Deprecate uses of Android Protected Confirmation

Android Protected Confirmation is deprecated due to the high support/maintenance cost for Android device makers and low adoption rate among app developers. APC requires Android device makers to have a substantial amount of device-specific UI code running in the trusted execution environment. That has proven to be expensive to maintain and non-scalable, as there cannot be a single implementations device makers can share or use as a reference. Additionally, app developers have not adopted this feature, as the Android platform offers other mechanisms for authentication a user's intent. These mechanisms, such as authentication-bound Keystore keys, are less secure than Trusted UI, but are more wide-spread. While we explore alternatives to APC that are viable to the device makers ecosystem, we sunset the APC API. Test: atest CtsKeystoreTestCases Bug: 313856313 Change-Id: I529150af4ce70371ba8c279dc91550a12640f109

Deprecate uses of Android Protected Confirmation
3d9d1778 · Shaquille Johnson · 86657d6b · 3d9d1778
Commit 3d9d1778 authored 1 year ago by Shaquille Johnson
--- a/keystore/java/android/security/AndroidProtectedConfirmation.java
+++ b/keystore/java/android/security/AndroidProtectedConfirmation.java
@@ -59,6 +59,10 @@ public class AndroidProtectedConfirmation {

    /**
     * Requests keystore call into the confirmationui HAL to display a prompt.
+     * @deprecated Android Protected Confirmation had a low adoption rate among Android device
+     *             makers and developers alike. Given the lack of devices supporting the
+     *             feature, it is deprecated. Developers can use auth-bound Keystore keys
+     *             as a partial replacement.
     *
     * @param listener the binder to use for callbacks.
     * @param promptText the prompt to display.
@@ -68,6 +72,7 @@ public class AndroidProtectedConfirmation {
     * @return one of the {@code CONFIRMATIONUI_*} constants, for
     * example {@code KeyStore.CONFIRMATIONUI_OK}.
     */
+    @Deprecated
    public int presentConfirmationPrompt(IConfirmationCallback listener, String promptText,
                                         byte[] extraData, String locale, int uiOptionsAsFlags) {
        try {
@@ -84,11 +89,16 @@ public class AndroidProtectedConfirmation {

    /**
     * Requests keystore call into the confirmationui HAL to cancel displaying a prompt.
+     * @deprecated Android Protected Confirmation had a low adoption rate among Android device
+     *             makers and developers alike. Given the lack of devices supporting the
+     *             feature, it is deprecated. Developers can use auth-bound Keystore keys
+     *             as a partial replacement.
     *
     * @param listener the binder passed to the {@link #presentConfirmationPrompt} method.
     * @return one of the {@code CONFIRMATIONUI_*} constants, for
     * example {@code KeyStore.CONFIRMATIONUI_OK}.
     */
+    @Deprecated
    public int cancelConfirmationPrompt(IConfirmationCallback listener) {
        try {
            getService().cancelPrompt(listener);
@@ -103,9 +113,14 @@ public class AndroidProtectedConfirmation {

    /**
     * Requests keystore to check if the confirmationui HAL is available.
+     * @deprecated Android Protected Confirmation had a low adoption rate among Android device
+     *             makers and developers alike. Given the lack of devices supporting the
+     *             feature, it is deprecated. Developers can use auth-bound Keystore keys
+     *             as a partial replacement.
     *
     * @return whether the confirmationUI HAL is available.
     */
+    @Deprecated
    public boolean isConfirmationPromptSupported() {
        try {
            return getService().isSupported();