⚙️Malware Detection Configuration

Malware detection is an integral part of the freeRASP SDK and is configured using the same TalsecConfig object. Malware configuration in TalsecConfig allows you to customize the behavior of the malware detection feature.

To enable malware detection, extend the configuration used during the initial integration of the SDK:

// Android uses Builder pattern for configuration

TalsecConfig config = new TalsecConfig.Builder(context.getPackageName(), new String[] {CERTIFICATE_HASH})
        .blacklistedPackageNames(new String[]{"com.example.app"})
        .blacklistedHashes(new String[]{"exampleHash"})
        .suspiciousPermissions(new String[][]{{"android.permission.READ_CONTACTS"}, {"android.permission.SEND_SMS"}})
        .whitelistedInstallationSources(new String[]{"com.android.vending"})
        .build();

// Flutter uses nested malware configuration object (malwareConfig)

final config = TalsecConfig(
  androidConfig: AndroidConfig(
    ...
    malwareConfig: MalwareConfig(
      blacklistedPackageNames: ['com.example.app'],
      blacklistedHashes: ['exampleHash'],
      suspiciousPermissions: [
        ['android.permission.CAMERA'],
        ['android.permission.READ_SMS', 'android.permission.READ_CONTACTS'],
      ],
      whitelistedInstallationSources: ['com.android.vending'],
    ),
  ),
  iosConfig: IOSConfig(...),
  ...
);

It includes the following fields:

• blacklistedPackageNames A list of package names , any app with a package name in this list will trigger a detection.

• blacklistedHashes A list of APK hashes, which will trigger a detection. These hashes typically represent known malicious app versions.

• suspiciousPermissions A list of permissions that, if granted to another app, trigger a detection. You can specify single permissions or groups of permissions that, if requested together, are flagged as suspicious.

• whitelistedInstallationSource A list of trusted sources from which apps can be installed.