search
HomePremium ProductsCustomer Portal

🚀Kotlin Multiplatform

circle-check

💡 Example: https://github.com/talsec/Free-RASP-KMP/tree/main/examplearrow-up-right

hashtag
👀 Understanding the Project Layout

The following structure outlines the critical directories and files you will interact with during the integration. The project is divided into the shared module (logic) and platform-specific modules (configuration).

Pay attention to the highlighted files, as these are the exact locations where you will apply changes in the upcoming steps.

[YourProjectName]/
├───build.gradle.kts                 
├───settings.gradle.kts              <-- Step 1: Add Dependency Repositories
├───gradle.properties            
├───gradle/
│   └───libs.versions.toml       
├───composeApp/      
│   ├───build.gradle.kts             <-- Step 1: Add Dependencies & Obfuscation
│   └───src/
│       ├───commonMain/          
│       │   └───kotlin/              <-- Step 3: Create SecurityManager.kt
│       ├───androidMain/         
│       │   ├───kotlin/
│       │   └───AndroidManifest.xml  <-- Step 2: Add Android Permissions
│       └───iosMain/             
│           └───kotlin/
└───iosApp/                  
    ├───iosApp.xcodeproj/            <-- Step 2: Link Frameworks in Xcode
    ├───iosApp/                  
    │   ├───ContentView.swift    
    │   └───iOSApp.swift         
    ├───TalsecBridge.xcframework/    <-- Step 2: Native iOS dependency
    └───TalsecRuntime.xcframework/   <-- Step 2: Native iOS dependency

hashtag
📝 Prerequisites

The freeRASP has the following prerequisites that must be met before starting:

  • Kotlin version: 2.2.0

  • Minimum Android Target SDK: API Level 23

  • Minimum iOS Deployment Target: 13.0

hashtag
🚀 Integration Steps

1

hashtag
📦 Dependency Setup

To enable the SDK, you must configure your project to access the required repositories and native binaries across all target platforms.

  1. Update the settings.gradle.kts file to include the necessary URLs within the dependencyResolutionManagement block.

  1. Ensure that the XCFramework dependencies are correctly linked and available to the iOS target of your Kotlin Multiplatform project.

  • Navigate to the Assets section of GitHub Releases and download the Frameworks.zip archive. This package contains the required binaries:

    • TalsecRuntime.xcframework

    • TalsecBridge.xcframework

    Make sure to download the release version matching your KMP library version.

👉 Click here to access the frameworks in the releases 👈

  • Once downloaded, unzip (extract) the archive.

circle-info

For better project organization, we suggest creating a dedicated Frameworks folder within your iosApp directory (at the same level as iosApp.xcodeproj) to store these files.

Expected structure:

  • Navigate to the iosApp directory via terminal and launch the project in Xcode using the following commands:

  • In Xcode, navigate to the Project Navigator (left sidebar) and select your project root.

    • Select your application Target (usually named iosApp).

    • Scroll down to the Frameworks, Libraries, and Embedded Content section and click the + button at the bottom of the list.

    • In the dialog window, click the Add Other... button at the bottom left, then select Add Files... from the pop-up menu to browse your local storage.

    • Locate and select both TalsecRuntime.xcframework and TalsecBridge.xcframework.

  • Once added, ensure that the Embed option for both frameworks is set to Embed & Sign.

  1. Declare the dependencies in the build.gradle.kts file of your :composeApp or :shared module (typically inside the commonMain source set):

2

hashtag
🔐 Add Permissions to AndroidManifest.xml

Some checks require additional permissions in order to work properly. Add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag. If your app already has these permissions, you don't need to add them again.

circle-info

Some permissions also require runtime request. arrow-up-right

Screenshot and Screen Recording Detection

To enable detection for screenshots and screen recordings, include these required permissions:

circle-exclamation

Support Limitations

  • Screenshot Detection is supported on Android 14 (API level 34) and higher.

  • Screen Recording Detection is supported on Android 15 (API level 35) and higher.

Location Spoofing Detection

To enable detection for location spoofing, include these required permissions:

Unsecure WiFi Detection

To enable detection for unsecure WiFi, include these required permissions:

chevron-rightQuick Copyhashtag
3

hashtag
⚙️ Application Configuration Setup

To ensure freeRASP functions correctly in a Kotlin Multiplatform environment, you need to provide the necessary configuration within the shared module. All required values must be filled in for the plugin to operate properly.

Create a Security Manager

It is recommended to encapsulate the configuration and initialization logic into a separate singleton object (e.g. SecurityManager). This keeps your UI code clean and makes the security logic reusable.

Create a new file in your common source set and define the configuration:

circle-info

Configuration Parameters

  • isProd - a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.

  • killOnBypass - a boolean flag that enables the freeRASP in-SDK reaction to kill the application if it detects any unwanted manipulation with the callback mechanisms.

  • watcherMail - By providing your watcherMail, you consent to receive security reports, product updates, and other essential communications from Talsec. Learn more about the role of watcherMail.

4

hashtag
🧠 Handle Detected Threats

Once the configuration is ready, you need to start the monitoring service and listen for incoming threats.

Implement Monitoring Logic

Update your SecurityManager to start the freeRASP engine and handle the threatEvents flow.

Initialize in Entry Point

Finally, call the start method from your main UI entry point (e.g., App.kt) using a LaunchedEffect. This ensures monitoring begins as soon as the app launches.

hashtag
🌁 How to Enable Source Code Obfuscation

Code obfuscation (minification) is a critical security step that reduces the size of the compiled code and renames classes and variables to make reverse engineering significantly more difficult.

To enable obfuscation for the Android target, update the build.gradle.kts file in your shared module (usually :composeApp or :androidApp):

circle-info

Important Notes

  • Reflection - Some other modules in your project may rely on reflection. If the app crashes after enabling obfuscation, you may need to add specific keep rules to your proguard-rules.pro file.

  • Obfuscation Callback - If there is an issue with the obfuscation configuration regarding freeRASP, the plugin will notify you via the obfuscationIssues callback.

👉 Read more about the importance of obfuscation in the wiki. 👈

hashtag
☢️ Optional Module: freeMalwareDetection

freeMalwareDetection is a powerful feature designed to enhance the security of your Android application. It quickly and efficiently scans for malicious or suspicious applications (e.g., Android malware) based on various blacklists and security policies.

This feature helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.

circle-info

This feature is available only for the Android platform.

To learn more about this feature and its integration, please refer to the official documentation.

👉 Go to freeMalwareDetection Documentationarrow-up-right 👈

hashtag
🖥️ Check Talsec Portal

Check out Data Visualisation Portal and register using your watcherMail to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.

circle-exclamation

You have to use the same email for the Portal as you used for the watcherMail parameter.

PreviousTroubleshootingNextAPI

Last updated