🦉FAQ

freeRASP is our community-driven security solution, ideal for early-stage development and low-risk applications. It is primarily designed to detect dangerous threats and does not provide comprehensive mobile app protection. It is best suited for environments where regulatory compliance and advanced protections are not critical.

Please take into account that:

• freeRASP includes experimental capabilities and contributes to our continuous research, product improvement, and data insights.

• It offers effective baseline protection for low-risk environments.

• For applications requiring enhanced protection, compliance assurance, or long-term support, RASP+ offers extended capabilities and SLA-backed support.

To learn more about acceptable use and limitations, please refer to our Fair Usage Policy.

The name of a wanted supported alternative store is in the form of its package name. You need to find out the package name of the application, which installs your application. For example, these are some package names of known alternative stores:

• com.xiaomi.mipicks

• com.vivo.appstore

• com.heytap.market

There are also some services, which use package installer for distribution of the application, e.g. the App Center uses com.google.android.packageinstaller or com.android.packageinstaller.

See Detecting unofficial installation for more information.

When you put a mail address into the watcherMail parameter in TalsecConfig. Talsec registers this mail address for security reports describing the application's security state and the characteristics of the devices it runs on, e.g. how many devices are rooted or if your application has been tampered with. The email ensures you get the Talsec Portal access, security reports, and important product announcements. See the Role of watcherMail andData Visualisation Portalpages for more details.

The Dev version is used to simplify the development process of the application, e.g. if you would implement killing of the application on the debugger callback. It disables some checks which won't be triggered during the development process:

• Emulator

• Debugging

• Tampering

• Unofficial store

• Obfuscation Issues

• Developer Mode

If you want to use the Dev version to disable checks, you need to set isProd parameter to false in TalsecConfig object instance. By default, the isProd parameter is set to true.

The easiest way how to produce an incident (trigger local check and create a record in the security report) is to install a release build on an emulator (e.g., Android Emulator, that comes with Android Studio). Both the app and freeRASP must be in release mode. You can also use a rooted Android device/emulator, in which case you create an incident event in debug mode.

NB: Debugging detection is disabled in debug mode to prevent false positives.

Internally, there are two types of checks:

• one-time checks,

• periodic checks.

One-time checks are executed only once when the app is launched and wasn't running in the background.

Periodic checks are performed regularly, at defined intervals (e.g. every X seconds or minutes).

Currently, there is no way to set the order of threat detection for freeRASP. The checks are performed asynchronously on Android and synchronously on iOS. If a check fails, the corresponding callback is executed.

There are a few steps to take when you want to do this. You need to remove the old TalsecRuntime.xcframework and integration script from your project:

• Go to your project's ios folder.

• Open Runner.xcworkspace in Xcode.

• On the top bar select Product -> Scheme -> Edit Scheme....

• On the left side select Build -> Pre-actions.

• Find the integration script and click the trash icon on the right side to remove it.

• Open the .flutter-plugins (in the root folder of the app), and get the address where the freeRASP is installed.

• Go to the given folder, and remove the freerasp folder file.

• Delete .symlinks folder from project.

• Run pub get.

• Run pod install to test it.

If you use the free version of freeRASP and your application is downloaded on more than 100,000 unique devices, you will have exceeded the allowed usage limit under the Fair Usage Policy. This means you are required to switch to a commercial subscription plan. Continued use beyond this limit without transitioning to a paid plan may result in suspension or termination of your freeRASP license and discontinuation of related services.

In our experience, integrating freeRASP typically results in a more modest increase of around 10 MB in the APK size, as seen in the example app in the freeRASP project.

Putting callbacks into multiple classes shouldn't cause any performance issues, but while the general idea of dissolving checks all over the codebase is valid, you won't get many advantages, as an attacker can still circumvent duplicate sections.

Due to inevitable performance impact, freeRASP cannot perform security scans all the time, which means it can take some time to detect specific threats. On the other hand, freeRASP performs specific checks like adbEnabled periodically. This periodicity interval is randomized, but no longer than four minutes and as of now it is not configurable. This approach helps keep your app responsive while still ensuring threat detection, though with a slight delay. The only moment you are guaranteed all the detection will be triggered is just after the app launch. If, for example, ADB gets enabled after the app has started, you’ll need to wait for the next scan cycle to complete. Once that happens, the check will run again, and the callback will be triggered.

With Talsec, we offer additional solutions to help overcome this limitation:

1. RASP+ RASP+ allows you to customize the detection interval in your own SDK build to better match your requirements. We’re also working on a dynamic interval management feature, which will give you even more control over how frequently each check runs. Additionally, RASP+ includes built-in threat responses, so you won’t have to wait for callbacks to react to detections. For more details on the differences between freeRASP and RASP+, check out our GitBook: https://docs.talsec.app/freerasp/features-and-pricing-plans/the-key-differences-freerasp-vs.-rasp+

2. AppiCrypt AppiCrypt secures communication between your app and backend. It includes the results of the Talsec security audit, which you can verify server-side. This way, you can confirm that the device sending the request has passed the security checks before proceeding with further communication. Learn more about AppiCrypt here: https://docs.talsec.app/premium-products/product/appicrypt.

If your app fails to build due to unresolved symbols in ScreenProtector.kt related to screen recording protection, the issue may be caused by compileSdkVersion, even if you’ve explicitly set it to 34 or higher in your build.gradle file.

This can happen when a script, typically inside an afterEvaluate block, modifies or overrides your SDK version during the build process. For example, you intended setting of 35 might be replaced with 33.

To fix this, check your build.gradle files for any afterEvaluate blocks and look for lines that change the compileSdkVersion. Remove or update them to ensure your project uses the correct SDK version required for the screen recording protection feature to compile successfully.

You can also refer to the discussion and solution in this GitHub issue.