-1

We have an industrial Android display with our application. This display is mounted on the engine and has no access to the internet. So there is only one way to upgrade the application to the new version by shipping the APK file to the customer.
My question is how to prevent running the application or installation it on the other devices?

UPDATE: The device is running on Android 4.2.2, and OS could be built with a set of predefined apps. I do not worry that device could be rooted. The main concern is about reusing the APK without our notification.

Yuriy
  • 2,670
  • 6
  • 33
  • 48
  • You could check the fields on the [Build](https://developer.android.com/reference/android/os/Build.html) class to see if its running on the right device. – Radek Kutyłowski Dec 29 '16 at 08:23
  • You need to give more information. What level of control do you have of what goes on the device initially? Are you concerned about the devices being compromised (rooted)? Will your devices contain a secure element? – Hod Dec 29 '16 at 08:33
  • @Hod, what do you mean by ".. contain secure element" ? – Yuriy Dec 29 '16 at 09:02
  • It's typically a sort of microcontroller chip. Here are some links that may help: http://stackoverflow.com/questions/30302992/how-to-access-secure-element-without-rooting-a-device-which-already-supports-sma https://www.globalplatform.org/mediaguideSE.asp – Hod Dec 29 '16 at 09:17

1 Answers1

1

Depending on the properties of an unauthorized device is not secure, since any such property can be spoofed.

Assuming you aren't worried about your own devices being rooted, and can distribute them with something already installed, I think your best bet would be to write a small helper app that installs the main one (and any updates). You'd do something like encrypt your app, and have the helper app decrypt it.

If you're worried about your device getting hacked, you would want to include a secure element and have your keys and crypto done using it.

Hod
  • 2,236
  • 1
  • 14
  • 22
  • Thanks, it's a good idea to use such helper. Actually, we have a full control over the device, including preinstalled applications in OS. So this helper may be already preinstalled and shipped to the customer – Yuriy Dec 29 '16 at 08:52