Skip to content

GitLab

Last edited by Mark Stevens
Page history
This is an old version of this page. You can view the most recent version or browse the history.

tablet hardening

Tablet Hardening process

In the development environment, builds are not required to be release builds. Development Environment

  • It is required that all key information is removed from logging calls.

Production apk builds for tablets are built in release mode:

  • Debugging flag is disabled
  • Proguard rules are standardized
    • required that apk methods and classes are obfuscated
    • all unused classes and methods are stripped
    • apks are signed with a buzztime release keystore (not the android sdk default keystore)

APK deployment : Apks deployed to tablets are managed through a package manifest delivered through a SOAP request.

  • Apk's that are not whitelisted or present in the manifest are removed from the tablet.
  • Apk's in the manifest are securely downloaded and installed.
  • Apk's in the com.buzztime package space must be signed with the buzztime release keystore

Runtime validations :

  • Tablets do not enable ADB or USB modes at startup and only enable it if the tablet is associated with a site that is configured to allow it.
  • The Buzztime Core package declares special permissions which may be used by applications to require that Intent, Service and ContentProvider requests are made only by buzztime signed applications.