3

The new Android Pixel 3 contains a secure element called Titan M.

First, I am wondering if it is possible to interact with this secure element by using the Open Mobile API (package android.se.omapi) now available on Android 9.

Secondly, I looked at this OMAPI and found that it allows to send APDU messages to applications using ISO 7816 protocol for smart cards. So I would like to know what kind of applications I can interact with.

If it is possible, my aim would be to insert a JavaCard applet into the Titan M secure element and to use OMAPI to send APDU to this applet. Has anybody tried to do that ? I would be happy to get any feedback on what it is possible to do with this API and Pixel 3.

Thanks. Franck

Franck Rollant
  • 53
  • 5

1 Answers1

1

First, I am wondering if it is possible to interact with this secure element by using the Open Mobile API (package android.se.omapi) now available on Android 9.

At first glance and doing some limited research (mainly because there is limited information available) it doesn't look like this would be the case. That API is mainly intended for SIM cards, and I sincerely doubt with a high level of confidence that a SIM API or functionality is present in the Titan M System-on-a-Chip (with ARM SC300 core, in all likelihood).

Secondly, I looked at this OMAPI and found that it allows to send APDU messages to applications using ISO 7816 protocol for smart cards. So I would like to know what kind of applications I can interact with.

SIM cards and embedded Secure Elements that support an APDU interface on devices that support OMAPI. However, although I would say that Titan M is an embedded Secure element, I would wage that it doesn't use OMAPI and because of that, it won't be available through the API. Actually, I would be surprised if it uses APDU's at all. ISO/IEC 7816-4 is a pain that you can do without if you're able to specify the transport layer yourself.

If it is possible, my aim would be to insert a JavaCard applet into the Titan M secure element and to use OMAPI to send APDU to this applet. Has anybody tried to do that ? I would be happy to get any feedback on what it is possible to do with this API and Pixel 3.

I would find it entirely unlikely that Google is willing to pay license costs to Oracle to be able to implement Java Card. I certainly don't see Google listed in the JCF, which you would expect if you would implement a native Java Card solution yourself.

Finally, there have been many posts that said that the Titan M "firmware" would be released as Open Source by Google. However, that promise never materialized. Note that it is extremely tricky to release such code for secure processors. If a security issue is found that requires a software fix then that fix might have to be applied all over the place, and details of the fix may help adversaries.

So, all said, you will have to do with the high level interfaces that Android offers - as far as I am able to find out.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Hi Maarten, thank you very much for your detailed answer. That is confirming what I was supposing as I wasn't able to find any documentation about how to do that. Now, please tell me if I am wrong : I then understand that the remaining uses cases for a standard developper like me to access a JavaCard applet through OMAPI are 1/ Installing the applet on a eSE accessible through a NFC controller or 2/ Installing the applet on a microSD SE. As far as I know, you need to be a mobile carrier to install an applet on a commercial Java SIM card. – Franck Rollant Mar 01 '19 at 18:02
  • Yes, that are basically your options as far as I understood, but I have limited experimental knowledge about those options. SIM cards *could* be freed up as well but it is less likely, as you've indicated. Global Platform is quite flexible, but I don't think this is the case for mobile providers. – Maarten Bodewes Mar 01 '19 at 23:06