kotomj / security-showcase-android Goto Github PK

Hi,

hope find you well with this cold call.

I am an author of mocking framework for Kotlin

I see you are using mockito-kotlin.

I just want you to be aware that there is solution that fully supports Kotlin and ask to try it in your new/current projects.

I can help you if you answer to this issue.

Thanks and please star it

android/app/build/tmp/kapt3/stubs/rostiDebug/cz/koto/securityshowcase/ShowcaseKeystoreCompatConfig.java:4: error: cannot access KeystoreCompatConfigM
e:
e: public final class ShowcaseKeystoreCompatConfig extends cz.koto.keystorecompat.compat.KeystoreCompatConfig {
e: ^
e: class file for cz.koto.keystorecompat23.compat.KeystoreCompatConfigM not found
e: java.lang.IllegalStateException: failed to analyze: java.lang.AssertionError: annotation tree hasn't been attributed yet: @kotlin.Metadata(mv = {1, 1, 9}, bv = {1, 0, 2}, k = 1, d1 = {"\u0000\u0018\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000b\n\u0000\u0018\u00002\u00020\u0001B\u0005\u00a2\u0006\u0002\u0010\u0002J\b\u0010\u0003\u001a\u00020\u0004H\u0016J\b\u0010\u0005\u001a\u00020\u0006H\u0016\u00a8\u0006\u0007"}, d2 = {"Lcz/koto/securityshowcase/ShowcaseKeystoreCompatConfig;", "Lcz/koto/keystorecompat/compat/KeystoreCompatConfig;", "()V", "getDialogDismissThreshold", "", "isRootDetectionEnabled", "", "app_rostiDebug"})

Start using https://scottyab.com/2019/10/androidx-security-library/

R8 should identify direct reflective use of constructors.

Got a problem with my build.gradle

// KeystoreCompat
implementation('cz.koto:android-keystore-compat:1.2.0') {
exclude group: 'com.android.support'
}

"Failed to resolve: android-keystore-compat"

Maybe you've forgotten to add .aar file to bintray?

https://bintray.com/kotomisak/cz.koto/android-keystore-compat/1.2.0#files/cz/koto/android-keystore-compat

After review, Security Showcase, cz.koto.securityshowcase, has been removed from Google Play because it violates the deceptive device settings changes policy.

You must explain to users why you are requesting the 'android.permission.BIND_DEVICE_ADMIN' in your app. Apps must provide accurate disclosure of their functionality and should perform as reasonably expected by the user. Any changes to device settings must be made with the user's knowledge and consent and be easily reversible by the user.

Next Steps
Read through the Deceptive Device Settings Changes policy for more details, and make sure your app complies with all policies listed in the Developer Program Policies.
If you don't need the BIND_DEVICE_ADMIN permission in your app:
Remove your request for this permission from your app's manifest.
Sign in to your Play Console and submit the modified, policy compliant APK.
Or, if you need the BIND_DEVICE_ADMIN permission in your app:
Include the following snippet in your app’s store listing description: “This app uses the Device Administrator permission.”
Provide prominent user facing disclosure of this usage before asking the user to enable this permission within your app. Your disclosure must meet each of the following requirements:
Disclosure must be displayed in normal course of usage of your app. Your users should not be required to navigate into a menu or settings to view disclosure.
Disclosure must describe the functionality Device Admin permission is enabling for your app. Each security policy used with the Device Admin request must be declared in your disclosure, and each policy must be accompanied with justification for the request.
Disclosure cannot only be placed in your privacy policy, terms of service or end user license agreement (EULA).
If approved, your app will again be available with all installs, ratings, and reviews intact.

Regards,
Joy
Google Play Review Team

Hello,

Could you add minimal info on how to use it and minimal example code to the readme? I tried to crack one of your examples mentioned, but I really don't get those multiple dismiss settings, why are they and what for... Same goes with "force" settings...

Hi, quick question over here: Is it currently safe to use KeystoreCompat 1.1.2 and publish an app to the play store without it being rejected? Just wondering because you said you were working on a new version which didn't relay on BIND_DEVICE_ADMIN. We are working on an app that currently targets KitKat (pre-Lollipop) and I have this feeling BIND_DEVICE_ADMIN is sort of needed for such minSDK.

Thanks

Current installation requires to define android-keystore-compat itself. But it also requires to list all implementation dependencies.

dependencies {
	api("cz.koto:android-keystore-compat:2.0.1") {
		exclude group: 'com.android.support'
	}
	api("cz.koto:android-keystore-compat-base:2.0.1")
	api("cz.koto:android-keystore-compat-19:2.0.1")
	api("cz.koto:android-keystore-compat-21:2.0.1")
	api("cz.koto:android-keystore-compat-23:2.0.1")
	implementation('com.scottyab:rootbeer-lib:0.0.6') {
		exclude group: 'com.android.support'
	}
}

Fix this ugly installation requirement to simplify gradle definition