⚙️Malware Detection Configuration
Malware detection is an integral part of the freeRASP SDK and is configured using the same TalsecConfig object. Malware configuration in TalsecConfig allows you to customize the behavior of the malware detection feature.
To enable malware detection, extend the configuration used during the initial integration of the SDK:
// Android uses Builder pattern for configuration
TalsecConfig config = new TalsecConfig.Builder(context.getPackageName(), new String[] {CERTIFICATE_HASH})
.blacklistedPackageNames(new String[]{"com.example.app"})
.blacklistedHashes(new String[]{"exampleHash"})
.suspiciousPermissions(new String[][]{{"android.permission.READ_CONTACTS"}, {"android.permission.SEND_SMS"}})
.whitelistedInstallationSources(new String[]{"com.android.vending"})
.build();// Flutter uses nested malware configuration object (malwareConfig)
final config = TalsecConfig(
androidConfig: AndroidConfig(
...
malwareConfig: MalwareConfig(
blacklistedPackageNames: ['com.example.app'],
blacklistedHashes: ['exampleHash'],
suspiciousPermissions: [
['android.permission.CAMERA'],
['android.permission.READ_SMS', 'android.permission.READ_CONTACTS'],
],
whitelistedInstallationSources: ['com.android.vending'],
),
),
iosConfig: IOSConfig(...),
...
);// React Native uses nested malware configuration object (malwareConfig)
const config = {
androidConfig: {
...
malwareConfig: {
blacklistedHashes: ['exampleHash'],
blacklistedPackageNames: ['com.example.app'],
suspiciousPermissions: [
['android.permission.BLUETOOTH', 'android.permission.INTERNET'],
['android.permission.BATTERY_STATS'],
],
whitelistedInstallationSources: ['com.android.vending'],
},
}
}// Cordova uses nested malware configuration object (malwareConfig)
const config = {
androidConfig: {
...
malwareConfig: {
blacklistedHashes: ['exampleHash'],
blacklistedPackageNames: ['com.example.app'],
suspiciousPermissions: [
['android.permission.BLUETOOTH', 'android.permission.INTERNET'],
['android.permission.BATTERY_STATS'],
],
whitelistedInstallationSources: ['com.android.vending'],
},
}
}// Capacitor uses nested malware configuration object (malwareConfig)
const config = {
androidConfig: {
...
malwareConfig: {
blacklistedHashes: ['exampleHash'],
blacklistedPackageNames: ['com.example.app'],
suspiciousPermissions: [
['android.permission.BLUETOOTH', 'android.permission.INTERNET'],
['android.permission.BATTERY_STATS'],
],
whitelistedInstallationSources: ['com.android.vending'],
},
}
}It includes the following fields:
blacklistedPackageNamesblacklistedHashessuspiciousPermissionsA list of permissions that, if granted to another app, trigger a detection. You can specify single permissions or groups of permissions that, if requested together, are flagged as suspicious.whitelistedInstallationSource
Last updated