How to get icc authentication?

Question

I found some interesting methods in telephonyManager class like turning mobile data off/on but when trying to use them it obviously throws me security exception.("No carrier privilege"). I Googled it, but didn't find any helpful solution. Because it's carrier privilege I thought it may be possible to get its permission by telephonyManager.getIccAuthentication(int appType, int authType, String data) but I'm having problems with input parameters because I can't figure out what should I pass in to make it work.

From documentation to the first parameter would pass TelephonyManager.APPTYPE_SIM or/and TelephonyManager.APPTYPE_USIM depending on if it has big meaning in using setDataEnabled(boolean). If I would pass TelephonyManager.APPTYPE_SIM as a first argument I think I should passed TelephonyManager.AUTHTYPE_EAP_SIM as a second argument (correct me if I'm wrong) and vice versa, when TelephonyManager.APPTYPE_USIM as first so TelephonyManager.AUTHTYPE_EAP_AKA as second one.

And then there is the third argument. There must be encoded Base64 to string. I found in TelephonyProvider this line of code: String base64Challenge = Base64.encodeToString(byteParam, Base64.NO_WRAP); where byteParam is an input byte from another method which is being preceding by thousands other methods. If I pass "" as third parameter to getIccAuthentication method I get again securityException (it's obviously, wrong param) but it throws me lack of getIccSimChallengeResponse. I'm afraid of it may be infinite loop of methods, but maybe someone has any idea or help me to break this through?

My sample code:

public class MainActivity extends AppCompatActivity {


private static final String TAG = MainActivity.class.getSimpleName();

@Override
protected void onCreate(@Nullable Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);
    Button button = (Button) findViewById(R.id.buttonPanel);
    button.setOnClickListener(new View.OnClickListener() {
        @RequiresApi(api = Build.VERSION_CODES.O)
        @Override
        public void onClick(View view) {
            try {
                Process p = Runtime.getRuntime().exec("su");
                tel();
            } catch (IOException e) {
                e.printStackTrace();
            }

        }
    });

}

@RequiresApi(api = Build.VERSION_CODES.O)
private void tel(){
//        String base64Challenge = Base64.encodeToString(, 
Base64.NO_WRAP);
    TelephonyManager telephonyManager = (TelephonyManager)
            getSystemService(Context.TELEPHONY_SERVICE);
    boolean isCarrier = telephonyManager.hasCarrierPrivileges();
    String authentication = 
telephonyManager.getIccAuthentication(TelephonyManager.APPTYPE_SIM, 
TelephonyManager.AUTHTYPE_EAP_SIM, "");
    Log.v(TAG, authentication);
    if (isCarrier) {
        Log.v(TAG, "privs granted");
        telephonyManager.setDataEnabled(false);
    } else {
        Log.v(TAG, "no privilegies");
    }
}


}

Answer 1

From the docs:

Requires Permission: READ_PRIVILEGED_PHONE_STATE or that the calling app has carrier privileges (see hasCarrierPrivileges()).

The first of those requires you to be installed as a privileged system app (requires root or owning system certificate). The second requires your UID to be the carrier's. Without that no combo of parameters will work.