Open Mobile API: Accessing the UICC on Android Devices
This work addresses the problem of accessing secure elements for developers and users on Android devices, but it is incremental as it builds on existing APIs and firmware modifications.
The report tackles the integration of secure elements into Android devices by analyzing the Open Mobile API's architecture and availability, and details reverse engineering a Samsung Galaxy S3 stock ROM to enable APDU-based communication with the UICC, including integration into CyanogenMod.
This report gives an overview of secure element integration into Android devices. It focuses on the Open Mobile API as an open interface to access secure elements from Android applications. The overall architecture of the Open Mobile API is described and current Android devices are analyzed with regard to the availability of this API. Moreover, this report summarizes our efforts of reverse engineering the stock ROM of a Samsung Galaxy S3 in order to analyze the integration of the Open Mobile API and the interface that is used to perform APDU-based communication with the UICC (Universal Integrated Circuit Card). It further provides a detailed explanation on how to integrate this functionality into CyanogenMod (an after-market firmware for Android devices).