5

The SEEK-for-Android documentation says that listed devices support the SmartCard API.

I want to access a SIM-based secure element (SE) through my Android application. Can I achieve this without rooting any of these supported devices and without rebuilding its Android system image? In my case, the device is a Samsung Galaxy S3.

Sevle
  • 3,109
  • 2
  • 19
  • 31
jQueen
  • 552
  • 1
  • 7
  • 16
  • UICC or embedded secure element? Are you under control of the secure element? – Michael Roland May 18 '15 at 17:11
  • I want to access the Secure Element which will be embedded with SIM. I'll be knowing the AID of the applet (already installed in SE) to communicate with. I'm checking the SmartCardAPI (https://code.google.com/p/seek-for-android/wiki/UsingSmartCardAPI) Not sure if I'll need to root my S3 for this – jQueen May 19 '15 at 03:58

3 Answers3

2

Yes, you can use SEEK-for-Android without rooting the system. However, this technology is very device-dependent; some vendor specific libraries must be present in the system. It worked fine for me with Sony Xperia with no necessary changes. After adding some libraries (the Samsung company did it on our demand), Samsung phones were OK, too.

The only thing you have to do is to build your application with a special SDK. Use SDK Open Mobile API by Giesecke & Devrient GmbH and declare the org.simalliance.openmobileapi library in the manifest XML:

<application android:label="@string/app_name">

    <uses-library android:name="org.simalliance.openmobileapi" android:required="true" />

    <activity android:name=".MainActivity">
      ...
    </activity>
</application>

Have a look at this tutorial: https://github.com/seek-for-android/pool/wiki/UsingSmartCardAPI. I followed it and I succeeded.

Bruno Parmentier
  • 1,219
  • 2
  • 14
  • 34
vojta
  • 5,591
  • 2
  • 24
  • 64
  • I built a sample app with SDK Open Mobile API & the required permission. I'm trying to run it in Samsung devices (S3 & S4) & it crashes at point when it tries to open channel for communication. java.lang.SecurityException: Access Control Enforcer: access denied: No Access because ARA-M is not available – jQueen Jul 10 '15 at 11:45
  • 1
    Ask your UICC issuer to configure access rights properly. There is nothing you can do (unless you hold the security domain keys). I faced the same problem a year ago. – vojta Jul 13 '15 at 21:15
2

As of today, several smartphones (particularly those from Samsung and Sony) ship with the Open Mobile API (as implemented by SEEK-for-Android) for access to at least UICC/SIM based secure elements (some may provide access to other types of secure elements too). The stock ROM of the Galaxy S3, for instance, does contain the Open Mobile API which can be used to access the UICC.

The Open Mobile API is accessible through the package org.simalliance.openmobileapi. Hence, in order to use the Open Mobile API, you would just need to compile your project against this library (see this explanation). But be careful not to include that library into your APK file, as the implementations on devices often slightly differ from what you get by the SEEK-for-Android project.

Note that alternative/custom ROMs (e.g. CyanogenMod) usually do not include the Open Mobile API, even for those platforms where the stock ROM does. For the S3, you can find a tutorial on how to include the necessary adaptions into CyanogenMod here.

So far this gives you access to the Open Mobile API. However, in order to actually access applications on the UICC, your Android app needs to pass the access control mechanisms of the Open Mobile API. See this explanation. Usually, the stock ROM implementations prefer the access rule file base approach over the ARA applet mechanism. So you have to properly configure those access rules on the UICC/SIM card.

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
  • I built a sample app with SDK Open Mobile API & the required permission. I'm trying to run it in Samsung devices (S3 & S4) & it crashes at point when it tries to open channel for communication. java.lang.SecurityException: Access Control Enforcer: access denied: No Access because ARA-M is not available. The SE is having PKCS#15. (1) Is my code missing something? OR (2) I need to ask the issuer to configure the SE Access Rules, how exactly the SE should be so that my app can access it? OR (3) I need to try with some other devices? – jQueen Jul 10 '15 at 11:55
0

There are two dependencies for working connection between Android APK and UICC/SIM card.

  1. ROM or OS of your phone should support org.simalliance.openmobileapi
  2. UICC/SIM should support PKCS#15 application

This ensures not anyone can access the files / services from UICC/SIM. As rightly said in one of the above answers, we would need permissions from owners of UICC/SIM to allow our application to reside to it.

PKCS#15 specifications are published by GlobalPlatform and are available for free of cost (after nominal registration)

RuSh
  • 159
  • 4