> For the complete documentation index, see [llms.txt](https://docs.talsec.app/appsec-articles/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.talsec.app/appsec-articles/glossary/sideloading/rasp-vs.-malware-detection.md).

# RASP vs. Malware Detection

The Talsec SDK evaluates installation sources for two independent security products: RASP and Malware Detection. They operate separately and require distinct configurations.

***

## How Each Product Evaluates Installation Sources

The following breakdown highlights how each product utilizes installation telemetry.

### RASP

The RASP module is strictly focused on self-protection. When initialized, the SDK checks the installer of your own protected application and compares this value against your trusted sources configuration:

* **If it matches:** The app runs normally.
* **If it doesn't match:** RASP triggers the `unofficialStore` callback.

<figure><img src="/files/yqWu4vXoGhuEUhbYgHHb" alt=""><figcaption></figcaption></figure>

### Malware Detection

Unlike RASP, Malware Detection looks outward. It scans the installation sources of every other application residing on the user's device. Each discovered app is evaluated individually against your trusted sources configuration. Any app originating from an unknown or untrusted source is flagged in the threat report.

<figure><img src="/files/7IbmfMG1Z9WXdIPRp8O9" alt=""><figcaption></figcaption></figure>

### Summary of Differences

<table><thead><tr><th width="179.64453125"></th><th>RASP</th><th>Malware Detection</th></tr></thead><tbody><tr><td><strong>Purpose</strong></td><td>Verifies your protected app was delivered through an approved channel.</td><td>Excludes apps from trusted sources on the device from malware scanning.</td></tr><tr><td><strong>Scope</strong></td><td>Evaluates the installation source of <strong>your protected app</strong>.</td><td>Evaluates the installation sources of <strong>all other apps</strong> on the device.</td></tr><tr><td><strong>Platform Supported</strong></td><td>Android &#x26; iOS</td><td>Android Only</td></tr><tr><td><strong>Triggered Callback</strong></td><td><code>onUntrustedInstallationSourceDetected</code> (Android native)<br><code>unofficialStore</code> (iOS &#x26; cross-platform)</td><td><code>onMalwareDetected</code> (with reason <code>installSource</code>)</td></tr></tbody></table>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.talsec.app/appsec-articles/glossary/sideloading/rasp-vs.-malware-detection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.