Skip to content

Most visited

Recently visited



public class ConfirmationDialog
extends Object


Class used for displaying confirmation prompts.

Confirmation prompts are prompts shown to the user to confirm a given text and are implemented in a way that a positive response indicates with high confidence that the user has seen the given text, even if the Android framework (including the kernel) was compromised. Implementing confirmation prompts with these guarantees requires dedicated hardware-support and may not always be available.

Confirmation prompts are typically used with an external entitity - the Relying Party - in the following way. The setup steps are as follows:

  • Before first use, the application generates a key-pair with the CONFIRMATION tag set. Device attestation, e.g. getCertificateChain(), is used to generate a certificate chain that includes the public key (Kpub in the following) of the newly generated key.
  • The application sends Kpub and the certificate chain resulting from device attestation to the Relying Party.
  • The Relying Party validates the certificate chain which involves checking the root certificate is what is expected (e.g. a certificate from Google), each certificate signs the next one in the chain, ending with Kpub, and that the attestation certificate asserts that Kpub has the CONFIRMATION tag set. Additionally the relying party stores Kpub and associates it with the device it was received from.

The Relying Party is typically an external device (for example connected via Bluetooth) or application server.

Before executing a transaction which requires a high assurance of user content, the application does the following:

  • The application gets a cryptographic nonce from the Relying Party and passes this as the extraData (via the Builder helper class) to the presentPrompt() method. The Relying Party stores the nonce locally since it'll use it in a later step.
  • If the user approves the prompt a Confirmation Response is returned in the onConfirmedByUser(byte[]) callback as the dataThatWasConfirmed parameter. This blob contains the text that was shown to the user, the extraData parameter, and possibly other data.
  • The application signs the Confirmation Response with the previously created key and sends the blob and the signature to the Relying Party.
  • The Relying Party checks that the signature was made with Kpub and then extracts promptText matches what is expected and extraData matches the previously created nonce. If all checks passes, the transaction is executed.

A common way of implementing the "promptText is what is expected" check in the last bullet, is to have the Relying Party generate promptText and store it along the nonce in the extraData blob.


Nested classes

class ConfirmationDialog.Builder

A builder that collects arguments, to be shown on the system-provided confirmation dialog. 

Public methods

void cancelPrompt()

Cancels a prompt currently being displayed.

static boolean isSupported()

Checks if the device supports confirmation prompts.

void presentPrompt(Executor executor, ConfirmationCallback callback)

Requests a confirmation prompt to be presented to the user.

Inherited methods

From class java.lang.Object

Public methods


void cancelPrompt ()

Cancels a prompt currently being displayed. On success, the onDismissedByApplication() method on the supplied callback object will be called asynchronously.

IllegalStateException if no prompt is currently being presented.


boolean isSupported ()

Checks if the device supports confirmation prompts.

boolean true if confirmation prompts are supported by the device.


void presentPrompt (Executor executor, 
                ConfirmationCallback callback)

Requests a confirmation prompt to be presented to the user. When the prompt is no longer being presented, one of the methods in ConfirmationCallback is called on the supplied callback object.

executor Executor: the executor identifying the thread that will receive the callback.

This value must never be null.

callback ConfirmationCallback: the callback to use when the dialog is done showing.

This value must never be null.

IllegalArgumentException if the prompt text is too long or malfomed.
ConfirmationAlreadyPresentingException if another prompt is being presented.
ConfirmationNotAvailableException if confirmation prompts are not supported.
This site uses cookies to store your preferences for site-specific language and display options.

Get the latest Android developer news and tips that will help you find success on Google Play.

* Required Fields


Follow Google Developers on WeChat

Browse this site in ?

You requested a page in , but your language preference for this site is .

Would you like to change your language preference and browse this site in ? If you want to change your language preference later, use the language menu at the bottom of each page.

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.

Take a short survey?
Help us improve the Android developer experience. (Dec 2017 Android Platform & Tools Survey)