As you know, we can see a list of AID of applets reside on a smart card using gpj -list or using similar commands in another tools (such as gpshell, gp , opensc-tool ...)
I want to know is there any way to hide an applet to list in the response of these kind of commands? I mean uploading an applet in a way that when we use gpj -list, the smart card doesn't return its AID!
In order to list the AIDs of applets, executable load files and security domains, all these tools generate GET STATUS APDUs, which first need to establish a secure channel to the ISD.
So if I didn't want the world to know that a specific applet is installed in the card, I would rotate the ISD keys.
If I were even more paranoid, wanting to limit not only applet listing, but also checks for my applet existence, I would make it not selectable.