🤖Android

Example: https://github.com/talsec/Free-RASP-Android/tree/master/FreeRASPDemoApp

Let your AI assistant (Cursor, Claude, Gemini, Codex) add freeRASP into your app (experimental): AI-Assisted Integration

📝 Prerequisites

freeRASP requires a minimum SDK level of 23. To update the minimum SDK level of the application, follow these steps:

From the root of your project (or module level), go to the build.gradle.
Update minSdkVersion to at least 23 (Android 6.0) or higher.

build.gradle

buildscript {
    ext {
      minSdkVersion 23
    }
}

Add permissions for checks

Some checks require additional permissions in order to work properly. If your app already has these permissions, you don't need to add them again.

Screenshot and Screen Recording Detection

To detect screenshots and screen recordings , add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:

<uses-permission android:name="android.permission.DETECT_SCREEN_CAPTURE" />
<uses-permission android:name="android.permission.DETECT_SCREEN_RECORDING" />

Screenshot Detection is supported on Android 14 (API level 34) and higher. Screen Recording Detection is supported on Android 15 (API level 35) and higher.

Location Spoofing Detection

To detect location spoofing, add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:

<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />

Unsecure WiFi Detection

To detect unsecure WiFi, add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:

<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />

Some permissions also require runtime request.

📦 Add the dependency

Set Talsec's Artifact Registry in your project's settings.gradle (or build.gradle). You should comment out the relevant section in settings.gradle, if you want to use build.gradle, as settings.gradle is preferred:

Config via settings.gradle:

repositories {
    google()
    mavenCentral()
    maven { url "https://jitpack.io" }
    maven { url "https://europe-west3-maven.pkg.dev/talsec-artifact-repository/freerasp" }
}

Config via build.gradle:

repositories {
    google()
    mavenCentral()
    maven { url "https://jitpack.io" }
    maven { url "https://europe-west3-maven.pkg.dev/talsec-artifact-repository/freerasp" }
}

Make sure that Talsec's maven dependency is at the last position.

Set dependencies in your :app module's build.gradle:

[build.gradle (: app)]

dependencies {
    // freeRASP SDK  
    implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:18.0.2'
}

⚙️ Setup the Configuration for your App

To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.

To guarantee protection starts immediately, initialize freeRASP inside the onCreate method of your Application subclass. If you don't have a custom Application class, create one extending Application:
FreeRaspApplication.kt
```
class FreeRaspApplication : Application() {
    override fun onCreate() {
        super.onCreate()
    }
}
```
Add a new subclass to AndroidManifest.xml, inside <application> tag:
AndroidManifest.xml
```
<application
    android:name=".FreeRaspApplication"
/>
```

Set up the Configuration for your app with your values, which are explained in more detail in API.

FreeRaspApplication.kt

private companion object {
    private const val EXPECTED_PACKAGE_NAME = "com.aheaditec.talsec.demoapp" // Don't use Context.getPackageName!
    private val EXPECTED_SIGNING_CERTIFICATE_HASH_BASE64 = arrayOf(
        "mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k="
    ) // Replace with your release (!) signing certificate hashes
    private const val WATCHER_MAIL = "[email protected]" 
    private val SUPPORTED_ALTERNATIVE_STORES = arrayOf(
        "com.sec.android.app.samsungapps"
        // add other stores, such as the Samsung Galaxy Store
    )
    private val IS_PROD = true
    private val KILL_ON_BYPASS = true
}

FreeRaspApplication.kt

override fun onCreate() {
    ...
    
    val config = TalsecConfig.Builder(
        EXPECTED_PACKAGE_NAME,
        EXPECTED_SIGNING_CERTIFICATE_HASH_BASE64)
        .watcherMail(WATCHER_MAIL)
        .supportedAlternativeStores(SUPPORTED_ALTERNATIVE_STORES)
        .prod(IS_PROD)
        .killOnBypass(KILL_ON_BYPASS)
        .build()
}

Configuration Parameters

isProd - a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.
killOnBypass - a boolean flag that enables the freeRASP in-SDK reaction to kill the application if it detects any unwanted manipulation with the callback mechanisms.
watcherMail - By providing your watcherMail, you consent to receive security reports, product updates, and other essential communications from Talsec. Learn more about the role of watcherMail.

👷 Handle detected threats

You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the Threat detection to learn more details about the performed checks and their importance for app security.

Create a ThreatListener.ThreatDetected object and override the methods you want to handle. You don't need to override all methods; only implement the ones relevant to your app's security policy.

FreeRaspApplication.kt


val threatDetectedListener = object : ThreatListener.ThreatDetected() {

    override fun onRootDetected() {
        println("onRootDetected")
    }
    
    override fun onDebuggerDetected() {
        println("onDebuggerDetected")
    }
    
    override fun onEmulatorDetected() {
        println("onEmulatorDetected")
    }
    
    override fun onTamperDetected() {
        println("onTamperDetected")
    }
    
    override fun onUntrustedInstallationSourceDetected() {
        println("onUntrustedInstallationSourceDetected")
    }
    
    override fun onHookDetected() {
        println("onHookDetected")
    }
    
    override fun onDeviceBindingDetected() {
        println("onDeviceBindingDetected")
    }
    
    override fun onObfuscationIssuesDetected() {
        println("onObfuscationIssueDetected")
    }
    
    override fun onScreenshotDetected() {
        println("onScreenshotDetected")
    }
    
    override fun onScreenRecordingDetected() {
        println("onScreenRecordingDetected")
    }
    
    override fun onMultiInstanceDetected() {
        println("onMultiInstanceDetected")
    }
    
    override fun onUnsecureWifiDetected() {
        println("onUnsecureWifiDetected")
    }
    
    override fun onTimeSpoofingDetected() {
        println("onTimeSpoofingDetected")
    }
    
    override fun onLocationSpoofingDetected() {
        println("onLocationSpoofingDetected")
    }
    
    override fun onAutomationDetected() {
        println("onAutomationDetected")
    }
    
    override fun onMalwareDetected(suspiciousApps: List<SuspiciousAppInfo>) {
        println("onMalwareDetected")
    }
}

If you encounter issues importing ThreatListener.ThreatDetected, please use 'Sync Project with Gradle Files' to resolve them.“
For the onMalwareDetected(suspiciousApps: List<SuspiciousAppInfo>) callback, make sure you visit freeMalwareDetection, a powerful feature designed to scan for malicious or suspicious apps.

Optionally, you can use a device state listener to get additional information about the device state, like passcode lock and HW-backed Keystore state:

FreeRaspApplication.kt

val deviceStateListener = object : ThreatListener.DeviceState() {
    
    override fun onUnlockedDeviceDetected() {
        println("onUnclockedDeviceDetected")
    }
    
    override fun onHardwareBackedKeystoreNotAvailableDetected() {
        println("onHardwareBackedKeystoreNotAvailableDetected")
    }

    override fun onDeveloperModeDetected() {
        println("onDeveloperModeDetected")
    }
    
    override fun onADBEnabledDetected() {
        println("onADBEnabledDetected")
    }

    override fun onSystemVPNDetected() {
        println("onSystemVPNDetected")
    }
}

Optionally, you can use the RaspExecutionState listener, to get information about state of check execution:

FreeRaspApplication.kt

val raspExecutionListener = object : ThreatListener.RaspExecutionState() {
    
    override fun onAllChecksFinished() {
        println("onAllChecksFinished")
    }
}

Modify initialization of ThreatListener:

FreeRaspApplication.kt

override fun onCreate() {
    ...
    // Register the listeners
    // You can choose which listeners to register based on your needs:
    
    // Option A: Listens only for threats detected
    // ThreatListener(threatDetectedListener).registerListener(this)
    
    // Option B: Listens for threats detected and device state
    // ThreatListener(threatDetectedListener, deviceStateListener).registerListener(this)
    
    // Option C: Listens for threats detected and execution state
    // ThreatListener(threatDetectedListener, raspExecutionListener).registerListener(this)
    
    // Option D: Listens for all threats, device state, and execution state
    ThreatListener(threatDetectedListener, deviceStateListener, raspExecutionListener).registerListener(this)
}

(Optional) Screen Capture & Recording Protection:
- You can use freeRASP to detect screenshots (onScreenshotDetected), screen recordings (onScreenRecordingDetected).
- To actively prevent capture entirely (resulting in a black screen), use Talsec.blockScreenCapture(activity, true). You can verify the blocking status using Talsec.isScreenCaptureBlocked(). For more details, see Screen Capture.
- Prerequisites: Detection features require Android 14+ (Screenshots) or Android 15+ (Recordings) and specific permissions. Please ensure you have added them as described in the Add permissions section.
- Implementation: We recommend integrating these methods at the Application level using ActivityLifecycleCallbacks to ensure they cover the entire app lifecycle:

FreeRaspApplication.kt

class FreeRaspApplication : Application() {
    
    override fun onCreate() {
        ...
        registerActivityLifecycleCallbacks(object : ActivityLifecycleCallbacks {
            override fun onActivityCreated(activity: Activity, bundle: Bundle?) {
                Talsec.blockScreenCapture(activity, false)
            }

            override fun onActivityStarted(activity: Activity) {}

            override fun onActivityResumed(activity: Activity) {
                ScreenProtector.registerScreenCallbacks(activity)
            }

            override fun onActivityPaused(activity: Activity) {
                ScreenProtector.unregisterScreenCallbacks(activity)
            }

            override fun onActivityStopped(activity: Activity) {}

            override fun onActivitySaveInstanceState(activity: Activity, bundle: Bundle) {}

            override fun onActivityDestroyed(activity: Activity) {}
        })
    }
}

ScreenProtector You can detect when a screenshot or recording occurs without blocking it, which is useful for auditing or specific security reactions. The ScreenProtector utility automatically handles Android API level checks (Android 14+ for screenshots, Android 15+ for recordings).

🛡️ Start freeRASP

FreeRaspApplication.kt

override fun onCreate() {
    ...
    Talsec.start(this, config, TalsecMode.BACKGROUND)
}

We recommend starting Talsec with TalsecMode.BACKGROUND to prevent performance impacts in the application.

🌁 Enable source code obfuscation

You can make sure that the obfuscation is enabled by checking the value of minifyEnabled property in your module's build.gradle file.

Read more about why this is important in the wiki.

android {
    ...
    buildTypes {
        release {
            minifyEnabled true
            shrinkResources true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }
}

android {
    
    // ...

    buildTypes {
        getByName("release") {
            isMinifyEnabled = true
            isShrinkResources = true
            proguardFiles(
                getDefaultProguardFile("proguard-android.txt"),
                "proguard-rules.pro"
            )
        }
    }
}

🆔 (Optionally) Set External ID

The externalId allows you to send a custom identifier (such as a User ID) to the Talsec Portal. This identifier will be visible in the Dashboard, enabling you to correlate security incidents with specific users in your system.

// pass your custom data (as @NonNull String)
val yourCustomData = "user_123-456"
val result = Talsec.storeExternalId(this, yourCustomData)

when(result) {
    is ExternalIdResult.Success -> {
        println("External ID successfully set.")
    }
    is ExternalIdResult.Error -> {
    println("Failed to set External ID: ${result.errorMsg}")
}

if (result is ExternalIdResult.Error) {
    println("Failed to set External ID: ${result.errorMsg}")
}

Requirements

Allowed characters: Only alphanumeric characters (a-z, A-Z, 0-9) and the following special characters: +, _, -, /, :, =.
If the ID contains any other characters, the method returns ExternalIdResult. Error and the value is not stored.

☢️ (Optionally) Integrate freeMalwareDetection

freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.

It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.

Visit the freeMalwareDetection repository to learn more about this feature! For the integration, refer to the integration guide for the Android platform.

🖥️ Check Talsec Portal

Check out Data Visualisation Portal and register using your watcherMail to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.

You have to use the same email for the Portal as you used for the watcherMail parameter.

PreviousIntegration NextAPI

Last updated 3 hours ago

hashtag📝 Prerequisites

hashtagAdd permissions for checks

hashtagScreenshot and Screen Recording Detection

hashtagLocation Spoofing Detection

hashtagUnsecure WiFi Detection

hashtag📦 Add the dependency

hashtag⚙️ Setup the Configuration for your App

hashtag👷 Handle detected threats

hashtag🛡️ Start freeRASP

hashtag🌁 Enable source code obfuscation

hashtag🆔 (Optionally) Set External ID

hashtag☢️ (Optionally) Integrate freeMalwareDetection

hashtag🖥️ Check Talsec Portal

📝 Prerequisites

Add permissions for checks

Screenshot and Screen Recording Detection

Location Spoofing Detection

Unsecure WiFi Detection

📦 Add the dependency

⚙️ Setup the Configuration for your App

👷 Handle detected threats

🛡️ Start freeRASP

🌁 Enable source code obfuscation

🆔 (Optionally) Set External ID

☢️ (Optionally) Integrate freeMalwareDetection

🖥️ Check Talsec Portal