freeRASP for Kotlin Multiplaform Guide
A Kotlin Multiplatform (KMP) variant that lets you add runtime app protection to your shared Kotlin code.
Today, freeRASP is getting a new family member: a Kotlin Multiplatform (KMP) variant that lets you add runtime app protection to your shared Kotlin code and ship secure apps to both Android and iOS from a single codebase. Teams using KMP can now reuse the same security logic alongside business logic, without duplicating integrations or maintaining separate SDK wiring per platform.
TL;DR: Edit 6 project files plus add 2 framework folders; jump to full integration guide now:
freeRASP for Kotlin Multiplatform
freeRASP itself is a lightweight mobile security library designed to detect common runtime threats such as rooting, jailbreaking, repackaging, reverse engineering, and emulator abuse. It connects to the Talsec Portal, providing real-time analytics and detailed security reports on detected risks. With the freeRASP for KMP variant, these protections are seamlessly integrated directly into the shared Kotlin module via a unified common API. This API intelligently abstracts over native Talsec components to execute platform-appropriate, low-level security checks.
The KMP variant is specifically designed for typical mobile KMP setups that target both Android and iOS. It utilizes the standard hierarchical source set structure (commonMain, androidMain, iosMain). This approach ensures that security logic is co-located efficiently with shared business logic while still allowing for necessary platform-specific configuration and customization when required.
Capabilities available in freeRASP for KMP
The KMP variant brings the same core detection categories that developers know from existing freeRASP integrations:
Rooted or jailbroken devices, including popular tools such as Magisk and Dopamine
Reverse engineering attempts and runtime hooking frameworks (for example, Frida or Xposed)
Tampering or repackaging and installation from untrusted sources
Emulators, app clones, multi‑instancing, screenshots, and screen recording attempts
You can react to these events through callbacks and monitor them later in the Talsec Portal. The solution is designed to have minimal impact on app performance and to support OWASP MASVS RESILIENCE requirements out of the box.
Check out freeRASP homepage for more information: https://docs.talsec.app/freerasp
Integration flow at a glance
Add the freeRASP KMP dependency
Create configuration in shared code
Register callbacks for security events
Implement callback handlers to react to detection events, for example by logging, displaying warnings, or triggering additional server‑side checks, using the common API exposed by the KMP library. Because callbacks live in shared code, behavior stays consistent across platforms.
Initialize freeRASP on startup
From your platform‑specific entry points (for example, Android Application class and iOS App delegate or equivalent), call into shared code to initialize freeRASP with the configuration. This ensures the SDK starts early enough to observe the full app lifecycle.
Ideal use cases
The KMP variant fits several common scenarios especially well:
Greenfield KMP apps that want to ship secure Android and iOS builds from day one.
Existing Android apps adopting a shared KMP module and planning to add an iOS client later
Teams that already use freeRASP on one platform and want to consolidate security into shared Kotlin code
By keeping security logic close to shared domain logic, teams can better enforce consistent policies across platforms and simplify maintenance.
Roadmap and compatibility
freeRASP has a long-standing track record of protecting production apps on both Android and iOS, including through many OS, device, and ecosystem changes. The new Kotlin Multiplatform variant builds on this foundation, so teams can expect the same stability and compatibility when sharing security logic across platforms.
The SDK evolves continuously to keep pace with fresh reverse-engineering tactics, new jailbreak and root approaches, and other emerging attack techniques, with updates captured in regular releases. The KMP library follows the same versioning and publishing conventions as the existing freeRASP SDKs, which keeps dependency management and CI/CD workflows predictable for engineering teams.
For a concrete view of how the product evolves over time, including new detections, improvements, and fixes, you can review the full history in the freeRASP “What’s New and Changelog” page at https://docs.talsec.app/freerasp/whats-new-and-changelog.
Get started
To start using freeRASP for Kotlin Multiplatform today:
Follow the step‑by‑step integration guide for KMP
Explore the Talsec Portal to see how detected threats appear in dashboards, reports, and benchmarks
Share feedback or issues via Github Issues
Happy coding, Talsec Team 💙
Handle App Security with a Single Solution! Check Out Talsec's Premium Offer & Plan Comparison!
Plans Comparison
https://www.talsec.app/plans-comparison
Premium Products:
RASP+ - An advanced security SDK that actively shields your app from reverse engineering, tampering, rooting/jailbreaking, and runtime attacks like hooking or debugging.
AppiCrypt (Android & iOS) & AppiCrypt for Web - A backend defense system that verifies the integrity of the calling app and device to block bots, scripts, and unauthorized clients from accessing your API.
Malware Detection - Scans the user's device for known malicious packages, suspicious "clones," and risky permissions to prevent fraud and data theft.
Dynamic TLS Pinning - Prevents Man-in-the-Middle (MitM) attacks by validating server certificates that can be updated remotely without needing to publish a new app version.
Secret Vault - A secure storage solution that encrypts and obfuscates sensitive data (like API keys or tokens) to prevent them from being extracted during reverse engineering.
Last updated
Was this helpful?