Use system PIN dialog in Android application

Asked 11/4, 2012 at 13:25 Answered 19/9, 2018 at 12:3

Background

I am trying to write an application which works like described below.

When user start application it check if user have registered PIN on his device.
If user have registered PIN, application must show button "Continue with PIN".
When user press on button "Continue with PIN" system standard PIN dialog must appears.
User enter his PIN and press "Continue" button.
After System must check if entered PIN is correct or no and continue working.

Searches

I have made some searches and found some articles on stackoverflow and other internet sources which say "There is no way to develop a new custom unlock mechanism on a non-rooted phone." or "I would be surprised if you could, because then you would be probably able to steal the pin code, and I don't think anyone would want that.".

Also I have watched some video tutorials like Tutorial: Android Internals - Building a Custom ROM, Pt. 1 of 2 and Tutorial: Android Internals - Building a Custom ROM, Pt. 2 of 2.

EDITED

I have made some searches today and found a very interesting thing, I think I am on a right way to the solution, and I want to share my ideas with you. So looking in android sources I found an interesting files ChooseLockPassword.java (packages\apps\Settings\src\com\android\settings) and LockPatternUtils.java (*frameworks\base\core\java\com\android\internal\widget*) now I am interest in:

Question

How can I call LockPatternUtils class function from my code ? Or Why I cant see that function in Eclipse ?

Decision

So I think that the only way to get access to the Android system PIN dialog is to root the phone make some changes in the system files and use system PIN dialod

Question

Can somebody provide me useful links about getting access to the system PIN dialog in the rooted phone.
Am I on a right way and can I solve my problem in this way?
If anybody encountered such problem please help me to solve.

Any Solutions?

Colb answered 11/4, 2012 at 13:25 Comment(8)

This looks like some good effort went into this, but why didn't you just edit your previous question that's about the same thing? stackoverflow.com/questions/10086659/use-system-pin-in-android and that you asked less then a day before this one? – Plastic 12/4, 2012 at 7:59

And then magically several accepted answers of me with high scores got downvoted. Randomly. – Plastic 12/4, 2012 at 8:10

you are mistakable @Plastic !!! – Colb 12/4, 2012 at 8:20

@Plastic I removed previous post for you! – Colb 12/4, 2012 at 13:47

You don't need to do anything for me specially, maybe too bad of the comments that where going on over there, but that's your choice I guess. I cannot undo the close vote, but it won't attract new close votes as is I suspect. – Plastic 12/4, 2012 at 13:50

@Plastic Can I ask you something ? – Colb 12/4, 2012 at 14:11

let us continue this discussion in chat – Plastic 12/4, 2012 at 14:17

Is there a reason why you don't just implement your own pin system for your application and let the user choose that? Android will place your application in a separate directory and with its own user so you are pretty safe just storing the PIN for the application as plain text. Only if the phone is rooted could something outside your application pick it up. This seems easier than digging around and invoking the system PIN dialog, especially if its not supported for doing this. – Jerid 23/4, 2012 at 22:45

Okay, I have solved this problem and now I want to share my solution with you.

At first as I told I have android sources so I have made some changes in android sources to get access to the PIN and Pattern dialogs. And here they are:

in ~\AndroidSources\pakages\apps\Settings\AndroidManifest.xml I have changed following lines of code

<activity android:name="ConfirmLockPattern"
          android:exported="true"> // This line was added by me.
</activity>

<activity android:name="ConfirmLockPassword"
          android:exported="true" // This line was added by me.
          android:them="@android:style/Them.NoTitleBar">
</activity>

<activity android:name="ChooseLockPattern"
          android:exported="true" // This line was added by me.
          android:label="@string/lockpattern_change_lock_pattern_label">
</activity>

This modifications allow me to call "ConfirmLockPattern", "ConfirmLockPassword" and "ChooseLockPattern" activities from my own application. After I compile android Source codes and launch system.img on my emulator.

In my application I have write following functions in order to call "ConfirmLockPattern" or "ChooseLockPattern" activities:

/**
 * Show PIN/Password confirmation dialog.
 */
void ShowConfirmLockPINActivity() {
    CustomLog.i(TAG, "Show Confirm Lock PIN Activity");
    Intent intent = new Intent(Intent.ACTION_RUN);
    intent.setComponent(new ComponentName("com.android.settings",
        "com.android.settings.ConfirmLockPassword"));
    startActivityForResult(intent, mRequestCode);
} /* ShowConfirmLockPINActivity() */

/**
 * Show set PIN/Password dialog.
 */
void ShowSetLockPINActivity() {
    CustomLog.i(TAG, "Show Set Lock PIN Activity");
    Intent intent = new Intent(Intent.ACTION_RUN);
    intent.setComponent(new ComponentName("com.android.settings",
        "com.android.settings.ChooseLockPassword"));
    startActivityForResult(intent, mRequestCode);
} /* ShowSetLockPINActivity() */

/**
 * Show Pattern Confirmation dialog.
 */
void ShowSetLockPatternActivity() {
    CustomLog.i(TAG, "Show Set Lock Pattern Activity");
    Intent intent = new Intent(Intent.ACTION_RUN);
    intent.setComponent(new ComponentName("com.android.settings",
        "com.android.settings.ConfirmLockPattern"));
    startActivityForResult(intent, mRequestCode);
} /* ShowSetLockPatternActivity() */

Colb answered 27/4, 2012 at 12:30 Comment(4)

This is all well and nice. However, you actually needed to make a custom ROM? Is this an app for other users, or only to be used by you? Because I don't think anyone will change a ROM just to use your app. – Fatling 30/4, 2012 at 21:6

@Fatling This is demo application. I use it just for demonstrating some features. – Colb 2/5, 2012 at 12:34

I am unable to find ~\AndroidSources\pakages\apps\Settings\AndroidManifest.xml on my system? – Fogbound 20/4, 2019 at 11:59

@Pehlaj Sorry, I did this 6 years ago, I guess a lot of stuff was changed after :) the file located not in the system, but in Android Source code, you need to have andoid source code change it there and after rebuild android source. – Colb 23/4, 2019 at 7:55

Here are some considerations regarding your question.

Diving deep into Android's code is not very good idea in this particular case, since verifying PIN code is an important security point and its mechanism must be hidden and well protected to avoid any malicious intentions.
Thus, the actions you want to perform (ask for PIN and then check it against real PIN) are prohibited and would look like an intrusion. So, you shouldn't try to get an access to the storage of user passwords.
It would be more correct to try launching standard PIN screen via some Intent and ask it to make all job for you. However, a brief investigation didn't give me any results in this direction; perhaps, you'll find something.
Modifying the ROM is obviously dead-end - no one will flash the phone to install one app. Requiring rooted phone is a bit better, there are apps that cannot run on non-rooted phone, but still it forwards us back to the point #2 (intrusion).
Users may disable PIN check and there are devices with no SIM.

So, according to the all mentioned I'd suggest you think of different verification method for your app.

Charlenacharlene answered 26/4, 2012 at 7:49 Comment(5)

It addresses your question #2 and "Any Ideas"-question, doesn't it? – Charlenacharlene 26/4, 2012 at 13:25

@Charlenacharlene I have to disagree with your first point. A best practice of security is to assume that your adversary has full access to your algorithm (source code), and that the only secret is your key material (password) – Necessarian 26/4, 2012 at 13:58

Well, you're likely right. However, I wanted to imply that this direction is dead-end. – Charlenacharlene 26/4, 2012 at 14:3

@Charlenacharlene I find solution, you can see it :) – Colb 27/4, 2012 at 12:31

Good. How will you apply this while distributing your app? – Charlenacharlene 27/4, 2012 at 13:21

Since API level 21 there is KeyguardManager.createConfirmDeviceCredentialIntent that can be used to authenticate current user with the device lock pin.

See the usage example.

Madonnamadora answered 19/9, 2018 at 12:3 Comment(0)

Background

Searches

Question

Decision

Question

Recommended topics

Hot tags