Whitelists

Whitelists are lists that contain data about applications which should not be flagged as malware.

There are two types of whitelist:

• Installation Source Based

• Dynamic Package Name Based

Installation Source Whitelist

An installation source whitelist contains a list of installation sources (package names) which are considered trustworthy.

We use installation source during two checks:

• standalone installation source check - any application that is installed from a source that is not whitelisted will be returned as suspicious in the scan result with the reason value set as installSource

• suspicious permissions check - as mentioned in Suspicious Permissions list, while checking permissions, we also check the installation source to reduce false positives. The logic is the same as in the standalone installation source check, any application installed from a source that is not whitelisted will be considered as installed from an untrusted source.

Examples of Installer Package Names

• com.android.vending Package name of Google Play Store

• com.huawei.appmarket Package name of Huawei App Gallery

• com.google.android.packageinstaller Package name of the Package Installer system app, which is responsible for managing the installation of applications on Android devices. Applications installed manually using an APK file will usually have this package name as their installation source.

• unknown Some applications might have their installation source set as null. This is considered as the installation source unknown. This can be true for some system apps or for apps installed through ADB. During development, your applications will fall into this category.

Setting up whitelist

TalsecConfig config = new TalsecConfig.Builder(context.getPackageName(), new String[] {CERTIFICATE_HASH})
        .whitelistedInstallationSources(new String[]{"com.android.vending"})
        .build();        

final config = TalsecConfig(
  androidConfig: AndroidConfig(
    malwareConfig: MalwareConfig(
      whitelistedInstallationSources: ['com.android.vending'],
    ),
    // Other config data
  ),
  // Other config data
);

const config = {
  androidConfig: {
    malwareConfig: {
      whitelistedInstallationSources: ['com.android.vending'],
    },
    // Other config data
  }
  // Other config data
}

const config = {
  androidConfig: {
    malwareConfig: {
      whitelistedInstallationSources: ['com.android.vending'],
    },
    // Other config data
  }
  // Other config data
}

const config = {
  androidConfig: {
    malwareConfig: {
      whitelistedInstallationSources: ['com.android.vending'],
    },
    // Other config data
  }
  // Other config data
}

Dynamic Package Name Based Whitelist

The dynamic package name whitelist contains package names that are considered safe and will be ignored in the scan results.

This list is dynamic, meaning you can add to it before, during, or after a scan. This is useful for handling local false positives, allowing users or the integrating application to whitelist less-known but trusted applications.

Setting up whitelist

Talsec.addToWhitelist(context, "com.example.app")

Talsec.instance.addToWhitelist('com.example.app');

import { addToWhitelist } from 'freerasp-react-native';

try {
  const response = await addToWhitelist('com.example.app');
  // response: true
} catch (error: any) {
  console.info('Error while adding app to malware whitelist: ', error);
}

try {
  const response = await talsec.addToWhitelist('com.example.app');
  // response: true
} catch (error: any) {
  console.info('Error while adding app to malware whitelist: ', error);
}

import { addToWhitelist } from 'capacitor-freerasp';

try {
  const response = await addToWhitelist('com.example.app');
  // response: true
} catch (error: any) {
  console.info('Error while adding app to malware whitelist: ', error);
}