raise minimum API level to 31 (Android 12)

Android 12 is the oldest release with security support and also the oldest release supported by our App Store.
GrapheneOS · Jul 27, 2024 · 024b19f · 024b19f
1 parent 2f354e7
commit 024b19f
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 24 deletions.
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
@@ -46,7 +46,7 @@ android {
 
     defaultConfig {
         applicationId = "app.attestation.auditor"
-        minSdk = 29
+        minSdk = 31
         targetSdk = 34
         versionCode = 81
         versionName = versionCode.toString()

diff --git a/app/src/main/java/app/attestation/auditor/AttestationProtocol.java b/app/src/main/java/app/attestation/auditor/AttestationProtocol.java
@@ -1,7 +1,6 @@
 package app.attestation.auditor;
 
 import android.annotation.SuppressLint;
-import android.annotation.TargetApi;
 import android.app.KeyguardManager;
 import android.app.admin.DevicePolicyManager;
 import android.content.ComponentName;
@@ -1362,11 +1361,6 @@ static class AttestationResult {
         }
     }
 
-    @TargetApi(31)
-    static void setAttestKeyAlias(final KeyGenParameterSpec.Builder builder, final String alias) {
-        builder.setAttestKeyAlias(alias);
-    }
-
     static KeyGenParameterSpec.Builder getKeyBuilder(final String alias, final int purposes,
             final boolean useStrongBox, final byte[] challenge, final boolean temporary) {
         final Date startTime = new Date(new Date().getTime() - CLOCK_SKEW_MS);
@@ -1384,7 +1378,6 @@ static KeyGenParameterSpec.Builder getKeyBuilder(final String alias, final int p
         return builder;
     }
 
-    @TargetApi(31)
     static void generateAttestKey(final String alias, final byte[] challenge, final boolean useStrongBox) throws
             GeneralSecurityException, IOException {
         generateKeyPair(getKeyBuilder(alias, KeyProperties.PURPOSE_ATTEST_KEY,
@@ -1461,17 +1454,10 @@ static AttestationResult generateSerialized(final Context context, final byte[]
             keyStore.deleteEntry(freshKeyStoreAlias);
             attestationKeystoreAlias = freshKeyStoreAlias;
 
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
-                final PrivateKey key = (PrivateKey) keyStore.getKey(persistentKeystoreAlias, null);
-                final KeyFactory factory = KeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore");
-                final KeyInfo keyinfo = factory.getKeySpec(key, KeyInfo.class);
-                useStrongBox = keyinfo.getSecurityLevel() == KeyProperties.SECURITY_LEVEL_STRONGBOX;
-            } else {
-                final X509Certificate persistent =
-                    (X509Certificate) getCertificate(keyStore, persistentKeystoreAlias);
-                final String dn = persistent.getIssuerX500Principal().getName(X500Principal.RFC1779);
-                useStrongBox = dn.contains("StrongBox");
-            }
+            final PrivateKey key = (PrivateKey) keyStore.getKey(persistentKeystoreAlias, null);
+            final KeyFactory factory = KeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore");
+            final KeyInfo keyinfo = factory.getKeySpec(key, KeyInfo.class);
+            useStrongBox = keyinfo.getSecurityLevel() == KeyProperties.SECURITY_LEVEL_STRONGBOX;
 
             final boolean hasAttestKey = keyStore.containsAlias(attestKeystoreAlias);
             if (hasAttestKey) {
@@ -1498,7 +1484,7 @@ static AttestationResult generateSerialized(final Context context, final byte[]
                 KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY, useStrongBox, challenge,
                 hasPersistentKey);
         if (useAttestKey) {
-            setAttestKeyAlias(builder, attestKeystoreAlias);
+            builder.setAttestKeyAlias(attestKeystoreAlias);
         }
         generateKeyPair(builder.build());
 

diff --git a/app/src/main/java/app/attestation/auditor/RemoteVerifyJob.java b/app/src/main/java/app/attestation/auditor/RemoteVerifyJob.java
@@ -1,6 +1,5 @@
 package app.attestation.auditor;
 
-import android.annotation.TargetApi;
 import android.app.Notification;
 import android.app.NotificationChannel;
 import android.app.NotificationManager;
@@ -109,9 +108,7 @@ static void schedule(final Context context, int interval) {
                     .setPersisted(true)
                     .setRequiredNetworkType(JobInfo.NETWORK_TYPE_ANY)
                     .setEstimatedNetworkBytes(ESTIMATED_DOWNLOAD_BYTES, ESTIMATED_UPLOAD_BYTES);
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
-                builder.setExpedited(true);
-            }
+            builder.setExpedited(true);
             if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
                 builder.setPriority(JobInfo.PRIORITY_MAX);
             }