# Malware Detection Configuration
Malware detection is an integral part of the **freeRASP SDK** and is configured using the same `TalsecConfig` object. Malware configuration in `TalsecConfig` allows you to customize the behavior of the malware detection feature.
To enable malware detection, **extend the configuration** used during the initial integration of the SDK:
{% tabs %}
{% tab title="Android" %}
// Android uses Builder pattern for configuration
TalsecConfig config = new TalsecConfig.Builder(context.getPackageName(), new String[] {CERTIFICATE_HASH})
.blacklistedPackageNames(new String[]{"com.example.app"})
.blacklistedHashes(new String[]{"exampleHash"})
.suspiciousPermissions(new String[][]{{"android.permission.READ_CONTACTS"}, {"android.permission.SEND_SMS"}})
.whitelistedInstallationSources(new String[]{"com.android.vending"})
.build();
{% endtab %}
{% tab title="Flutter" %}
// Flutter uses nested malware configuration object (malwareConfig)
final config = TalsecConfig(
androidConfig: AndroidConfig(
...
malwareConfig: MalwareConfig(
blacklistedPackageNames: ['com.example.app'],
blacklistedHashes: ['exampleHash'],
suspiciousPermissions: [
['android.permission.CAMERA'],
['android.permission.READ_SMS', 'android.permission.READ_CONTACTS'],
],
whitelistedInstallationSources: ['com.android.vending'],
),
),
iosConfig: IOSConfig(...),
...
);
{% endtab %}
{% tab title="React Native" %}
// React Native uses nested malware configuration object (malwareConfig)
const config = {
androidConfig: {
...
malwareConfig: {
blacklistedHashes: ['exampleHash'],
blacklistedPackageNames: ['com.example.app'],
suspiciousPermissions: [
['android.permission.BLUETOOTH', 'android.permission.INTERNET'],
['android.permission.BATTERY_STATS'],
],
whitelistedInstallationSources: ['com.android.vending'],
},
}
}
{% endtab %}
{% tab title="Cordova" %}
// Cordova uses nested malware configuration object (malwareConfig)
const config = {
androidConfig: {
...
malwareConfig: {
blacklistedHashes: ['exampleHash'],
blacklistedPackageNames: ['com.example.app'],
suspiciousPermissions: [
['android.permission.BLUETOOTH', 'android.permission.INTERNET'],
['android.permission.BATTERY_STATS'],
],
whitelistedInstallationSources: ['com.android.vending'],
},
}
}
{% endtab %}
{% tab title="Capacitor" %}
// Capacitor uses nested malware configuration object (malwareConfig)
const config = {
androidConfig: {
...
malwareConfig: {
blacklistedHashes: ['exampleHash'],
blacklistedPackageNames: ['com.example.app'],
suspiciousPermissions: [
['android.permission.BLUETOOTH', 'android.permission.INTERNET'],
['android.permission.BATTERY_STATS'],
],
whitelistedInstallationSources: ['com.android.vending'],
},
}
}
{% endtab %}
{% endtabs %}
It includes the following fields:
* [`blacklistedPackageNames`](https://docs.talsec.app/freerasp/blacklists#package-name-based-blacklist)\
A list of package names , any app with a package name in this list will trigger a detection.
* [`blacklistedHashes`](https://docs.talsec.app/freerasp/blacklists#hash-based-blacklist)\
A list of APK hashes, which will trigger a detection. These hashes typically represent known malicious app versions.
* [`suspiciousPermissions`](https://docs.talsec.app/freerasp/blacklists#suspicious-permissions-list)\
A list of permissions that, if granted to another app, trigger a detection. You can specify single permissions or groups of permissions that, if requested together, are flagged as suspicious.
* [`whitelistedInstallationSource`](https://docs.talsec.app/freerasp/whitelists#installation-source-whitelist)\
A list of trusted sources from which apps can be installed.