LogoLogo
HomeArticlesCommunity ProductsPremium ProductsGitHubTalsec Website
  • 👋Introduction
  • đŸ› ī¸Integration
    • 🤖Android
      • API
      • Troubleshooting
    • 🍎iOS
      • API
      • Troubleshooting
    • đŸĻFlutter
      • FlutterFlow
      • API
      • Troubleshooting
    • âš›ī¸React Native
      • Expo
      • API
      • Troubleshooting
    • 👾Cordova
      • API
      • Troubleshooting
    • đŸĒŊCapacitor
      • API
      • Troubleshooting
  • 🚀Features and Pricing plans
    • The Key Differences: freeRASP vs. RASP+
  • 🎤What's New and Changelog
  • 📊Security Report
  • âš–ī¸User Data Policies
  • 📄License
  • 🤝Fair Usage Policy (FUP)
  • â„šī¸Wiki
    • Getting Signing Certificate Hash
    • Callback Delay, Telemetry Impact, and Threat Scanning Completion Status
    • Threat detection
      • Detecting rooted or jailbroken devices
      • Emulator detection
      • Hook detection
      • App tampering detection
      • Debugger detection
      • Detecting unofficial installation
      • Device binding detection
      • Missing obfuscation detection [Android devices only]
      • Secure Hardware detection (Keystore/Keychain secure storage check)
      • Passcode
      • System VPN detection
      • Developer Mode detection [Android devices only]
      • ADB enabled detection [Android devices only]
      • Screen Capture
    • Source code obfuscation
    • isProd flag
  • đŸĻ‰FAQ
  • 🧑‍đŸ’ģAbout Us
  • 🤝Contribution
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Wiki
  2. Threat detection

Missing obfuscation detection [Android devices only]

The freeRASP SDK contains public API, so the integration process is as simple as possible. Unfortunately, this public API also creates opportunities for the attacker to interrupt freeRASP SDK operations or modify the custom code in threat callbacks. All internal freeRASP classes are already obfuscated, so it is simple to distinguish freeRASP sources from the rest of the application code during the static analysis. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also to make it partially randomized for each application so it cannot be automatically abused by generic hooking scripts.

Please follow the integration guide of your platform for more information about how to obfuscate the app.

Below are code snippets demonstrating missing obfuscation detection across various platforms:

// Android
override fun onObfuscationIssuesDetected() {
    TODO("Not yet implemented")
}

// Flutter
onObfuscationIssues: () => print("Obfuscation issues")

// Cordova
obfuscationIssues: () => {
    // Place your reaction here
},

// React Native
obfuscationIssues: () => {
    // Place your reaction here
},

// Capacitor
obfuscationIssues: () => {
    // Place your reaction here
},

Recommended action: Use this callback during the development process to ensure that the app is obfuscated.

PreviousDevice binding detectionNextSecure Hardware detection (Keystore/Keychain secure storage check)

Last updated 9 months ago

Was this helpful?

â„šī¸