# Whitelists

Whitelists are lists that contain data about applications which should **not be flagged as malware**.&#x20;

There are two types of whitelist:

* **Installation Source Based**
* **Dynamic Package Name Based**

{% hint style="info" %}
You can omit a whitelist if you don't want to use it.
{% endhint %}

## Installation Source Whitelist

An installation source whitelist contains a **list of installation sources** (package names) which are considered trustworthy.&#x20;

We use installation source during two checks:

* **standalone installation source check** - any application that is installed from a source that is not whitelisted will be returned as suspicious in the scan result with the **reason** value set as **installSource**
* **suspicious permissions check** - as mentioned in [Suspicious Permissions list](https://docs.talsec.app/freerasp/blacklists#suspicious-permissions-list), while checking permissions, we also check the installation source to reduce false positives. The logic is the same as in the standalone installation source check, any application installed from a source that is not whitelisted will be considered as installed from an untrusted source.

{% hint style="info" %}
When checking installation source, we filter out system applications to reduce the amount of false positives
{% endhint %}

### Examples of Installer Package Names

* **com.android.vending**\
  Package name of Google Play Store
* **com.huawei.appmarket**\
  Package name of Huawei App Gallery
* **com.google.android.packageinstaller**\
  Package name of the **Package Installer** system app, which is responsible for managing the installation of applications on Android devices. \
  Applications installed manually using an APK file will usually have this package name as their installation source.
* **unknown**\
  Some applications might have their installation source set as `null`. This is considered as the installation source **unknown.** \
  This can be true for some system apps or for apps installed through ADB. **During development, your applications will fall into this category.**

{% hint style="danger" %}
We recommend that you whitelist the **com.android.vending** to not consider all applications installed from Google Play as suspicious. Make sure to whitelist also **com.huawei.appmarket** if you do not want to have the applications from this store flagged as well.
{% endhint %}

#### Setting up whitelist

{% tabs %}
{% tab title="Android" %}

<pre class="language-java"><code class="lang-java">TalsecConfig config = new TalsecConfig.Builder(context.getPackageName(), new String[] {CERTIFICATE_HASH})
<strong>        .whitelistedInstallationSources(new String[]{"com.android.vending"})
</strong>        .build();        
</code></pre>

{% endtab %}

{% tab title="Flutter" %}

<pre class="language-dart"><code class="lang-dart">final config = TalsecConfig(
  androidConfig: AndroidConfig(
    malwareConfig: MalwareConfig(
<strong>      whitelistedInstallationSources: ['com.android.vending'],
</strong>    ),
    // Other config data
  ),
  // Other config data
);
</code></pre>

{% endtab %}

{% tab title="React Native" %}

<pre class="language-tsx"><code class="lang-tsx">const config = {
  androidConfig: {
    malwareConfig: {
<strong>      whitelistedInstallationSources: ['com.android.vending'],
</strong>    },
    // Other config data
  }
  // Other config data
}
</code></pre>

{% endtab %}

{% tab title="Capacitor" %}

<pre class="language-javascript"><code class="lang-javascript">const config = {
  androidConfig: {
    malwareConfig: {
<strong>      whitelistedInstallationSources: ['com.android.vending'],
</strong>    },
    // Other config data
  }
  // Other config data
}
</code></pre>

{% endtab %}

{% tab title="Cordova" %}

<pre class="language-typescript"><code class="lang-typescript">const config = {
  androidConfig: {
    malwareConfig: {
<strong>      whitelistedInstallationSources: ['com.android.vending'],
</strong>    },
    // Other config data
  }
  // Other config data
}
</code></pre>

{% endtab %}
{% endtabs %}

## Dynamic Package Name Based Whitelist

The dynamic package name whitelist contains package names that are considered safe and will be ignored in the scan results.

This list is dynamic, meaning you can add to it **before**, **during**, or **after** a scan. This is useful for handling local false positives, allowing users or the integrating application to whitelist less-known but trusted applications.

{% hint style="warning" %}
The whitelist is cleared whenever a new configuration is applied (i.e. when **any** blacklist is changed).
{% endhint %}

#### Setting up whitelist

{% tabs %}
{% tab title="Android" %}

```kotlin
Talsec.addToWhitelist(context, "com.example.app")
```

{% endtab %}

{% tab title="Flutter" %}

```dart
Talsec.instance.addToWhitelist('com.example.app');
```

{% endtab %}

{% tab title="React Native" %}

```typescript
import { addToWhitelist } from 'freerasp-react-native';

try {
  const response = await addToWhitelist('com.example.app');
  // response: true
} catch (error: any) {
  console.info('Error while adding app to malware whitelist: ', error);
}
```

{% endtab %}

{% tab title="Cordova" %}

```javascript
try {
  const response = await talsec.addToWhitelist('com.example.app');
  // response: true
} catch (error: any) {
  console.info('Error while adding app to malware whitelist: ', error);
}
```

{% endtab %}

{% tab title="Capacitor" %}

```typescript
import { addToWhitelist } from 'capacitor-freerasp';

try {
  const response = await addToWhitelist('com.example.app');
  // response: true
} catch (error: any) {
  console.info('Error while adding app to malware whitelist: ', error);
}
```

{% endtab %}
{% endtabs %}