|
|
|
## Tablet Hardening process
|
|
|
|
|
|
|
|
In the development environment, builds are not required to be release builds.
|
|
|
|
Development Environment
|
|
|
|
+ It is required that all
|
|
|
|
|
|
|
|
Production apk builds for tablets are built in release mode:
|
|
|
|
+ Debugging flag is disabled
|
|
|
|
+ Proguard rules are standardized
|
|
|
|
+ required that apk methods and classes are obfuscated
|
|
|
|
+ all unused classes and methods are stripped
|
|
|
|
+ apks are signed with a buzztime release keystore (not the android sdk default keystore)
|
|
|
|
|
|
|
|
APK deployment :
|
|
|
|
Apks deployed to tablets are managed through a package manifest delivered through a SOAP request.
|
|
|
|
+ Apk's that are not whitelisted or present in the manifest are removed from the tablet.
|
|
|
|
+ Apk's in the manifest are securely downloaded and installed.
|
|
|
|
+ Apk's in the com.buzztime package space must be signed with the buzztime release keystore
|
|
|
|
|
|
|
|
Runtime validations :
|
|
|
|
+ Tablets do not enable ADB or USB modes at startup and only enable it if the tablet is associated with a site that is configured to allow it.
|
|
|
|
+ The Buzztime Core package declares special permissions which may be used by applications to require that Intent, Service and ContentProvider requests are made only by buzztime signed applications.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
