# Trusted Device Criteria

> To ensure the security and proper functionality of the Software, the following criteria must be met for a device to qualify as trusted:

Device State Requirements

The device must not:

1. Have an Unlocked Bootloader:
   * The bootloader must be locked.
   * For more information on locking the bootloader, see [here](https://source.android.com/devices/bootloader/locking_unlocking?hl=en).
2. Be Rooted:
   * The device must not have root access (the user must not have root privileges).
3. Have SELinux Disabled or Permissive:
   * SELinux must be set to **"enforcing" mode**. Devices with SELinux in "disabled" or "permissive" mode are not secure and will be blocked.
   * For more information on SELinux in Android, see [here](https://source.android.com/docs/security/features/selinux).
   * How to check:
     * Certain devices, such as Samsung smartphones, allow users to check the SELinux mode manually. To verify the SELinux state:
       1. Go to **Settings** > **About Phone**.
       2. Find the section **Software Information** (or similar).
       3. Look for **SE for Android** or a similar entry. The SELinux mode should be listed as either **Enforcing** or **Permissive**.
          * If it shows **Enforcing**, the device is secure and compliant.
          * If it shows **Permissive** or **Disabled**, the device needs adjustment or replacement.
   * If a device is flagged due to SELinux misconfiguration, the following options are available:
     1. **Adjust SELinux Mode Manually**:\
        Advanced users may attempt to change SELinux mode from "permissive" or "disabled" to "enforcing."\
        **Warning**: This process involves significant system modifications and could render the device unusable. It is not recommended for non-experts.
     2. **Visit a Service Center**:\
        You may seek assistance from a professional service center. Specialists at these centers may be able to reconfigure SELinux settings or provide a resolution.
     3. **Change the Device**:\
        The most straightforward and reliable solution is to replace the device with one meeting security requirements, where SELinux is properly enforced.
4. Be in Developer Mode:
   * How to check:
     * **Method 1:** Open "Settings," go to "About phone" or "About tablet," find the "Build number" section (or "MIUI version" on Xiaomi devices), and tap it. If developer mode is enabled, you'll see a confirmation message.
     * **Method 2:** Open "Settings," select "For Developers" (or "Advanced > For Developers"), and ensure the "Developer Mode" switch at the top is turned off.
5. Be in Debug Mode:
   * How to check:
     * **Method 1:** Open "Settings," select "For Developers" (or "Advanced > For Developers" on some devices). In the "Debug" menu, ensure "USB/Wi-Fi Debugging" is not activated.
     * **Method 2:** Connect the device to a computer and ensure no "USB/Wi-Fi Debugging enabled" notification appears on the smartphone.
6. Pass Google Play Integrity API Checks:
   * The device must successfully pass the Google Play Integrity API check with the **MEETS\_STRONG\_INTEGRITY** status.
   * How to check:
     * To verify the integrity verdict on your device, follow these steps:
       1. Enable Play Store's developer options by tapping your profile icon in the Play Store app, then selecting **Settings**.
       2. Open the **About** menu and tap **Play Store version** seven times to unlock developer mode.
       3. Open the Play Store app, tap your profile icon, then go to **Settings** > **General** > **Developer options**.
       4. In the **Play Integrity settings**, tap **Check integrity** to generate the verdict for the device.
     * For more detailed instructions, see [here](https://developer.android.com/google/play/integrity/additional-tools#check-device).
7. Contain Apps Violating Google's Software Principles:
   * Apps installed on the device must comply with [Google's Software Principles](https://www.google.com/about/software-principles.html) and [Unwanted Software Policy](https://www.google.com/about/unwanted-software-policy.html).
   * How to check Google Play Protect status: see [here.](https://support.google.com/accounts/answer/2812853?hl=en\&ref_topic=7189123)

## **Application Installation Source**

* The application must be downloaded and installed **only** from the Google Play Store.
* Installation from other sources is strictly prohibited, as it violates the License agreement.

## **Safe Usage of the Software**

When using the

<figure><img src="/files/LTUsIUpvNdIMOtzlrCgM" alt=""><figcaption></figcaption></figure>

&#x20; Android Software ("Software"), the user must not:

1. **Allow Screen Overlays:**
   * Apps or system functions (e.g., messengers) that overlay the Software screen must be turned off during transactions.
   * If a message about restricted usage appears, follow the steps [here](/help/faq/payment-acceptance.md).
2. **Use Split Screen or Broadcast Modes:**
   * Do not activate split-screen mode or use broadcast functionality from the mobile device.
3. **Use the Camera in Unintended Ways:**
   * Background apps with camera access must be closed during a transaction.
   * Disable system functions that keep the screen active due to constant background camera usage (e.g., Face ID features).
4. **Take Screenshots or Record Videos:**
   * Screenshotting or screen recording is prohibited while using the application.
5. **Turn Off Previously Granted Permissions:**
   * Ensure that all required permissions remain active for the application.
6. **Use Remote Control Applications:**
   * Applications like TeamViewer or AirDroid are not allowed.

## **NFC Requirements**

The device must have:

1. A functional embedded NFC module.
2. NFC configured to read cards.
   * **How to check:**
     * Open "Settings," go to "Connection and Sharing," and ensure NFC is turned on.
     * If there is an option to choose between "SIM" and "e-wallet," select "e-wallet."

## **Security Recommendations**

* **OS Updates:** Regularly update the device’s OS and components to ensure the latest security improvements.
* **Trusted Apps:** Only download apps from trusted vendors in the Play Store, verified by Google Play Protect.
* **Malware Detection:** Install and update malware detection tools to protect the device.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tapxphone.com/guide/app-guide/trusted-devices.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.