API
Configuration
These classes define the behavior of the freeRASP SDK. You must instantiate freeraspConfig to pass it into the start() method.
class freeraspConfig
The root configuration object required to initialize the SDK.
androidConfig
AndroidConfig?
null
Configuration specific to the Android platform.
iosConfig
IOSConfig?
null
Configuration specific to the iOS platform.
watcherMail
String
-
Required. The email address where security reports will be sent.
isProd
Boolean
true
If true, the SDK runs in production mode. If false, strict checks are disabled for development. See Wiki↗
killOnBypass
Boolean
true
If true, the app will terminate automatically when a critical threat (e.g., Hooking, Debugging) is detected.
class AndroidConfig
Settings specific to the Android platform.
packageName
String
-
The expected package name of the app.
certificateHashes
List<String>
-
A list of expected signing certificate hashes (Base64 encoded).
supportedAlternativeStores
List<String>
[]
A list of allowed alternative app stores .
malwareConfig
MalwareConfig?
null
Optional configuration for the Malware Detection module.
class IOSConfig
Settings specific to the iOS platform.
bundleIds
List<String>
-
A list of expected Bundle IDs for the app.
teamId
String
-
The Apple Team ID associated with your developer account.
class MalwareConfig
Advanced configuration for the Malware Detection feature (Android only).
blacklistedPackageNames
List<String>
[]
A list of package names that should trigger a malware alert.
blacklistedHashes
List<String>
[]
A list of certificate hashes for blacklisted apps.
suspiciousPermissions
List<String>
[]
A list of suspicious permission combinations.
whitelistedInstallationSources
List<String>
[]
A list of trusted installation sources (stores).
Core Interface
object FreeraspKMP
The main singleton object used to interact with the library.
threatEvents
SharedFlow<FreeRaspEvent>
A stream of security events detected by the SDK. Subscribe to this flow to react to threats in real-time.
Methods
start(config)
Initializes and starts the freeRASP protection.
suspend fun start(config: freeraspConfig)addToWhiteList(packageName)
Adds a package name to the whitelist. Useful if the malware detector falsely flags a legitimate app.
suspend fun addToWhiteList(packageName: String)blockScreenCapture(enable)
Enables or disables protection against screen recording and screenshots.
suspend fun blockScreenCapture(enable: Boolean)enable: Set to
trueto block capture,falseto allow it.
isScreenCaptureBlocked()
Checks if screen capture blocking is currently active.
suspend fun isScreenCaptureBlocked(): BooleanReturns:
trueif blocked,falseotherwise.
getAppIcon(packageName)
Retrieves the icon of an installed application as a Base64 string.
suspend fun getAppIcon(packageName: String): StringReturns: Base64 encoded string of the icon.
storeExternalId(data)
Stores an external identifier (e.g., User ID) to correlate reports in the Talsec Dashboard.
suspend fun storeExternalId(data: String)Events
All events inherit from sealed class FreeRaspEvent. They are emitted via the threatEvents flow.
FreeRaspEvent
PrivilegedAccess
🤖 🍎
Detects Root (Android) or Jailbreak (iOS) access.
Debug
🤖 🍎
Detects if a Debugger is attached to the application.
Simulator
🤖 🍎
Detects if the app is running on an Emulator or Simulator.
AppIntegrity
🤖 🍎
Detects if the app signature or checksum has been tampered with.
UnofficialStore
🤖 🍎
Detects if the app was installed from an unrecognized source.
Hooks
🤖 🍎
Detects hooking frameworks (e.g., Frida, Xposed) injected into the process.
DeviceBinding
🤖 🍎
Detects if the device identity or cryptographic keys have changed.
Screenshot
🤖 🍎
Notification that a screenshot was taken.
ScreenRecording
🤖 🍎
Notification that screen recording is active.
Passcode
🤖 🍎
Detects if the device is not protected by a lock screen.
SecureHardwareNotAvailable
🤖 🍎
Detects if the hardware-backed keystore is unavailable.
SystemVPN
🤖 🍎
Detects if a system-wide VPN is active.
AllChecksFinished
🤖 🍎
Confirms that the initialization is complete and all active security checks have been executed.
DeviceID
🍎
Indicates that the unique device identifier has changed or is inconsistent.
ObfuscationIssues
🤖
Detects if the code is not properly obfuscated (missing ProGuard/R8).
DevMode
🤖
Detects if Developer Options are enabled in settings.
AdbEnabled
🤖
Detects if USB Debugging (ADB) is active.
MultiInstance
🤖
Detects App Cloning (multiple instances running).
UnsecureWifi
🤖
Detects connection to an unencrypted Wi-Fi network.
TimeSpoofing
🤖
Detects manual manipulation of system time.
LocationSpoofing
🤖
Detects attempts to falsify the device’s location to bypass geofences or fake presence.
Malware
🤖
Detects suspicious applications. Contains suspiciousAppInfo.
For a detailed description of each event and its security implications, please refer to the Wiki section ↗.
Malware Detection Configuration
class MalwareConfig
blacklistedPackageNames
List<String>
Packages to always flag as malware.
blacklistedHashes
List<String>
Certificate hashes to flag.
suspiciousPermissions
List<List<String>>
Permissions combinations to flag
data class SuspiciousAppInfo
Found inside the payload of the Malware event.
packageInfo
PackageInfo
Detailed information about the detected application.
reason
String
The specific detection rule that triggered the alert (e.g., "Blacklisted Package" or "Suspicious Permissions").
data class PackageInfo
Contains metadata about an installed application.
packageName
String
The unique package name (Application ID).
appName
String?
The name of the app.
version
String?
The version of the app.
appIncon
String?
The app icon as a Base64 encoded string.
installerStore
String?
The store from which the app was installed.
Last updated