# Print output for @column tags ?> ConfirmationPrompt - Android SDK | Android Developers
Developer Console

Most visited

Recently visited

Results for

ConfirmationPrompt

public class ConfirmationPrompt
extends Object

java.lang.Object
   ↳ android.security.ConfirmationPrompt

Class used for displaying confirmation prompts.

Confirmation prompts are prompts shown to the user to confirm a given text and are implemented in a way that a positive response indicates with high confidence that the user has seen the given text, even if the Android framework (including the kernel) was compromised. Implementing confirmation prompts with these guarantees requires dedicated hardware-support and may not always be available.

Confirmation prompts are typically used with an external entitity - the Relying Party - in the following way. The setup steps are as follows:

  • Before first use, the application generates a key-pair with the CONFIRMATION tag set. Device attestation, e.g. getCertificateChain(), is used to generate a certificate chain that includes the public key (Kpub in the following) of the newly generated key.
  • The application sends Kpub and the certificate chain resulting from device attestation to the Relying Party.
  • The Relying Party validates the certificate chain which involves checking the root certificate is what is expected (e.g. a certificate from Google), each certificate signs the next one in the chain, ending with Kpub, and that the attestation certificate asserts that Kpub has the CONFIRMATION tag set. Additionally the relying party stores Kpub and associates it with the device it was received from.

The Relying Party is typically an external device (for example connected via Bluetooth) or application server.

Before executing a transaction which requires a high assurance of user content, the application does the following:

  • The application gets a cryptographic nonce from the Relying Party and passes this as the extraData (via the Builder helper class) to the presentPrompt() method. The Relying Party stores the nonce locally since it'll use it in a later step.
  • If the user approves the prompt a Confirmation Response is returned in the ConfirmationCallback#onConfirmed callback as the dataThatWasConfirmed parameter. This blob contains the text that was shown to the user, the extraData parameter, and possibly other data.
  • The application signs the Confirmation Response with the previously created key and sends the blob and the signature to the Relying Party.
  • The Relying Party checks that the signature was made with Kpub and then extracts promptText matches what is expected and extraData matches the previously created nonce. If all checks passes, the transaction is executed.

A common way of implementing the "promptText is what is expected" check in the last bullet, is to have the Relying Party generate promptText and store it along the nonce in the extraData blob.

Summary

Nested classes

class ConfirmationPrompt.Builder

A builder that collects arguments, to be shown on the system-provided confirmation prompt. 

Public methods

void cancelPrompt()

Cancels a prompt currently being displayed.

static boolean isSupported(Context context)

Checks if the device supports confirmation prompts.

void presentPrompt(Executor executor, ConfirmationCallback callback)

Requests a confirmation prompt to be presented to the user.

Inherited methods

Public methods

cancelPrompt

public void cancelPrompt ()

Cancels a prompt currently being displayed. On success, the ConfirmationCallback#onCanceled method on the supplied callback object will be called asynchronously.

Throws
IllegalStateException if no prompt is currently being presented.

isSupported

public static boolean isSupported (Context context)

Checks if the device supports confirmation prompts.

Parameters
context Context: the application context.
Returns
boolean true if confirmation prompts are supported by the device.

presentPrompt

public void presentPrompt (Executor executor, 
                ConfirmationCallback callback)

Requests a confirmation prompt to be presented to the user. When the prompt is no longer being presented, one of the methods in ConfirmationCallback is called on the supplied callback object. Confirmation prompts may not be available when accessibility services are running so this may fail with a ConfirmationNotAvailableException exception even if isSupported(Context) returns true.

Parameters
executor Executor: the executor identifying the thread that will receive the callback. This value cannot be null.
callback ConfirmationCallback: the callback to use when the prompt is done showing. This value cannot be null.
Throws
IllegalArgumentException if the prompt text is too long or malfomed.
ConfirmationAlreadyPresentingException if another prompt is being presented.
ConfirmationNotAvailableException if confirmation prompts are not supported.
Get news & tips
Blog Support

Except as noted, this content is licensed under Apache 2.0. For details and restrictions, see the Content License.

Android 7.0 r1 —

About Android Auto TV Wear Legal