Only run the x509 serialization check on devices >= kitkat

Author: Fuzion24

app/src/main/java/fuzion24/device/vulnerability/vulnerabilities/framework/serialization/OpenSSLTransientBug.java

@@ -1,5 +1,6 @@
 package fuzion24.device.vulnerability.vulnerabilities.framework.serialization;
 import android.content.Context;
+import android.os.Build;
 import android.util.Log;
 
 import com.android.org.conscrypt.ZpenSSLX509Certificate;
@@ -74,6 +75,19 @@ public List<CPUArch> getSupportedArchitectures() {
     @Override
     public boolean isVulnerable(Context context) throws Exception {
 
+        /*
+             AOSP switched from bouncy castle to conscrypt in 4.4
+             This can be validated by looking at the preloaded classes:
+             https://github.com/android/platform_frameworks_base/blob/jb-mr2-release/preloaded-classes
+             https://github.com/android/platform_frameworks_base/blob/kitkat-release/preloaded-classes
+             Notice that conscrypt classes exist in KitKat 4.4 SDK 19
+             but not in Jellybean 4.3 MR SDK 18
+         */
+        
+        if(Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT){
+            return false;
+        }
+
         Class openSSLX509CertificateClass = Class.forName("com.android.org.conscrypt.OpenSSLX509Certificate");
 
         ObjectStreamClass clDesc = ObjectStreamClass.lookup(openSSLX509CertificateClass);