# Malware Detection Configuration

Malware detection is an integral part of the **freeRASP SDK** and is configured using the same `TalsecConfig` object. Malware configuration in `TalsecConfig` allows you to customize the behavior of the malware detection feature. 

To enable malware detection, **extend the configuration** used during the initial integration of the SDK:

{% tabs %}
{% tab title="Android" %}

<pre class="language-java" data-full-width="true"><code class="lang-java">// Android uses Builder pattern for configuration

TalsecConfig config = new TalsecConfig.Builder(context.getPackageName(), new String[] {CERTIFICATE_HASH})
<strong>        .blacklistedPackageNames(new String[]{"com.example.app"})
</strong><strong>        .blacklistedHashes(new String[]{"exampleHash"})
</strong><strong>        .suspiciousPermissions(new String[][]{{"android.permission.READ_CONTACTS"}, {"android.permission.SEND_SMS"}})
</strong><strong>        .whitelistedInstallationSources(new String[]{"com.android.vending"})
</strong>        .build();
</code></pre>

{% endtab %}

{% tab title="Flutter" %}

<pre class="language-dart"><code class="lang-dart">// Flutter uses nested malware configuration object (malwareConfig)

final config = TalsecConfig(
  androidConfig: AndroidConfig(
    ...
<strong>    malwareConfig: MalwareConfig(
</strong><strong>      blacklistedPackageNames: ['com.example.app'],
</strong><strong>      blacklistedHashes: ['exampleHash'],
</strong><strong>      suspiciousPermissions: [
</strong><strong>        ['android.permission.CAMERA'],
</strong><strong>        ['android.permission.READ_SMS', 'android.permission.READ_CONTACTS'],
</strong><strong>      ],
</strong><strong>      whitelistedInstallationSources: ['com.android.vending'],
</strong><strong>    ),
</strong>  ),
  iosConfig: IOSConfig(...),
  ...
);
</code></pre>

{% endtab %}

{% tab title="React Native" %}

<pre class="language-tsx"><code class="lang-tsx">// React Native uses nested malware configuration object (malwareConfig)  

const config = {
  androidConfig: {
    ...
<strong>    malwareConfig: {
</strong><strong>      blacklistedHashes: ['exampleHash'],
</strong><strong>      blacklistedPackageNames: ['com.example.app'],
</strong><strong>      suspiciousPermissions: [
</strong><strong>        ['android.permission.BLUETOOTH', 'android.permission.INTERNET'],
</strong><strong>        ['android.permission.BATTERY_STATS'],
</strong><strong>      ],
</strong><strong>      whitelistedInstallationSources: ['com.android.vending'],
</strong><strong>    },
</strong>  }
}
</code></pre>

{% endtab %}

{% tab title="Cordova" %}

<pre class="language-javascript"><code class="lang-javascript">// Cordova uses nested malware configuration object (malwareConfig)  

const config = {
  androidConfig: {
    ...
<strong>    malwareConfig: {
</strong><strong>      blacklistedHashes: ['exampleHash'],
</strong><strong>      blacklistedPackageNames: ['com.example.app'],
</strong><strong>      suspiciousPermissions: [
</strong><strong>        ['android.permission.BLUETOOTH', 'android.permission.INTERNET'],
</strong><strong>        ['android.permission.BATTERY_STATS'],
</strong><strong>      ],
</strong><strong>      whitelistedInstallationSources: ['com.android.vending'],
</strong><strong>    },
</strong>  }
}
</code></pre>

{% endtab %}

{% tab title="Capacitor" %}

<pre class="language-typescript"><code class="lang-typescript">// Capacitor uses nested malware configuration object (malwareConfig)   

const config = {
  androidConfig: {
    ...
<strong>    malwareConfig: {
</strong><strong>      blacklistedHashes: ['exampleHash'],
</strong><strong>      blacklistedPackageNames: ['com.example.app'],
</strong><strong>      suspiciousPermissions: [
</strong><strong>        ['android.permission.BLUETOOTH', 'android.permission.INTERNET'],
</strong><strong>        ['android.permission.BATTERY_STATS'],
</strong><strong>      ],
</strong><strong>      whitelistedInstallationSources: ['com.android.vending'],
</strong><strong>    },
</strong>  }
}
</code></pre>

{% endtab %}
{% endtabs %}

It includes the following fields:

* [`blacklistedPackageNames`](/freerasp/freemalwaredetection/blacklists.md#package-name-based-blacklist)\
  A list of package names , any app with a package name in this list will trigger a detection.
* [`blacklistedHashes`](/freerasp/freemalwaredetection/blacklists.md#hash-based-blacklist)\
  A list of APK hashes, which will trigger a detection. These hashes typically represent known malicious app versions.
* [`suspiciousPermissions`](/freerasp/freemalwaredetection/blacklists.md#suspicious-permissions-list)\
  A list of permissions that, if granted to another app,  trigger a detection. You can specify single permissions or groups of permissions that, if requested together, are flagged as suspicious.
* [`whitelistedInstallationSource`](/freerasp/freemalwaredetection/whitelists.md#installation-source-whitelist)\
  A list of trusted sources from which apps can be installed.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.talsec.app/freerasp/freemalwaredetection/malware-detection-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.