Hardware-enforced via Android KeyStore + CryptoObject: - AES key in TEE/StrongBox with setUserAuthenticationRequired(true) - BiometricPrompt receives Cipher as CryptoObject, unlocked only after real biometric auth (fingerprint/face), not bypassable - Key auto-invalidated on biometric enrollment change Flow: tap locked chat → BiometricPrompt → on success request server unlock token (POST /api/v1/auth/unlock) → fetch messages with X-Unlock-Token header → display conversation. Dependencies: androidx.biometric:biometric:1.4.0-alpha02
72 lines
No EOL
2.5 KiB
Text
72 lines
No EOL
2.5 KiB
Text
plugins {
|
|
alias(libs.plugins.android.application)
|
|
alias(libs.plugins.kotlin.compose)
|
|
alias(libs.plugins.kotlin.serialization)
|
|
alias(libs.plugins.ksp)
|
|
}
|
|
|
|
android {
|
|
namespace = "dev.kaizen.app"
|
|
compileSdk {
|
|
version = release(36) {
|
|
minorApiLevel = 1
|
|
}
|
|
}
|
|
|
|
defaultConfig {
|
|
applicationId = "dev.kaizen.app"
|
|
minSdk = 26
|
|
targetSdk = 36
|
|
versionCode = 1
|
|
versionName = "1.0"
|
|
|
|
testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
|
|
}
|
|
|
|
buildTypes {
|
|
release {
|
|
isMinifyEnabled = false
|
|
proguardFiles(
|
|
getDefaultProguardFile("proguard-android-optimize.txt"),
|
|
"proguard-rules.pro"
|
|
)
|
|
}
|
|
}
|
|
compileOptions {
|
|
sourceCompatibility = JavaVersion.VERSION_11
|
|
targetCompatibility = JavaVersion.VERSION_11
|
|
}
|
|
buildFeatures {
|
|
compose = true
|
|
}
|
|
}
|
|
|
|
dependencies {
|
|
implementation(platform(libs.androidx.compose.bom))
|
|
implementation(libs.androidx.activity.compose)
|
|
implementation(libs.androidx.compose.material3)
|
|
implementation(libs.androidx.compose.material.icons.extended)
|
|
implementation(libs.androidx.compose.ui)
|
|
implementation(libs.androidx.compose.ui.graphics)
|
|
implementation(libs.androidx.compose.ui.tooling.preview)
|
|
implementation(libs.androidx.core.ktx)
|
|
implementation(libs.androidx.lifecycle.runtime.ktx)
|
|
implementation(libs.androidx.lifecycle.runtime.compose)
|
|
// Networking + JSON for the real backend (POST /api/v1/auth/token, /chat, /me)
|
|
implementation(libs.okhttp)
|
|
implementation(libs.kotlinx.serialization.json)
|
|
// Hardware-backed encrypted storage for the bearer token (EncryptedSharedPreferences)
|
|
implementation(libs.androidx.security.crypto)
|
|
// Room offline cache (local SQLite read-cache for conversations + messages)
|
|
implementation(libs.androidx.room.runtime)
|
|
ksp(libs.androidx.room.compiler)
|
|
// Biometric auth (fingerprint/face unlock) for locked conversations — hardware-enforced via TEE/StrongBox
|
|
implementation(libs.androidx.biometric)
|
|
testImplementation(libs.junit)
|
|
androidTestImplementation(platform(libs.androidx.compose.bom))
|
|
androidTestImplementation(libs.androidx.compose.ui.test.junit4)
|
|
androidTestImplementation(libs.androidx.espresso.core)
|
|
androidTestImplementation(libs.androidx.junit)
|
|
debugImplementation(libs.androidx.compose.ui.test.manifest)
|
|
debugImplementation(libs.androidx.compose.ui.tooling)
|
|
} |