> For the complete documentation index, see [llms.txt](https://docs.talsec.app/freerasp/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.talsec.app/freerasp/freemalwaredetection/introduction-1.md).

# Introduction

The freeMalwareDetection SDK enables your Android application to identify potentially harmful applications installed on the same user device.

The SDK evaluates the device ecosystem using on-device metadata analysis — including app **hash-based** and **package name-based** blocklists, **requested app permissions**, and the **source of installation**. All scanning runs entirely on the device, ensuring that no application inventory or user data is ever transmitted to external servers.

<div data-with-frame="true"><figure><img src="/files/89ZT1dUqfImsJeYzl3d5" alt=""><figcaption></figcaption></figure></div>

It operates asynchronously in the background to avoid impacting your app's performance. High-risk findings are reported directly to your application via callbacks, allowing you to implement custom, context-aware security logic.

***

## Supported Platforms

<table data-view="cards"><thead><tr><th></th></tr></thead><tbody><tr><td><strong>Android</strong></td></tr><tr><td><strong>Flutter</strong></td></tr><tr><td><strong>React Native</strong></td></tr><tr><td><strong>Capacitor</strong></td></tr><tr><td><strong>Cordova</strong></td></tr><tr><td><strong>Kotlin Multiplatform</strong></td></tr></tbody></table>

***

## Technical Scope and Threat Model

The Android application ecosystem and distribution models allow attackers to distribute malicious apps (often requesting sensitive permissions) designed to exploit or intervene in other applications on the device. Users are frequently tricked into sideloading these applications from untrusted sources via social engineering.

Such malware is often created and distributed specifically to target high-value applications. The freeMalwareDetection SDK defends against these threats by analyzing metadata and heuristic signals — evaluating requested permissions, installation sources, and known blocklists — entirely on the device, with no internet connection required.

{% hint style="info" %}
For applications requiring an additional layer of verification against a continuously updated global threat database, see [Premium Malware Detection](https://docs.talsec.app/premium-products/product/malware-detection).
{% endhint %}

To ensure a secure environment, the freeMalwareDetection SDK is specifically engineered to identify apps that facilitate activities such as:

* **Remote Access Trojans (RATs) & Overlays:** Applications requesting aggressive permission sets to control the device remotely, draw fake UI layers (e.g., login screens) over your application, or read the content of the screen.
* **Communication Interception:** Apps designed to make or accept calls, intervene in network communications, or act as SMS stealers to intercept incoming 2FA codes.
* **Accessibility Abuse & Keylogging:** Malicious apps abusing Android Accessibility Services to autonomously click buttons on behalf of the user, approve background transactions, or log keyboard inputs.

***

## Key Features

To tackle these complex threats without compromising your app's UX, privacy, or battery life, the SDK provides the following core capabilities:

* **Customizable Blocklists:** Easily define and manage multiple types of blocklists (e.g., hash-based or package name-based) to tailor malware detection to your specific threat model.
* **Asynchronous Scanning:** All evaluations are performed in a low-priority background thread, ensuring minimum impact on your application's foreground performance.
* **100% On-Device Privacy:** All scanning is completely self-contained. No app inventory, hashes, or behavioral data leaves the device.
* **Comprehensive Threat Context:** Receive detailed telemetry and reasoning about detected threats to inform your app's defensive response effectively.
* **Google Play Compliant:** The default malware detection works out-of-the-box without requiring extensive Google Play policy reviews. (Optional deep scanning via `QUERY_ALL_PACKAGES` is available for advanced enterprise use cases).


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.talsec.app/freerasp/freemalwaredetection/introduction-1.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.