Tablet Hardening process

In the development environment, builds are not required to be release builds. Development Environment

• It is required that all key information is removed from logging calls.

Production apk builds :

• Tablets are built in release mode
• Debugging flag is disabled
• Proguard rules are standardized
  • required that apk methods and classes are obfuscated
  • all unused classes and methods are stripped
  • apks are signed with a buzztime release keystore (not the android sdk default keystore)

APK deployment :

Apks deployed to tablets are managed through a package manifest delivered through a SOAP request.

• Apk's that are not whitelisted or present in the manifest are removed from the tablet.
• Apk's in the manifest are securely downloaded and installed.
• Apk's in the com.buzztime package space must be signed with the buzztime release keystore

Runtime validations and security measures:

• Tablets do not enable ADB or USB modes at startup and only enable it if the tablet is associated with a site that is configured to allow it.
• The Buzztime Core package declares special permissions which may be used by applications to require that Intent, Service and ContentProvider requests are made only by buzztime signed applications.
• SSL HTTP client requests are configured to use TLS 1.2 and the allowed cipher list is pruned to remove all ciphers that have been identified as insecure.
• on Halo+ Tablets
  • Device storage encryption is enabled and required
  • SELinux is enabled and run in enforcing mode
  • No security keys are present on devices until the it has been authenticated and encrypted.
  • Firmware updates must be signed by the same key as the original Firmware signature.