IssueTracker

We are experiencing an issue with our Android attestation system where the packageName field in keystore certificates is consistently returning "UnknownPackage" when decoded. This problem specifically occurs on Xiaomi and Motorola devices.

Component used:

• java.security.cert.Certificate extracted from java.security.KeyStore

Devices/Android versions reproduced on:

• Xiaomi Devices Motorola Models: [Motorola Edge 30 Fusion, Moto G(100)] Android Version: [Android 12, 13]

Upon decoding the keystore certificate, the packageName field translates from hexadecimal "556E6B6E6F776E5061636B616765" to the string "UnknownPackage". This unexpected value prevents us from accurately identifying the originating package of the certificate, thereby hindering the validation process within our attestation system.

Example certificate

{
  "attestationVersion": 3,
  "attestationSecurityLevel": "trustedEnvironment",
  "keyMintVersion": 41,
  "keyMintSecurityLevel": "trustedEnvironment",
  "attestationChallenge": "D9455AC08DCF772DA351A80D66CF029A",
  "uniqueId": "",
  "softwareEnforced": {
    "creationDateTime": 1724256940000,
    "attestationApplicationId": ""
  },
  "teeEnforced": {
    "purpose": [
      2
    ],
    "algorithm": 3,
    "keySize": 256,
    "digest": [
      4
    ],
    "ecCurve": 1,
    "noAuthRequired": null,
    "origin": 0,
    "rootOfTrust": {
      "verifiedBootKey": "C5D3C71BC70D58E3E0409CA9D9B34C0DBAC1D2F09A5DE948A4B8F090F1926965",
      "deviceLocked": true,
      "verifiedBootState": "verified",
      "verifiedBootHash": "DCCFAF59197FEBB575E59D0B37BB9989870068AF1E3786BEA2D6D2E4F5A9A74F"
    },
    "osVersion": 120000,
    "osPatchLevel": 202301,
    "vendorPatchLevel": 20230101,
    "bootPatchLevel": 20230101
  }
}
{
  "packageInfos": [
    {
      "packageName": "556E6B6E6F776E5061636B616765",
      "version": 1
    }
  ],
  "signatureDigests": []
}

Thank you for your attention and support in resolving this matter.

Best regards,

Vitor Cezila