Comment by londons_explore
2 years ago
v2 of this will require an Android/iOS app which will make use of the platforms secure storage abilities for the key.
On non-rooted devices, those are pretty much impervious to the user trying to inspect their contents.
And this is why those companies love DRM'd (non-rooted) devices and try to detect when you broke this form of DRM: you can't get at your data, not even to make a backup of it; they're in full control. Also for security (can't grant root to malware if you don't have the permission to grant that), but also for everything else
You could extract the barcode at all times in the future by setting the system clock (you can do this on non-rooted phones, and keep it that way at least if you do it in airplane mode).
The Android docs mention a "secure timer" in the hardware security module, but I'm not sure that it can be used to prevent this.
https://developer.android.com/reference/android/security/key...