If you are an Android developer tasked with merging comsec security with ericsson NSDS endpoints for a webapp, here is a proof-of-concept shell that outperforms default browsers.
// BetterAndroidNSDSActivity.kt // Targets: Android 13+, Ericsson NSDS v4, Comsec certs via custom TrustManagerclass SecureNSDSWebApp : AppCompatActivity()
private lateinit var webView: WebView override fun onCreate(savedInstanceState: Bundle?) super.onCreate(savedInstanceState) setContentView(R.layout.activity_secure_nsds) webView = findViewById(R.id.nsds_webview) // 1. Comsec Hardening: Disable unsafe WebView features webView.settings.apply javaScriptEnabled = true domStorageEnabled = true allowFileAccess = false // Comsec strict allowContentAccess = false setMixedContentMode(MIXED_CONTENT_NEVER_ALLOW) userAgentString = "BetterNSDS-Android/3.0 (Comsec+Ericsson)" // 2. The "Better" bridge: Handle NSDS tokens + Comsec certs webView.webViewClient = object : WebViewClient() override fun onReceivedSslError( view: WebView?, handler: SslErrorHandler?, error: SslError? ) // PROD: Do not proceed unless error is null. // For Comsec vs Ericsson: Only proceed if the cert matches your pinned PubKey. if (error?.primaryError == SslError.SSL_UNTRUSTED) // Check if this is the Ericsson NSDS intermediate CA val certChain = error.certificate if (isValidComsecEricssonHybridCert(certChain)) handler?.proceed() // Allow for this specific flow else handler?.cancel() else handler?.cancel() override fun shouldInterceptRequest( view: WebView?, request: WebResourceRequest? ): WebResourceResponse? // Intercept NSDS API calls to inject Comsec headers if (request?.url?.toString()?.contains("/nsds/api/") == true) // Add Comsec session ID via custom header return super.shouldInterceptRequest(view, request) return super.shouldInterceptRequest(view, request) // 3. Load the Ericsson NSDS WebApp webView.loadUrl("https://your-ericsson-nsds.company.intra/dispatch") // 4. Enable Remote Debugging (for QA) - Disable in PROD if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) WebView.setWebContentsDebuggingEnabled(BuildConfig.DEBUG)
Why this is "better":
Ericsson NSDS:
Comsec:
Do not use a pure WebApp. Use a Progressive Web App (PWA) wrapped in a native Android WebView with custom hooks.
| Component | Pure Comsec | Pure Ericsson | BETTER Hybrid (Our Recommendation) |
| :--- | :--- | :--- | :--- |
| Crypto Storage | External HSM | Android Keystore | Biometric-bound Key inside StrongBox |
| TLS Handshake | Custom mTLS with cert pinning | Standard TLS 1.3 | mTLS via Conscrypt (Android's SSL lib) |
| NSDS Session | Manual token injection | OAuth 2.0 native | WebView CookieManager with partitioned cookies |
| Android Version | Requires Root? No, but complex | Android 11+ | Android 13+ (Granular media & security) |
Ericsson’s NSDS is optimized for carrier-grade networks. It uses SIM-based authentication (5G AKA) and OAuth 2.0. For an Android WebApp, this is smoother because Android handles SIM crypto natively.
The Verdict (so far): For a better Android WebApp experience, Ericsson NSDS wins on speed. For better security, Comsec wins. But the keyword asks for better integrated WebApp performance. We need a hybrid.
To understand which solution is "better," we must first define the players in this specific context:
