media” box for compliance reasons without having to manage something bigger.













  • I built a custom app to do it since I couldn’t manage to fire the relevant intents from an adb shell without root.

    I lifted the code from AAAD

    Specifically the InstallAPK method in MainActivity.java

    Intent intent;
    
                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
                    intent = new Intent(Intent.ACTION_INSTALL_PACKAGE);
                    intent.setData(getUri(file));
                    intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_ACTIVITY_NEW_TASK);
                } else {
                    intent = new Intent(Intent.ACTION_VIEW);
                    intent.setDataAndTypeAndNormalize(Uri.fromFile(file), "application/vnd.android.package-archive");
                    intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
                }
    
                intent.putExtra(Intent.EXTRA_NOT_UNKNOWN_SOURCE, true);
                intent.putExtra(Intent.EXTRA_INSTALLER_PACKAGE_NAME, "com.android.vending");
                getApplicationContext().startActivity(intent);
            } 
    
    

    Basically you construct an Intent ACTION_INSTALL_PACKAGE with data pointing to the APK file and the extras EXTRA_NOT_UNKNOWN_SOURCE=true and EXTRA_INSTALLER_PACKAGE_NAME="com.android.vending" which tells the installer that this APK is not sideloaded and it’s the play store asking to install it.

    You might still need to enable unknown sources in Android Auto developer settings (separate from phone developer settings).

    If I remember, I’ll try to pull the code for my app from my PC and post it.