2

I have an Android app, which can run on a Single Board Computer (SBC) in a "dedicated device" mode. Is there a way to prevent someone from copying it?

Any specific board examples are welcome.

P.S. Raspberry Pi and Tinker Board, probably won't work because it's very easy to copy their SD Card content.

Sergey
  • 324
  • 4
  • 9
  • 1
    This question is far too broad. There are a huge number of SBC's, each would likely have their own approaches to protecting their contents. Some may even have encrypted flash and secure boot capabilities. You'll need to do some more research, and if you have a more specific question ask it once you have that additional information. – Ross Jun 03 '19 at 11:55
  • Ross, yes, it's a broad question. So, a broad answer would be fine too. And, actually, you already provided an answer (the best one so far). So, I'll look into SBCs with "encrypted flash" and "secure boot" capabilities. Thanks. – Sergey Jun 03 '19 at 21:45
  • 1
    @Sergey For a Pi it is not possible to encrypt the SD card just out of the box (not with auto login): [source](https://www.raspberrypi.org/forums/viewtopic.php?t=181181). The link does suggest a hardware solution but it is two years old and never updated. – Bart Jun 04 '19 at 08:39
  • @Bart Thanks! If Pi is not good, I guess I'll be looking at some other SBCs. Maybe something with on-board eMMC, which would be much harder to remove than an SD Card. – Sergey Jun 05 '19 at 14:26
  • It looks like I have found an SBC that supports secure boot - NXP i.MX 8. https://www.toradex.com/computer-on-modules/apalis-arm-family/nxp-imx-8 But it doesn't have a good Android support, and it's very expensive. Any other SBCs? – Sergey Jun 06 '19 at 06:07
  • Your question sounds like you may be using the wrong 'tool' for the job, i.e. Android. Many/most SBCs can run some flavor of 'bare' Linux. What is the reason you need to use Android as the OS for your embedded software? – JimmyB Jun 11 '19 at 12:53
  • @JimmyB Comparing to 'bare' Linux, Android provide many extra features that I find very useful. My program is written in Java (Kotlin), so on 'bare' Linux I would have to use JavaFX for UI, which IMHO, is inferior to Android UI framework. Also, on Android, it's easier to talk to USB. And it has a free profiler. – Sergey Jun 11 '19 at 14:00
  • That's what I figured would be the reasons; which, to me, don't sound very convincing at this time: You want to use Kotlin, and you want to build an embedded device, and you don't want to use readily available platforms (i.e. Linux). Now you've already come to a point where you have to realize that Android is probably not the best choice, because it lacks something you find in some SBCs, but those don't support Android. I still recommend reconsidering your priorities, esp. the trade off between using Android and fully leveraging an embedded system's features. – JimmyB Jun 11 '19 at 14:25
  • @JimmyB 1. I do want to use readily available platforms. 2. Could you please recommend a good SBC with secure boot? – Sergey Jun 11 '19 at 14:49

2 Answers2

0

Use an USB token with LUKS ...simply because the key must not exist on a partition which is not encrypted - and cannot be read from an encrypted partition. commonly these token even support two keys, so the other one still can be used for further things. To copy an SD is in every case more easy than to copy a token - and when combining the secondary key with a web-service, this can be an effective copy protection, because it's locked to hardware (you might also need to run a key-server, in case such an USB token would need to be reproduced & replaced). I'd doubt that a SBC without the least additional security factor could provide something alike copy protection or software activation.

Martin Zeitler
  • 1
  • 19
  • 155
  • 216
  • We can't rely on a web-service, because the device, usually, won't have the Internet connection. – Sergey Jun 11 '19 at 14:23
0

I don't see a perfect solution yet, but here are the best candidates:

  1. Use a standard Android phone (or tablet) in "dedicated device" mode. Most standard phones have secure boot already. TODO: research how well the user app is protected from copying in this case.

  2. Use an SBC with soldered-in eMMC, and cover it (or the whole board) with epoxy or something.

  3. Use an SBC with secure boot. TODO: find one with Android support.

  4. Install a unique version of software on each board that checks CPU ID or MAC address or something. Disadvantage: complicates the build system and relatively easy to defeat.

Sergey
  • 324
  • 4
  • 9
  • 4. Use another, more appropriate programming language for an embedded system (C, C++, ... maybe Java) – JimmyB Jun 11 '19 at 14:27
  • @JimmyB What advantages would Java have over Kotlin? As for C, C++, which GUI framework would you use with them? – Sergey Jun 11 '19 at 14:44
  • Never mind Java. Since Kotlin can run on the JVM, it shouldn't make much of a difference. - For C++, the first thing that comes to my mind would be [Qt](https://en.wikipedia.org/wiki/Qt_(software)), for C maybe [GTK](https://en.wikipedia.org/wiki/GTK); see also https://en.wikipedia.org/wiki/List_of_widget_toolkits – JimmyB Jun 11 '19 at 23:54
  • @JimmyB Qt license is very expensive - starts from $459/month. And GTK is not as good as Android or even JavaFX. – Sergey Jun 12 '19 at 03:53
  • Do you need a commercial license? In many cases, the [LGPL](https://doc.qt.io/qt-5/lgpl.html) can be used because the Qt library is installed independently of your software and dynamically linked at runtime. However, they say that you "[m]ust make “open” consumer devices", so this may or may not be viable. Would have to check if/how that affects you if you were to distribute devices with Linux, and Qt, installed on which your software runs. – JimmyB Jun 12 '19 at 09:29
  • Of course, GUI programming in C or C++ on Linux is not as clean and easy as in Android apps. But I think that Android and its features, being targeted at mobile phones, may not be a good option for something that really isn't anything like a phone; like, if all you need is a neat GUI and USB connectivity, and maybe even only a single application installed/running, Android is probably overkill/not a good fit. – JimmyB Jun 12 '19 at 09:35
  • @JimmyB Yes, I have just double checked it, in our case, Qt would require a commercial license: https://www.qt.io/download As for Android, it runs on may types of devices, not just phones. And it doesn't look like an overkill to me. That is, both Linux and Android would require about the same computational power to provide good user experience. And development time would be much shorter for Android. – Sergey Jun 13 '19 at 01:18