I have now been able to import the original bc-fips-1.0.2.jar
(unmodified and with original signatures) into an Android App and get it
The solution is to open the fully built release .apk file (could use
winrar etc.) go into META-INF folder of the .apk (one does not even get
access to the .jar or its classes at this point amd no DEX file is
changed). There you will see a HMAC.SHA256 file - change the value to
what your app's checksum is. Then just sign the Android APK and install.
Yes I know all the normal small print applies - app is not NIST
compliant, I have no intention of stating it is etc.
Can someone tell me if the above process actually does create an app
that uses a 100% clean BCFIPS during the entire Android App lifecycle?