# this schema must be refactored to match the Android APIs # e.g. https://developer.android.com/reference/android/os/Build # Constants are defined in the Build class # - BRAND # - DEVICE # - HARDWARE # etc $schema: "http://json-schema.org/draft-07/schema#" schemaVersion: "1.0.0" title: Android Posture description: The posture of the client instance. The structure depends on the platform. type: object properties: platform_product_id: $ref: "./product-id-android.yaml" description: The product identifier for Android apps product_id: type: string description: The gematik product identifier product_version: type: string description: The product version build: description: Android build information, see https://developer.android.com/reference/android/os/Build type: object properties: version: type: object properties: sdk_int: type: integer description: Build.VERSION.SDK_INT security_patch: type: string description: Build.VERSION.SECURITY_PATCH manufacturer: type: string description: Build.MANUFACTURER product: type: string description: Build.PRODUCT model: type: string description: Build.MODEL board: type: string ro: type: object properties: crypto: type: object properties: state: type: boolean description: ro.crypto.state product: type: object properties: first_api_level: type: integer description: ro.product.first_api_level packageManager: type: object properties: feature_verified_boot: type: boolean # TODO: document where this comes from mainline_patch_level: type: string keyguardManager: type: object properties: isDeviceSecure: type: boolean # TODO: Refactor to https://developer.android.com/reference/android/hardware/biometrics/BiometricManager biometricManager: type: object properties: deviceCredential: type: boolean biometricStrong: type: boolean # TODO: Refactor to https://developer.android.com/reference/android/app/admin/DevicePolicyManager devicePolicyManager: type: object properties: passwordComplexity: type: integer enum: - 0 - 1 - 2 - 3 key_attestation_certificate_chain: type: array description: The certificate chain from the Android Key Attestation items: type: string play_integrity_token: type: string description: > Das von der Google Play Integrity API ausgestellte und base64-enkodierte Token. Wird vom AuthS validiert, um die meets_*_integrity Claims zu generieren. required: - product_id - product_version - build - key_attestation_certificate_chain