| ... | ... | @@ -17,9 +17,16 @@ Apks deployed to tablets are managed through a package manifest delivered throug |
|
|
|
+ Apk's in the manifest are securely downloaded and installed.
|
|
|
|
+ Apk's in the com.buzztime package space must be signed with the buzztime release keystore
|
|
|
|
|
|
|
|
Runtime validations :
|
|
|
|
Runtime validations and security measures:
|
|
|
|
+ Tablets do not enable ADB or USB modes at startup and only enable it if the tablet is associated with a site that is configured to allow it.
|
|
|
|
+ The Buzztime Core package declares special permissions which may be used by applications to require that Intent, Service and ContentProvider requests are made only by buzztime signed applications.
|
|
|
|
+ SSL HTTP client requests are configured to use TLS 1.2 and the allowed cipher list is pruned to remove all ciphers that have been identified as insecure.
|
|
|
|
+ on Halo+ Tablets
|
|
|
|
+ Device storage encryption is enabled and required
|
|
|
|
+ SELinux is enabled and run in enforcing mode
|
|
|
|
+ No security keys are present on devices until the it has been authenticated and encrypted.
|
|
|
|
+ Firmware updates must be signed by the same key as the original Firmware signature.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ... | ... | |
