ConfirmationPrompt
public
class
ConfirmationPrompt
extends Object
| java.lang.Object | |
| ↳ | android.security.ConfirmationPrompt |
Class used for displaying confirmation prompts.
Confirmation prompts are prompts shown to the user to confirm a given text and are implemented in a way that a positive response indicates with high confidence that the user has seen the given text, even if the Android framework (including the kernel) was compromised. Implementing confirmation prompts with these guarantees requires dedicated hardware-support and may not always be available.
Confirmation prompts are typically used with an external entity - the Relying Party - in the following way. The setup steps are as follows:
- Before first use, the application generates a key-pair with the
CONFIRMATION tagset. AndroidKeyStore key attestation, e.g.,KeyGenParameterSpec.Builder.setAttestationChallenge(byte[])is used to generate a certificate chain that includes the public key (Kpubin the following) of the newly generated key. - The application sends
Kpuband the certificate chain resulting from device attestation to the Relying Party. - The Relying Party validates the certificate chain which involves checking the root
certificate is what is expected (e.g. a certificate from Google), each certificate signs the
next one in the chain, ending with
Kpub, and that the attestation certificate asserts thatKpubhas theCONFIRMATION tagset. Additionally the relying party storesKpuband associates it with the device it was received from.
The Relying Party is typically an external device (for example connected via Bluetooth) or application server.
Before executing a transaction which requires a high assurance of user content, the application does the following:
- The application gets a cryptographic nonce from the Relying Party and passes this as
the
extraData(via the Builder helper class) to thepresentPrompt()method. The Relying Party stores the nonce locally since it'll use it in a later step. - If the user approves the prompt a Confirmation Response is returned in the
onConfirmed(byte[])callback as thedataThatWasConfirmedparameter. This blob contains the text that was shown to the user, theextraDataparameter, and possibly other data. - The application signs the Confirmation Response with the previously created key and sends the blob and the signature to the Relying Party.
- The Relying Party checks that the signature was made with
Kpuband then extractspromptTextmatches what is expected andextraDatamatches the previously created nonce. If all checks passes, the transaction is executed.
Note: It is vital to check the promptText because this is the only part that
the user has approved. To avoid writing parsers for all of the possible locales, it is
recommended that the Relying Party uses the same string generator as used on the device
and performs a simple string comparison.
Summary
Nested classes | |
|---|---|
class |
ConfirmationPrompt.Builder
A builder that collects arguments, to be shown on the system-provided confirmation prompt. |
Public methods | |
|---|---|
void
|
cancelPrompt()
Cancels a prompt currently being displayed. |
static
boolean
|
isSupported(Context context)
Checks if the device supports confirmation prompts. |
void
|
presentPrompt(Executor executor, ConfirmationCallback callback)
Requests a confirmation prompt to be presented to the user. |
Inherited methods | |
|---|---|
Public methods
cancelPrompt
public void cancelPrompt ()
Cancels a prompt currently being displayed.
On success, the
onCanceled() method on
the supplied callback object will be called asynchronously.
| Throws | |
|---|---|
IllegalStateException |
if no prompt is currently being presented. |
isSupported
public static boolean isSupported (Context context)
Checks if the device supports confirmation prompts.
| Parameters | |
|---|---|
context |
Context: the application context. |
| Returns | |
|---|---|
boolean |
true if confirmation prompts are supported by the device. |
presentPrompt
public void presentPrompt (Executor executor, ConfirmationCallback callback)
Requests a confirmation prompt to be presented to the user.
When the prompt is no longer being presented, one of the methods in
ConfirmationCallback is called on the supplied callback object.
Confirmation prompts may not be available when accessibility services are running so this
may fail with a ConfirmationNotAvailableException exception even if
isSupported(Context) returns true.
| Parameters | |
|---|---|
executor |
Executor: the executor identifying the thread that will receive the callback.
This value cannot be null. |
callback |
ConfirmationCallback: the callback to use when the prompt is done showing.
This value cannot be null. |
| Throws | |
|---|---|
IllegalArgumentException |
if the prompt text is too long or malfomed. |
ConfirmationAlreadyPresentingException |
if another prompt is being presented. |
ConfirmationNotAvailableException |
if confirmation prompts are not supported. |
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-02-10 UTC.