# Introduction freeRASP is a lightweight and easy-to-integrate mobile security library designed to detect potential threats during the application's runtime. It contains multiple security checks, each aimed to cover possible attack vectors to ensure a high level of application security.

## What does freeRASP do? freeRASP provides detection of potentially dangerous behaviour, including the following: * Using [rooted or jailbroken](#user-content-fn-1)[^1] devices (e.g., su, Magisk, unc0ver, check1rain, Dopamine). * Reverse engineering attempts. * Running [hooking frameworks](#user-content-fn-2)[^2] (e.g., Frida, Xposed or Shadow). * [Tampering or repackaging](#user-content-fn-3)[^3] the application. * Installing the app through [untrusted methods/unofficial stores](#user-content-fn-4)[^4]. * Running the app in various emulators[^5]. * Detect fake clones and multiinstancing[^6] (Parallel Space) * [Screenshot and screen recording](#user-content-fn-7)[^7] attempts. ## Advantages * Reactions to various attacks and detected security threats via an API (callback mechanism). * Simple integration. * VPN[^8] detection. * ADB[^9], [Developer Mode](#user-content-fn-10)[^10], USB debugging detections. * No significant effect on the app performance. * Data visualization [Talsec Portal](https://docs.talsec.app/freerasp/freerasp/data-visualisation-portal) with real-time security insights, global benchmarks, and detailed analytics * Weekly security report via email indicating the security status of devices and app integrity. * Fulfills [OWASP MASVS-RESILIENCE](https://mas.owasp.org/checklists/MASVS-RESILIENCE/) requirements. {% hint style="info" %} Top apps rely on Talsec SDKs—see them [**here**](https://42matters.com/sdk-analysis/top-security-and-privacy-sdks#talsec). {% endhint %} ## Limitations * Limits of [Fair Usage Policy](https://docs.talsec.app/freerasp/terms-of-service/fair-usage-policy-fup) (free up to 100k devices). * Data collection from your app to Talsec DB. * Security protections: * basic protection against root/jailbreak (including Magisk, Dopamine), * basic runtime reverse engineering controls, * basic runtime integrity controls. * No [overlay and accessibility services misuse](#user-content-fn-11)[^11] protection. {% hint style="info" %} Learn more about the limitations of freeRASP [**here**](https://docs.talsec.app/freerasp/features-and-pricing-plans#plans-comparison). {% endhint %} ## Talsec Portal Access real-time security insights, global benchmarks, and detailed analytics! * 📊 **Real-Time Threat Monitoring:** Gain insights into threat counts, types, and occurrences over time. * 📈 **Global Benchmarking:** Benchmark your app's security against global statistics. * 📚 **Stay informed:** Read the latest articles and documentation on app security best practices. {% hint style="info" %} Learn more about the Talsec Portal [**here**](https://docs.talsec.app/freerasp/freerasp/data-visualisation-portal). {% endhint %} ## Workflow scheme

## Supported platforms freeRASP is currently supported for: * [Android](https://docs.talsec.app/freerasp/freerasp/integration/android) * [iOS](https://docs.talsec.app/freerasp/freerasp/integration/ios) * [Flutter](https://docs.talsec.app/freerasp/freerasp/integration/flutter) * [React Native](https://docs.talsec.app/freerasp/freerasp/integration/react-native) * [Cordova](https://docs.talsec.app/freerasp/freerasp/integration/cordova) * [Capacitor](https://docs.talsec.app/freerasp/freerasp/integration/capacitor) * [Kotlin Multiplatform](https://docs.talsec.app/freerasp/freerasp/integration/kotlin-multiplatform) * [Unity](https://docs.talsec.app/freerasp/freerasp/integration/unity) * [Unreal Engine](https://docs.talsec.app/freerasp/freerasp/integration/unreal-engine) #### freeRASP is currently tested and compatible with * 🤖 Android smartphones, tablets, emulators, Android TVs * 🍎 iPhones, iPads, simulators ## Discover freeRASP


Integration	Integrate freeRASP for your platform	integration	Frame 2147223637 (8).svg
Security Reports	Learn about regular security reports	data-visualisation-portal	Frame 2147223637 (9).svg
License	How is freeRASP licensed	license	Frame 2147223638 (2).svg


Commercial Subscriptions	Get maximum protection for your app	Frame 2147223637 (7).svg	features-and-pricing-plans
User Data Policies	Learn how we process your data	Frame 2147223637 (10).svg	user-data-policies
Community [Apply to Join!]	Space for developer's creativity, community programs	image.jfif	Broken link

[^1]: Rooting/jailbreaking is a technique of acquiring privileged control over the operating system of an Android/iOS device. While most users root their devices to overcome the limitations put on the devices by the manufacturers, it also enables those with malicious intent to abuse privileged access and steal sensitive information. Many different attack vectors require privileged access to be performed. Tools such as [Magisk](https://github.com/topjohnwu/Magisk), [Shamiko](https://github.com/LSPosed/LSPosed.github.io/releases), [Shad0w](https://github.com/jjolano/shadow) or [Dopamine](https://github.com/opa334/Dopamine) can hide privileged access and are often used by attackers.\ \ Learn more:\ [^2]: The application can be analysed or modified even though its source code has not been changed, applying a technique known as hooking. This technique can be used to intercept system or application calls and then modify them. An attacker can exploit this by inserting new (often malicious) code or by altering existing one to obtain personal client data. The most well-known hooking frameworks are [Frida](https://frida.re/), [Xposed](https://github.com/LSPosed/LSPosed), or [Cydia Substrate](http://www.cydiasubstrate.com/).\ \ Learn more: [^3]: Every application can be easily modified and then resigned by an attacker. This process is known as application repackaging. There may be many reasons for application repackaging, whether it's adding new code, removing app protections, or bypassing app licensing. A modified/tampered application is often distributed using third-party stores or other side channels.\ \ Learn more:\ [^4]: Users can share a copy of the application on unofficial stores or various pirate forums. While some users download these copies to avoid paying for the product, they can include unknown and possibly dangerous modifications. Verifying an official installation consequently protects both the users and the owner. This reaction is also triggered, if you install the application through alternative ways like unofficial store or Xcode build.\ \ Learn more:\ [^5]: Running an application inside an emulator/simulator allows an attacker to hook or trace program execution. For applications running inside an emulator, it is easy to inspect the system's state, reset it to a saved image, or monitor how the app operates. Keep in mind that not every emulator/simulator usage means an ongoing potential threat for the application.\ \ Learn more: [^6]: Multi-instance refers to the ability to launch multiple instances of the same application—either intentionally (such as through app cloning or multi-user modes) or unintentionally (due to a malicious attack or system bug). Each instance may run in a separate process, which can lead to security, privacy, or data consistency issues—especially in sensitive applications like finance, messaging, or enterprise tools.\ \ Learn more:\ [^7]: Screenshot detection identifies when a screenshot is taken on a device. Screenshots can expose sensitive app data, such as user credentials, personal content, or confidential information, leading to privacy and security risks.\ \ Learn more:\ [^8]: Detecting a running VPN service on mobile devices is critical for security-sensitive applications, as it can indicate potential privacy and security risks. VPNs can obscure the user’s actual IP address and route data through servers potentially under external control, which might interfere with geographical restrictions and bypass network security settings intended to protect data integrity and confidentiality. Such anonymising features could be exploited to mask illicit activities, evade compliance controls, or access services from unauthorised regions. FreeRASP checks whether the system VPN is enabled.\ \ Learn more:\ [^9]: ADB (Android Debug Bridge) Enabled is a power-user feature activated through the "USB Installation" option in the Developer settings. This state can signal potential security risks, such as apps being installed via USB, the device being connected to a man-in-the-middle (MiTM) proxy, or the device running as an emulator. When ADB is enabled, it allows extensive access to the device, including pulling and pushing files, issuing shell commands, working with the activity manager (e.g., starting activities, broadcasting intents, modifying hidden Android settings, attaching a profiler to a process, or making an app debuggable), and managing packages. Additionally, it enables capturing screenshots, recording the screen, and other actions that can compromise app security and user privacy. FreeRASP detects whether the USB debugging is enabled.\ \ Learn more:\ [^10]: Android developer mode allows deeper system access and debugging capabilities that can bypass app security measures. Developer mode can enable settings that facilitate the installation of uncertified applications and the execution of potentially harmful code, posing significant risks to data integrity and app functionality. FreeRASP detects whether the developer mode is enabled.\ \ Learn more:\
[^11]: Malicious screen readers are considered one of the weakest points of the Android OS from a security standpoint. These dangerous apps can retrieve any content on the screen by misusing the accessibility features primarily intended for users with disabilities. Captured data typically involve personal information, account balances, and credentials. Hiding the sensitive information is advised in case unwanted screen reader apps are detected.