ComputerEngineer88 ComputerEngineer88 - 1 year ago 525
Android Question

Sign App with UICC Carrier Privileges Certificates

I was reading information on this link in regards to signing an application with carrier privileges.

I am aware of how to sign an application using a keystore for production releases, but how do I add UICC certificates to my app so it gets carrier privileges?

My main goal is to be able to call TelephonyManager functions like:


This is the stack trace I get when calling one of the above functions:

E/AndroidRuntime: FATAL EXCEPTION: main
E/AndroidRuntime: Process: com.xxxx, PID: 2668
E/AndroidRuntime: java.lang.SecurityException: No modify permission or carrier privilege.
E/AndroidRuntime: at android.os.Parcel.readException(
E/AndroidRuntime: at android.os.Parcel.readException(
E/AndroidRuntime: at$Stub$Proxy.iccOpenLogicalChannel(
E/AndroidRuntime: at android.telephony.TelephonyManager.iccOpenLogicalChannel(
E/AndroidRuntime: at android.view.View.performClick(
E/AndroidRuntime: at android.view.View$
E/AndroidRuntime: at android.os.Handler.handleCallback(
E/AndroidRuntime: at android.os.Handler.dispatchMessage(
E/AndroidRuntime: at android.os.Looper.loop(
E/AndroidRuntime: at
E/AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method)
E/AndroidRuntime: at$
E/AndroidRuntime: at

Thanks in advance!

Answer Source

The question that you should ask yourself is actually a different one: How do I get the certificate for my app signing key into the UICC? Once you have that, the actual signing process is no different than with any other keystore.

So, you would have a keystore containing your signing key pair and a certificate for that key. The certificate could either be a self-signed certificate (that's typically the case for Android app signing keys) or a certificate issued to you by the UICC owner (MNO/carrier). In the first case, you would need to convince the UICC owner to add that self-signed certificate to the access control list(/application) on your UICC. In the second case, the carrier would typically include the root certificate corresponding to the certificate issued to you to the UICC.

You could then use that keystore to sign an app (just as you usually do).

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download