Dashboard

Android In-APP Provisioning

Is Android In-APP Provisioning Available Now?

Implementing eSIMs in Android APPs could be done via different approaches for enabling eSIM activation, legacy method of eSIM activation is allowing Android APP users to scan a QR code to install eSIM, which isn’t the latest user experience. While the new approach could enable In-APP provisioning bypassing the step of scanning the code. However, this isn’t accessible without better understanding on carrier privilege and the tech support by an eSIM vendor with in-house SM-DP+ server and native LPA.

Legacy Method eSIM User Experience IN-APP Provisioning
Scanning QR Code Directly activate within the APP, no code scanning process

Tech Infrastructure

SM-DP+ Platform Subscription Manager Data Preparation +, is essentially a platform for storing and delivering digital eSIM Profiles, offering remote service that prepares, stores, and delivers profile packages to devices) 
LPA The LPA is a standalone, system app for management of the profiles on the eSIM,as a bridge between the SM-DP+and the eUICC chip.
eUICC Embedded SIM (eSIM, or eUICC) which should be contained in the device supporting eSIM feature
End User smartphone users carrying an eSIM-supported phone
Operator operators or eSIM vendors providing eSIM profiles

If you’re making your own LPA, you should go through much more rigorous testing. You should work with your modem vendor, eUICC chip or eSIM OS vendor, SM-DP+ vendors, and carriers to resolve issues and ensure interoperability of your LPA within the RSP architecture. A good amount of manual testing is inevitable. For best test coverage, you should follow the GSMA SGP.23 RSP Test Plan.

Carrier privileges

If you’re a eSIM carrier developing your own carrier app that calls EuiccManager to download profiles onto a device, your profile should include carrier privilege rules corresponding to your carrier app in the metadata. This is because subscription profiles belonging to different carriers can co-exist in the eUICC of a device, and each carrier app should only be allowed to access the profiles owned by that carrier. For example, carrier A should not be able to download, enable, or disable a profile owned by carrier B.

To ensure a profile is only accessible to its owner, Android uses a mechanism to grant special privileges to the profile owner’s app (that is, carrier app). The Android platform loads certificates stored in the profile’s access rule file (ARF) and grants permission to apps signed by these certificates to make calls to EuiccManager APIs. The high-level process is described below:

    • Operator signs the carrier app APK; the apksigner tool attaches the public-key certificate to the APK.

    • Operator/SM-DP+ prepares a profile and its metadata, which include an ARF that contains:
        • Signature (SHA-1 or SHA-256) of the carrier app’s public-key certificate (required)

        • Package name of the carrier app (strongly recommended)

    • Carrier app tries to perform an eUICC operation with the EuiccManager API.

    • Android platform verifies SHA-1 or SHA-256 hash of the caller app’s certificate matches the signature of the certificate obtained from the target profile’s ARF. If the package name of the carrier app is included in the ARF, it must also match the package name of the caller app.

    • After the signature and the package name (if included) are verified, the carrier privilege is granted to the caller app over the target profile.

Because profile metadata can be available outside of the profile itself (so that LPA can retrieve the profile metadata from SM-DP+ before the profile is downloaded, or from ISD-R when the profile is disabled), it should contain the same carrier privilege rules as in the profile.

The eUICC OS and SM-DP+ must support a proprietary tag BF76 in the profile metadata. The tag content should be the same carrier privilege rules as returned by the access rule applet (ARA) defined in UICC Carrier Privileges:

 

Steps for Implementation of Android IN-APP Provisioning for your APP 

 (if you don’t own the tech infrastructure and Carrier Privilege mentioned above and are getting started to offer eSIMs as a product in your APP)

    1. Evaluate a reliable eSIM vendor with reliable API and competitive rate cards before getting started, for getting global eSIMs for reselling in your APP
    2. Implementing eSIM into your Android APP following steps mentioned in Android Open Resource Project: https://source.android.com/docs/core/connect/esim-euicc-api eUICC communication APIs (@SystemApi only) are available through the class EuiccCardManager
    3. The implementation might not work as the APP wasn’t authorized by the SM-DP+ platform certified by GSMA with telco-level security. To grant permission to apps signed by these certificates to make calls to a handful of special APIs for provisioning eSIM, it takes the step to put the APP APK signature in an SM-DP+ platform in advance to enable the provisioning, and users then get to use the APP get to download eSIM from the SM-DP+ platform.
    4. Specifically, check UICC Carrier Privileges to understand better about Android In-APP Provisioning
    5. Work with an eSIM vendor certified by GSMA with in-house SM-DP+ and native LPA with carrier privileges to enable the In-APP Provisioning
    6. eSIM vendor that meet criteria of step 4 will configure the available tag in its own SM-DP+ to put into eSIM profiles metadata for your APP to share the same carrier privileges with their own.

How can eSIM Access help?

eSIM Access and parent Redtea Mobile can help with your application. We have successfully integrated in app provisioning in consumer apps for carriers APPs and travel-related Android APPs,

If you maintain an established Android Application with thousands of ratings and tens of thousands of downloads, and want to add eSIM sales into your current customer journey of international travelers, we may be able to help add eSIM provisioning to your application.    

Talking Commercials

Please contact us for commercial details about implementing In-APP provisioning and provide the following info would be much appreciated: alliance@esimaccess.com, or setup a call to discuss

    1. Are you taking it seriously to offer eSIM in your APP
    2. How much do you plan on monthly eSIM sales estimation and First Deposit for eSIMAccess console
    3. Provide Your Android APP name and company deck (if you have one)

  1.  

Terms and Conditions

The Two Parties agree that will leverage on the additional feature of eSIMAccess Global Connectivity Platform – the In-APP Provisioning for Android APP. The Partner would be in charge of implementing eSIM solutions into its current APP based on the open API of Google (https://source.android.com/docs/core/connect/esim-overview) while Redtea Mobile is in charge of enabling the In-APP Provisioning and support as an eSIM SM-DP+ vendor certified by GSMA with in-house SM-DP+ and native LPA, as well as rich experiences handling the tech flow for many Android APPs.

iOS In-App provisioning

For iOS IN-APP Provisioning, visit our write-up.