Fork 0
eSIM LPA (Local Profile Assistant) implementation for Android. System privilege or ARA-M allowlisting required. EXTENDED TO ACCEPT GSMA SGP.26 TEST ROOT CERTFIFICATE.
Go to file
Harald Welte de69c6d1e1 Add SGP.26 (GSMA test) certificate support
Ideally, LPA software like easyEUICC should not make contain a list of
hard-coded TLS server certificates, but accept any certificates signed
by the SubjectKeyIds reported by the eUICC in GetEuiccInfo1/2.

I described this in more detail at

As a work-around, this commit adds the GSMA SGP.26 test root
certificate, so at least test certificates are accepted.

This workaround will permit the use of test-SM-DP+ like
smdpp.test.rsp.sysmocom.de with test-eUICCs like the sysmoEUICC1-C2T.
2024-02-17 13:18:28 +01:00
.forgejo/workflows workflows: Run only on runners with android app keystore 2024-02-15 19:07:30 -05:00
.idea refactor: Create OpenEuiccUIContextMarker to facilitate easy access to application-global singletons 2024-02-04 20:26:54 -05:00
app Add SGP.26 (GSMA test) certificate support 2024-02-17 13:18:28 +01:00
app-common Add SGP.26 (GSMA test) certificate support 2024-02-17 13:18:28 +01:00
app-deps app-deps: Exclude jetbrains kotlin stdlib 2024-01-20 16:44:59 -05:00
app-unpriv Add SGP.26 (GSMA test) certificate support 2024-02-17 13:18:28 +01:00
buildSrc refactor: Migrate to build.gradle.kts 2024-01-09 21:01:20 -05:00
gradle/wrapper chore: Upgrade gradle plugin 2023-11-12 17:01:20 -05:00
libs lpac-jni: Use APP_LDFLAGS instead of cFlags in build.gradle 2024-01-12 21:29:35 -05:00
.gitignore .gitignore: Add .idea/deploymentTargetDropDown.xml 2024-01-27 10:59:01 -05:00
.gitmodules refactor: [1/n] Introduce the lpac project and lpac_jni 2023-11-14 20:59:27 -05:00
Android.bp Android.bp: Fix building on AOSP 14 (finally) 2024-01-21 16:51:18 -05:00
Android.mk Implement Android.bp building with AOSP for lpac_jni 2023-11-27 16:54:49 -05:00
README.md Move COPYING to README.md and change owners to "OpenEUICC contributors" 2024-01-28 10:44:17 -05:00
build.gradle.kts refactor: Migrate to build.gradle.kts 2024-01-09 21:01:20 -05:00
gradle.properties chore: Upgrade gradle plugin 2023-11-12 17:01:20 -05:00
privapp_whitelist_im.angry.openeuicc.xml Add privapp permission whitelist for production builds 2022-08-13 10:44:34 -04:00
settings.gradle.kts Generate Android.bp and dependencies with LineageOS's GenerateBp plugin 2024-01-20 16:36:23 -05:00



A fully free and open-source Local Profile Assistant implementation for Android devices.

There are two variants of this project:

  • OpenEUICC: The full-fledged privileged variant. Intended to be run as a privileged system app (inside /system/priv-app) and serve as the system LPA. This can be used to manage all kinds of eSIM chips, embedded or removable.
    • The privileged variant can be imported to build along with AOSP by simply placing this repository and its dependencies inside the AOSP tree.
    • Notes:
      • This repository contains submodules. If inclusion in manifest.xml is required, remember to set the sync-s option.
      • Only the latest AOSP release is supported for building. Older versions of AOSP are still compatible with the app itself, but it may not compile within the old AOSP trees. For older versions, consider building the app with gradle or a newer AOSP source tree and simply import as a prebuilt apk.
  • EasyEUICC: Unprivileged version that can run as a user app. An eSIM chip must include the certificate of EasyEUICC in its ARA-M field in order to grant access without system privileges. This is intended for removable eSIM chips such as those provided by eSTK.
    • Prebuilt EasyEUICC apks can be downloaded here
    • For removable eSIM chip vendors: to have your chip supported by official builds of EasyEUICC, include the ARA-M hash 2A2FA878BC7C3354C2CF82935A5945A3EDAE4AFA


Make sure you have all submodules cloned and updated by running

git submodule update --init

A file keystore.properties is required in the root directory. Template:


Note that you must have a Java-compatible keystore generated first.

To build the privileged OpenEUICC:

./gradlew :app:assembleRelease

For EasyEUICC:

./gradlew :app-unpriv:assembleRelease


  • Q: Do you provide prebuilt binaries for OpenEUICC?

  • A: No. If you are a custom ROM developer, either include the entire OpenEUICC repository in your AOSP source tree, or generate an APK using gradle and import that as a prebuilt system app. Note that you might want privapp_whitelist_im.angry.openeuicc.xml as well.

  • Q: AOSP's Settings app seems to be confused by OpenEUICC (for example, disabling / enabling profiles from the Networks page do not work properly)

  • A: When your device has internal eSIM chip(s) and you have inserted a removable eSIM chip, the Settings app can misbehave since it was never designed for this scenario. Please prefer using OpenEUICC's own management interface whenever possible. In the future, there might be an option to exclude removable SIMs from being reported to the Android system.

  • Q: Can EasyEUICC manage my phone's internal eSIM?

  • A: No. For EasyEUICC to work, the eSIM chip MUST proactively grant access via its ARA-M field.

  • Q: Removable eSIMs? Are they a joke?

  • A: No, even though the name "removable embedded SIM" can sound like an oxymoron. In fact, there can be many advantages to these chips compared to fully embedded ones. For example, the ability to transfer eSIM profiles without carrier support or approval, or the ability to use eSIM on devices that do not and may never get the support, such as Wi-Fi hotspots.


Copyright 2022-2024 OpenEUICC contributors

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.