Only this pageAll pages
Powered by GitBook
1 of 53

freeRASP

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Loading...

Integration

The general flow of the integration can be decomposed into the following steps:

  1. Conforming to the prerequisites, e.g. setting up Android minSdkVersion.

  2. Adding the dependency.

  3. Setting up the configuration for the application, e.g. package name or whether it is production or not (see Dev vs. Release version).

  4. Handling the detected threats (callbacks).

  5. Starting the SDK.

  6. Enabling the source code obfuscation.

  7. Become familiar with Security Report, User Data Policies and License.

  8. Looking at , to provide an additional layer of protection by detecting malware or suspicious applications.

  9. Looking at Features and Pricing plans if you are interested in more advanced solutions to protect your application and business.

  10. Reading through Wiki and FAQ, if you are interested in more detailed information about internal workings.

Dev vs. Release version

The Dev version is intended for development purposes. It allows you to work on your app without interference from security features that could disrupt the process, e.g. if you would implement killing of the application on the debugger callback.

The Release version is meant for production and must always be used for your published app. It enables all security protections provided by freeRASP.

To configure this, set the isProd flag in freeRASP:

  • Release: isProd = true

  • Dev: isProd = false

⚠️Dev version disables some detections which won't be triggered during the development process:

  • Emulator/Simulator

  • Debugging

  • Tampering/Repackaging

  • Unofficial store/source

  • Obfuscation issues

  • Developer mode

  • ADB Enabled

Make sure that you use the Release version for the production.


Choose the Appropriate Version to Continue Integration

Choose the relevant section based on your app development platform:

Android

iOS

Flutter

React Native

Cordova

Capacitor

Unity

Cover
Cover
Cover
Cover
Cover
Cover
Cover

API

Description of the freeRASP API

Variables

TalsecConfig

Specifies configuration for your app. See the table below for a detailed description of the attributes.

field
type
description
sample value

expectedPackageName

String

Package name of the app.

"com.talsec.freerasp.demoapp"

expectedSigningCertificateHashBase64

Array<String>

Certificate hashes of your app. You must get your expected signing certificate hashes in Base64 form. You can go through to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.

arrayOf( "mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=")

watcherMail

String?

The value is automatically used as the target address for your security reports. Mail has a strict form '[email protected]'.

"[email protected]"

supportedAlternativeStores

Array<String>

Package names of the alternative stores on which you are publishing the application. The Google Play Store and Huawei AppGallery, are included internally. (You can assign just emptyArray()). For more information, visit the wiki page.

arrayOf( "com.sec.android.app.samsungapps")

isProd

Boolean?

Defaults to true when undefined. If you want to use the Dev version to make the development process viable, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.

true


Classes

public class ThreatListener

Constructor

public ThreatListener(@NonNull ThreatDetected threatsCallback, @Nullable DeviceState deviceStateCallback)

  • Listener for the threats detected by freeRASP

Methods

public void registerListener(Context context)

Registers your reactions to detected threats with freeRASP.

public void unregisterListener(Context context)

Unregisters the reactions to detected threats.

public final class Talsec

Methods

public static void start(Context context, TalsecConfig config)

The method used to start freeRASP's functionality.

public static void blockScreenCapture(Activity activity, boolean enable)

The method used to Block / Unblock screen Capture.

public static void isScreenCaptureBlocked()

The method used to Know the state of screen capture blocking whether blocked or not.


Interfaces

public interface ThreatDetected

Sends callbacks to your app when a threat is detected. Read more about the meaning of the callbacks in the .

Methods:

  • void onRootDetected()

  • void onDebuggerDetected()

  • void onEmulatorDetected()

  • void onTamperDetected()

  • void onUntrustedInstallationSourceDetected()

  • void onHookDetected()

  • void onDeviceBindingDetected()

  • void onObfuscationIssuesDetected()

  • void onScreenshotDetected()

  • void onScreenRecordingDetected()

public interface DeviceState

Provides device state listener to get additional information about device state. Read more about the meaning of the device state listeners in the .

Methods:

  • void onUnlockedDeviceDetected()

  • void onHardwareBackedKeystoreNotAvailableDetected()

  • void onDeveloperModeDetected()

  • void onADBEnabledDetected()

  • void onSystemVPNDetected()

Introduction

Let's learn the basics about freeRASP protection.

freeRASP is a lightweight and easy-to-integrate mobile security library designed to protect apps from potential threats during the application's runtime. It contains multiple security checks, each aimed to cover possible attack vectors to ensure a high level of application security.

What does freeRASP do?

freeRASP provides protection against potentially dangerous behaviour, including the following:

  • Using rooted or jailbroken devices (e.g., su, Magisk, unc0ver, check1rain, Dopamine).

  • Reverse engineering attempts.

  • Running hooking frameworks (e.g., Frida, Xposed or Shadow).

  • Tampering or repackaging the application.

  • Installing the app through untrusted methods/unofficial stores.

  • Running the app in various emulators.

  • Screenshot and screen recording attempts.

You can read more about the concept of RASP (Runtime application self-protection) here.

Advantages

  • Reactions to various attacks and detected security threats via an API (callback mechanism).

  • Simple integration.

  • VPN and Developer Mode (Android) detection.

  • ADB, Developer Mode, USB debugging detections.

  • No significant effect on the app performance.

  • Weekly security report via email indicating the security status of devices and app integrity.

  • Fulfills OWASP MASVS-RESILIENCE requirements.

Top apps rely on Talsec SDKs—see them here.

Limitations

  • Limits of Fair Usage Policy (free up to 100k app downloads; additional conditions after).

  • Data collection from your app to Talsec DB.

  • Security protections:

    • basic protection against root/jailbreak (including Magisk, Dopamine),

    • basic runtime reverse engineering controls,

    • basic runtime integrity controls.

  • No overlay and accessibility services misuse protection.

Learn more about the limitations of freeRASP here.

Workflow scheme

Supported platforms

freeRASP is currently supported for:

  • Android

  • iOS

  • Flutter

  • React Native

  • Cordova

  • Capacitor

  • Unity

freeRASP is currently tested and compatible with:

  • 🤖 Android smartphones, tablets, emulators, Android TVs

  • 🍎 iPhones, iPads, simulators

Discover freeRASP

Troubleshooting

See the most frequent issues occurring during integration.

Currently, there are no commonly present issues solely for the Native iOS development platform. For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

Troubleshooting

See the most frequent issues occurring during integration.

Currently, there are no commonly present issues solely for the Capacitor development platform. For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

Integration

Integrate freeRASP for your platform

Security Reports

Learn about regular security reports

License

How is freeRASP licensed

Commercial Subscriptions

Get maximum protection for your app

User Data Policies

Learn how we process your data

Cover
Cover
Cover
Cover
Cover
this manual
Detecting Unofficial Installation

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007aa9f06888: Failure in SSL library, usually a protocol error

Reason:

  • Conflicts between one of our device binding detection controls and TLS/SSL, using AndroidKeyStore

Solution:

  • We've created a special version in which the device binding is disabled. Please, use the following dependency:

For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.

Security Report

Weekly security status check of your application

The Security Report is a weekly summary describing the application's security state and characteristics of the devices it runs on in a practical and easy-to-understand way.

The report provides a quick overview about

  • Security incidents and their dynamics

  • App Integrity

  • Reverse engineering attempts

It also contains information about devices such as

  • OS version

  • Ratio of devices with lock screens

  • Ratio of devices with biometrics

Each visualization also comes with a concise explanation. To receive Security Reports, you need to fill out the watcherMail correctly. There can be only one mail value set up.

Haven't received your security report? You may have surpassed our limit.

implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:9.6.0-NO_DB'
FAQ
Issues section of our GitHub repository

Expo

freeRASP for React Native is a bare React Native plugin. When installing freeRASP into a project that uses Expo SDK, there may be extra configuration needed.

To integrate freeRASP into the Expo projects, follow the instructions for React Native. After that, continue on this page.

We provide a plugin config that sets up the dependencies of freeRASP without the need to eject the Expo project. It is recommended to use the plugin config. However, manual setup is also possible.

Plugin config setup

Add the plugin config to your app.json and specify the minSdkVersion (use at least 23). Additionally, if you are using Expo 50, increase the version of R8 above 8.2 with the R8Version property (to support sealed classes on Android).

"plugins":[
    [
        "freerasp-react-native/app.plugin.js",
        {
            "android":{
                "minSdkVersion":"23",
                "R8Version":"8.3.37" // optional for Expo 50
            }
        }
    ]
]

Manual setup

  1. Increase minSdkVersion

    This can be done in two ways:

    • update the minSdkVersion property directly in android/build.gradle, or

    • use expo-build-properties plugin, which updates the property in the prebuild phase. Read more in the Expo docs.

  2. Add maven dependency

    1. open android/build.gradle (if you don't see the android folder, run npx expo prebuild -p android in terminal to create it)

    2. add the following dependency under allprojects > repositories:

      maven { url "https://europe-west3-maven.pkg.dev/talsec-artifact-repository/freerasp" }

    3. if not already configured, add also:

      maven { url 'https://www.jitpack.io' }

Wiki

Welcome to the freeRASP wiki page!

This page provides additional information about the product. The main goal is to present clear and easily accessible content that will help you better understand freeRASP. We hope you find it helpful and informative.

What will you find on this Wiki page?

  • How to Get the Signing Certificate Hash.

  • Details on Callback Delay, Telemetry Impact, and Threat Scanning.

  • Information about Threat detection.

  • Overview of Code Obfuscation.

We encourage you to explore the different sections of this wiki to gain a more comprehensive understanding of the freeRASP product and its features. If you have any questions or need further assistance, please feel free to reach out to our support team at [email protected].

Emulator detection

Running an application inside an emulator/simulator allows an attacker to hook or trace program execution. For applications running inside an emulator, it is easy to inspect the system's state, reset it to a saved image, or monitor how the app operates. Keep in mind that not every emulator/simulator usage means an ongoing potential threat for the application.

Below are code snippets demonstrating emulator detection across various platforms:

// Android emulator check
override fun onEmulatorDetected() {
    TODO("Not yet implemented")
}

// iOS simulator detection
case simulator

// Flutter emulator and simulator detection
onSimulator: () => print("Simulator")

// Cordova emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

// React Native emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

// Capacitor emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

Recommended action: Notify users that their device is insecure and log the event on your BE. Some of the applications (mostly banking) are often even killed upon the detection of this threat.

License

This project is provided as freemium software, i.e. there is a fair usage policy that imposes some limitations on the free usage. The SDK software consists of open-source and binary parts, which is the property of Talsec. The open-source part is licensed under the MIT License - see the LICENSE file on GitHub for details.

About Us

Talsec is an academic-based and community-driven mobile security company. We deliver in-App Protection and a User Safety suite for Fintechs. We aim to bridge the gaps between the user's perception of app safety and the strong security requirements of the financial industry.

Talsec offers a wide range of security solutions, such as App and API protection SDK, monitoring services, and the User Safety suite. You can check out the offered products on our web.

Links

  • Give us a ⭐: GitHub freeRASP

  • Follow to stay up to date with the news at Talsec:

    • LinkedIn

    • X

  • Read articles about security issues and their prevention: Medium

freeMalwareDetection

isProd flag

There are two possible values for this flag:

  • true

    • Indicates the Release version.

    • This is the default value when undefined.

  • false

    • Indicates the Dev version.


The Dev version of freeRASP is intended for usage during the development phase. It serves the purpose of segregating development and production data, as well as disabling certain checks that are not applicable during the development process. These checks include:

  • Emulator usage (onSimulator),

  • Debugging (onDebug),

  • Signing (onAppIntegrity),

  • Unofficial store (onUnofficialStore),

  • Obfuscation issues (onObfuscationIssues),

  • Developer mode (onDevMode),

  • ADB Enabled (onADBEnabled).


Fair Usage Policy
Example of Security Report

Fair Usage Policy (FUP)

freeRASP & Fair Usage Policy

For all apps, regardless of the number of downloads:

  • Threat Intelligence Collection: Threat signal data will be collected and processed in Talsec’s database for security insights and product enhancement.

For apps exceeding 100k downloads (= 100 000), the following conditions apply:

  • Marketing Attribution: Talsec may feature the app name and logo in marketing materials (e.g., the "Trusted by" section on the website).

  • Brand Acknowledgment: Apps with over 100k downloads must display the "Protected by freeRASP" message with the freeRASP logo on relevant app screens.

Fair Usage Policy counts total downloads, with multiple downloads or updates from the same device counted as a single download.

Hook detection

The application can be analysed or modified even though its source code has not been changed, applying a technique known as hooking. This technique can be used to intercept system or application calls and then modify them. An attacker can exploit this by inserting new (often malicious) code or by altering existing one to obtain personal client data. The most well-known hooking frameworks are Frida, Xposed, or Cydia Substrate.

Learn more about in our glossary.

Below are code snippets demonstrating hook detection across various platforms:

// Android hook check
override fun onHookDetected() {
    TODO("Not yet implemented")
}

// iOS hook detection
case runtimeManipulation

// Flutter hook and runtime manipulation detection
onHooks: () => print("Hooks")

// Cordova hook and runtime manipulation detection
hooks: () => {
    // Place your reaction here
}

// React Native hook and runtime manipulation detection
hooks: () => {
    // Place your reaction here
}

// Capacitor hook and runtime manipulation detection
hooks: () => {
    // Place your reaction here
}

Recommended action: Notify users that their device or app is insecure and log the event on your BE. In some cases, it is recommended to even kill the application.

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

General

Could not determine the dependencies of task ':freerasp-react-native:compileDebugAidl'

Solution:

  • In package.json, update react-native to a higher patch version and run npm install (or yarn install).

  • See to find out which patch version is relevant for you.

Invalid hook call. Hooks can only be called inside of the body of a function component.

Reason: The useFreeRasp Hook cannot be called inside useEffect.

Solution:

  • If you want to initialize freeRASP inside useEffect, you have to handle the initialization on your own. Such inititialization would look like this:

Where actions, config are objects described in the integration guide.

Android Devices

Execution failed for task ':freerasp-react-native:minifyReleaseWithR8'.

Sealed classes are not supported as program classes when generating class files.

Reason: Kotlin sealed classes are not supported in AGP 8.1 used by some versions of RN (currently 0.73.x)

Solution: Follow , which also contains additional information about the issue.

iOS Devices

Unsupported Swift architecture

Reason: The arm64 macro is not set under Rosetta.

Solution: Go to <your_project>/node_modules/freerasp-react-native/ios/TalsecRuntime.xcframework/ios-arm64/TalsecRuntime.framework/Headers/TalsecRuntime-Swift.h and move the following code (lines 4 and 5 in the file) to the top of the file:

For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.

Callback Delay, Telemetry Impact, and Threat Scanning Completion Status

We would like to reflect on a few performance and telemetry-related topics that emerge occasionally.

Common Questions:

  • Why does it take too long to finish all the checks?

  • How to know when all checks are finished?

  • When are telemetry data transmitted?

Key Notes:

  • Incidents that are triggered during the development (integration & testing) won't happen to a majority of users in the production.

  • Callbacks can be invoked slower if the freeRASP backend endpoint is overloaded. Data collection takes precedence. However, do not worry; the application will function as intended, and only callbacks might be a little delayed.

The Performance

freeRASP works smoothly in production, but it may be tricky to understand all the freeRASP concepts during development. During the integration and testing of the freeRASP, you may have observed that it took longer than expected to get results for all threats (callbacks). You want to get results quickly, respond to threats effectively, and ensure there is no noticeable jankiness in the UI interactions.

freeRASP has to do a lot of work once started. The cold boot is a really intensive moment when all detections must be performed, telemetry data transmitted, and callbacks to your app must be delivered (in this order).

Talsec team efforts and community contributions allow freeRASP to improve the performance and security trade-offs continually by tuning the asynchronous processes, network activity, and internal business logic. Like that time when the internal detector ordering was reworked to significantly speed evaluation based on and the telemetry insights about the speed of detectors 👌.

Beware Development vs. Production Environment Bias

Remember the phrase "It is darkest before the dawn"? The integration and testing of freeRASP are inherently accompanied by unintentional threat callbacks invoked by incorrect provisioning of the app's signature (appIntegrity callback), using a simulator for development, an unofficial store (because you haven't published it yet), and others. We've all been there.

It may also seem disconcerting to see that it takes too long until the last expected threat callback invokes. Yet, keep in mind that in production, these incidents won't happen for the genuine unaltered apps run in normal conditions. The performance impact will be negligible. On the contrary, the comfort of a potential attacker and performance degradation in adverse conditions is acceptable.

If you're getting the appIntegrity incident in the production app, send us your packageName/bundleId and watcherMail at [email protected], and we will look into it.

Cold Boot Telemetry & Best Effort Service

freeRASP collects security diagnostics data (read more in ) in accordance with the . Every detected threat is immediately synchronously logged to a common freeRASP backend. Latencies inflicted by the overload of the endpoint are unfortunate, but we continuously improve and scale as much as possible.

Detecting rooted or jailbroken devices

Rooting/jailbreaking is a technique of acquiring privileged control over the operating system of an Android/iOS device. While most users root their devices to overcome the limitations put on the devices by the manufacturers, it also enables those with malicious intent to abuse privileged access and steal sensitive information. Many different attack vectors require privileged access to be performed. Tools such as , , or can hide privileged access and are often used by attackers.

Learn more about the root detection and jailbreak detection.

Learn more about and detection in our glossary.

freeRASP uses various checks to detect whether the device is rooted or jailbroken. It detects not only rooted/jailbroken devices but also looks for the presence of their hiders (e.g., Magisk Hide, Shamiko, Shad0w, Dopamine).

From our data, around 0.5% - 1% of devices have traces of rooting and jailbreaking. Keep that in mind when choosing the appropriate reaction type.

Below are code snippets demonstrating root and jailbreak detection across various platforms:

Recommended action: Notify users that their device is insecure and log the event on your BE. Some of the applications (mostly banking) are often even killed upon the detection of this threat.

Device binding detection

Device binding is attaching an application instance to a particular mobile device. This method detects a transfer of an application instance to another device. A new install of the application (e.g. in case of buying a new device and transfer the apps) is not detected.

The deviceID detects, whether the has been changed. It is triggered after reinstallation of the application if there are no other applications from the same vendor installed. The value can also change when installing test builds using Xcode or when installing an app on a device using ad-hoc distribution.

Below are code snippets demonstrating device binding detection across various platforms:

Recommended action: Log the event on your BE and react to it if you need to have an instance attached to a particular mobile device (e.g., activation scenarios); otherwise you can ignore it.

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

ReferenceError: TalsecPlugin is not defined

Reason:

  • Cordova Angular cannot find the talsec object.

Solution:

  • Add the following line below imports: declare var talsec: any;

For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.

Secure Hardware detection (Keystore/Keychain secure storage check)

The Secure Enclave and the Android Keystore system make it very difficult to decrypt sensitive data without physical access to the device. In that order, these keys need to be stored securely. freeRASP checks if the keys reside inside secure hardware.

Below are code snippets demonstrating missing hardware detection across various platforms:

Recommended action: Ignore the callback or log the event to your BE.

System VPN detection

Detecting a running VPN service on mobile devices is critical for security-sensitive applications, as it can indicate potential privacy and security risks. VPNs can obscure the user’s actual IP address and route data through servers potentially under external control, which might interfere with geographical restrictions and bypass network security settings intended to protect data integrity and confidentiality. Such anonymising features could be exploited to mask illicit activities, evade compliance controls, or access services from unauthorised regions. FreeRASP checks whether the system VPN is enabled.

Below are code snippets demonstrating system VPN detection across various platforms:

Recommended action: Log the event on your BE

Debugger detection

While most developers use debuggers to trace the flow of their program during its execution same tool can be attached to an application in an attempt to reverse engineer, check memory values, and steal confidential information. This method looks for specific flags to determine whether the debugger is active and offers the option to disable it.

Below are code snippets demonstrating debugger detection across various platforms:

Recommended action: Kill the application.

Source code obfuscation

The freeRASP contains public API so that the integration process is as simple as possible. Unfortunately, this also creates opportunities for the attacker to use publicly available information to interrupt freeRASP operations or modify your custom reaction implementation in threat callbacks. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also partially randomized for each application so it cannot be automatically abused by generic hooking scripts.

The majority of Android projects support code shrinking and obfuscation without any additional need for setup. The owner of the project can define the set of rules that are usually automatically used when the application is built in the release mode. For detailed guidance, explore the official documentation through these links: and .

App tampering detection

Every application can be easily modified and then resigned by an attacker. This process is known as application repackaging. There may be many reasons for application repackaging, whether it's adding new code, removing app protections, or bypassing app licensing. A modified/tampered application is often distributed using third-party stores or other side channels.

Talsec uses various checks to detect whether the application was tampered (e.g., changed package name, signing hash).

Make sure that you have integrated Talsec correctly (e.g., signing certificate hash). Otherwise, this check might be triggered very often.

Below are code snippets demonstrating app tampering detection across various platforms:

Recommended action: Kill the application.

ADB enabled detection [Android devices only]

ADB (Android Debug Bridge) Enabled is a power-user feature activated through the "USB Installation" option in the Developer settings. This state can signal potential security risks, such as apps being installed via USB, the device being connected to a man-in-the-middle (MiTM) proxy, or the device running as an emulator. When ADB is enabled, it allows extensive access to the device, including pulling and pushing files, issuing shell commands, working with the activity manager (e.g., starting activities, broadcasting intents, modifying hidden Android settings, attaching a profiler to a process, or making an app debuggable), and managing packages. Additionally, it enables capturing screenshots, recording the screen, and other actions that can compromise app security and user privacy. FreeRASP detects whether the USB debugging is enabled.

Below are code snippets demonstrating ADB enabled detection across various platforms:

Recommended action: Log the event on your BE

Developer Mode detection [Android devices only]

Android developer mode allows deeper system access and debugging capabilities that can bypass app security measures. Developer mode can enable settings that facilitate the installation of uncertified applications and the execution of potentially harmful code, posing significant risks to data integrity and app functionality. FreeRASP detects whether the developer mode is enabled.

Warning: This vulnerability is particularly critical on Android 12 and 13 devices with Developer Mode enabled. A local attacker with ADB shell access can execute arbitrary code within the context of any non-system app, granting them full access to the app’s private data files, AccountManager-stored credentials, and other privileged resources. This bypasses the Application Sandbox’s intended protections, which are designed to isolate app data even from device owners.

Below are code snippets demonstrating developer mode detection across various platforms:

Recommended action: Log the event on your BE

Passcode

Saving any sensitive data on a device without a lock / passcode makes them more prone to theft. With no user authentification device can be accessed and modified with minimal effort. freeRASP checks if the device is secured with any type of lock.

Below are code snippets demonstrating passcode detection across various platforms:

Recommended action: Log the event on your BE or react to it if you need users to have a screen lock set up, otherwise ignore it.

// Android Keystore
override fun onHardwareBackedKeystoreNotAvailableDetected() {
    TODO("Not yet implemented")
}

// iOS Secure Enclave
case missingSecureEnclave

// Flutter HW backed keystore not available and missing secure enclave detection
onSecureHardwareNotAvailable: () => print("Secure hardware not available")

// Cordova HW backed keystore not available and missing secure enclave detection
secureHardwareNotAvailable: () => {
    // Place your reaction here
}

// React Native HW backed keystore not available and missing secure enclave detection
secureHardwareNotAvailable: () => {
    // Place your reaction here
}

// Capacitor HW backed keystore not available and missing secure enclave detection
secureHardwareNotAvailable: () => {
    // Place your reaction here
}
// Android system VPN detection
override fun onSystemVPNDetected() {
    TODO("Not yet implemented")
}

// iOS system VPN detection
case systemVPN

// Flutter system VPN detection
onSystemVPN: () => print("System VPN detected")

// Cordova system VPN detection
systemVPN: () => {
    // Place your reaction here
}

// React Native system VPN detection
systemVPN: () => {
    // Place your reaction here
}

// Capacitor system VPN detection
systemVPN: () => {
    // Place your reaction here
}
// Android debugger detection
override fun onDebuggerDetected() {
    TODO("Not yet implemented")
}

// iOS debugger detection
case debugger

// Flutter
onDebug: () => print("Debugging")

// Cordova
debug: () => {
    // Place your reaction here 
}

// React Native
debug: () => {
    // Place your reaction here 
}

// Capacitor
debug: () => {
    // Place your reaction here 
}
// Android tampering
override fun onTamperDetected() {
    TODO("Not yet implemented")
}

// iOS signature
case signature

// Flutter tampering and signature detection
onAppIntegrity: () => print("App integrity")

// Cordova tampering and signature detection
appIntegrity: () => {
    // Place your reaction here
}

// React Native tampering and signature detection
appIntegrity: () => {
    // Place your reaction here
}

// Capacitor tampering and signature detection
appIntegrity: () => {
    // Place your reaction here
}
// Android ADB enabled detection
override fun onADBEnabledDetected() {
    TODO("Not yet implemented")
}

// Flutter ADB enabled detection
onADBEnabled: () => print("Developer mode detected")

// Cordova ADB enabled detection
adbEnabled: () => {
    // Place your reaction here
}

// React Native ADB enabled detection
adbEnabled: () => {
    // Place your reaction here
}

// Capacitor ADB enabled detection
adbEnabled: () => {
    // Place your reaction here
}
// Android Developer mode detection
override fun onDeveloperModeDetected() {
    TODO("Not yet implemented")
}

// Flutter Developer mode detection
onDevMode: () => print("Developer mode detected")

// Cordova Developer mode detection
devMode: () => {
    // Place your reaction here
}

// React Native Developer mode detection
devMode: () => {
    // Place your reaction here
}

// Capacitor Developer mode detection
devMode: () => {
    // Place your reaction here
}
// Android lock check
override fun onUnlockedDeviceDetected() {
    TODO("Not yet implemented")
}

// iOS lock check
case passcode

// Flutter unlocked device and passcode detection
onPasscode: () => print("Passcode not set")

// Cordova unlocked device and passcode detection
passcode: () => {
    // Place your reaction here
}

// React Native unlocked device and passcode detection
passcode: () => {
    // Place your reaction here
}

// Capacitor unlocked device and passcode detection
passcode: () => {
    // Place your reaction here
}
this reported issue
User Data Policies
Fair Usage Policy
// Android device binding check
override fun onDeviceBindingDetected() {
    TODO("Not yet implemented")
}

// iOS device binding methods
case deviceChange
case deviceID

// Flutter 
// device binding and device change detection
onDeviceBinding: () => print("Device binding")

// device ID 
onDeviceID: () => print("Device ID")  // iOS only

// Cordova 
// device binding and device change detection
deviceBinding: () => {
    // Place your reaction here
}

// device ID 
deviceID: () => {  // iOS only
    // Place your reaction here 
}

// React Native 
// device binding and device change detection
deviceBinding: () => {
    // Place your reaction here
}

// deviceID
deviceID: () => {  // iOS only
    // Place your reaction here 
}

// Capacitor 
// device binding and device change detection
deviceBinding: () => {
    // Place your reaction here
}

// deviceID
deviceID: () => {  // iOS only
    // Place your reaction here 
}
device identifier
FAQ
Issues section of our GitHub repository
first reference
second reference
// Root detection on Android
override fun onRootDetected() {
    TODO("Not yet implemented")
}

// iOS jailbreaking detection
case jailbreak

// Flutter root and jailbreak detection
onPrivilegedAccess: () => print("Privileged access")

// Cordova root and jailbreak detection
privilegedAccess: () => {
    // Place your reaction here
}

// React Native root and jailbreak detection
privilegedAccess: () => {
    // Place your reaction here
}

// Capacitor root and jailbreak detection
privilegedAccess: () => {
    // Place your reaction here
}
Magisk
Shamiko
Shad0w
Dopamine
this issue
this comment on Google Issue Tracker
FAQ
Issues section of our GitHub repository
import {
  setThreatListeners,
  talsecStart,
  removeThreatListeners,
} from 'freerasp-react-native';

...

useEffect(() => {
  setThreatListeners(actions);
  talsecStart(config);

  return () => {
    removeThreatListeners();
  };
}, []);

Contribution

At Talsec, our commitment goes beyond just providing strong security solutions. We believe in continuously evolving our offerings by actively listening to community feedback and responding to the unique needs of developers. Our goal is not only to protect your applications but also to ensure that your insights and experiences shape our products.

We value your input because we understand that secure and effective development tooling is built through collaboration. Your voice, as a developer, is crucial to making our solutions more robust, dev-friendly, and aligned with real-world challenges.

Issues

We strive to deliver a flawless experience with our software. However, despite our best efforts, occasional bugs or issues may still arise. If you encounter any problems or notice anything that seems out of place, we encourage you to let us know.

Enhancements

If you have ideas that could enhance freeRASP or improve your developer experience, we want to hear from you. We value suggestions from the community, as they reflect real needs and practical experiences.

To share your idea, please open an enhancement issue on our GitHub repository. Your input helps us prioritize features and improvements that matter most to our users.

Enhancements Tracking

We recognize that some ideas are already on our radar and are actively under consideration. To keep track of proposed enhancements and their progress, we use GitHub Projects.

Before submitting a new idea, we recommend reviewing our GitHub Projects board. This will help you see if your suggestion is already being worked on or if similar ideas have been proposed.

💬 Join the Talsec Community!

Are you looking for upcoming events, ways to engage on social media, or a quick overview of our key programs? This is the hub of our community! Visit the main go-to resource for staying connected with Talsec.

Cover

🚩 Raise GitHub Issue

Let us and the community know your struggles.

Cover

📧 Write Mail

If you prefer private consultation.

Cover

🗳️ Raise GitHub Enhancement Issue

Missing some feature? Let us know!

Cover

⚖️ GitHub Project Board

Explore ideas we plan to refine and implement.

Cover

Community [Apply to Join!]

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

General

Upgrading from freeRASP 4.x.x or earlier

Please remove the old TalsecRuntime.xcframework and integration script from your project:

  1. Go to your project's ios folder

  2. Open Runner.xcworkspace in Xcode

  3. On the top bar, select Product -> Scheme -> Edit Scheme...

  4. On the left side, select Build -> Pre-actions

  5. Find the integration script and click the trash icon on the right side to remove it

  6. Open the .flutter-plugins (in the root folder of the app), and get the address where the freerasp is installed.

  7. Go to the given folder, and remove the freerasp folder file.

  8. Delete the .symlinks folder from the project.

  9. Run pub get

  10. Run pod install to test it

Otherwise, no further setup is required.

Note: You need Xcode 15 to be able to build the application.

Android Devices

Could not find ... dependency issue

Solution: Add dependency manually (see issue).

In android -> app -> build.gradle add these dependencies

dependencies {
    ...
    // Talsec dependency
    implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Flutter:<version>'
}
Code throws java.lang.UnsatisfiedLinkError: No implementation found for... exception when building APK

Solution: The Android version of freeRASP is already obfuscated.

Add this rule to your proguard-rules.pro file:

-keepclasseswithmembernames,includedescriptorclasses class * {
native ;
}
APK size increased a lot after implementation of freeRASP

Solution: In android/app/src/AndroidManifest.xml add attribute into application tag:

The updated tag might look like this:

As pointed out in this issue comment, setting extractNativeLibs to true removes native libraries from the final APK, resulting in a smaller size. Conversely, setting it to false keeps the libraries uncompressed and stored within the APK, which increases the APK size but might allow the application to load faster because the libraries are loaded directly at runtime.

iOS Devices

Unable to build release for simulator in Xcode (errors)

Solution: The simulator does not support the release build of Flutter - more about it here. Use a real device in order to build the app in release mode.

MissingPluginException occurs on hot restart

Solution: Technical limitation of Flutter - more about it here. Use command flutter run to launch the app (i.e. run the app from scratch).

For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

API

Description of the freeRASP API

Variables

TalsecConfig

Specifies configuration for your app. See the table below for detailed description of the attributes.

field
type
description
sample value

appBundleIds

[String]

List of Bundle IDs for the app

["com.talsec.freerasp.demoapp"]

appTeamId

String

Apple Team ID for the signing of the app

"M8AK35..."

watcherMailAddress

String?

The value is automatically used as the target address for your security reports. Mail has a strict form '[email protected]'.

"[email protected]"

isProd

Bool?

Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!

true

Classes

public class Talsec

Methods

public static func start(config: TalsecRuntime.TalsecConfig)

  • The method used to start freeRASP's audit.

public static func blockScreenCapture(enable: Bool, window: UIWindow)

  • The method blocks the screen capture in specific UIWindow.

public static func isScreenCaptureBlocked(in window: UIWindow) -> Bool

  • The method returns whether the screen capture is blocked in specific UIWindow.

public static func storeExternalId(externalId: String)

  • The method stores an externalId into the logs for data collection.

Protocols

public protocol SecurityThreatHandler

Methods

func threatDetected(_ securityThreat: TalsecRuntime.SecurityThreat)

  • Notifier about detected threats.

Enums

public enum SecurityThreat : String, Codable, CaseIterable, Equatable

Provides all types of threats detected by freeRASP. Read more about the meaning of the threats in the .

Cases

  • signature

  • jailbreak

  • debugger

  • runtimeManipulation

  • passcode

  • simulator

  • missingSecureEnclave

  • systemVPN

  • deviceChange

  • deviceID

  • unofficialStore

  • screenshot

  • screenRecording

Android

Example:

📝 Prerequisites

freeRASP requires a minimum SDK level of 23. To update the minimum SDK level of the application, follow these steps:

  1. From the root of your project (or module level), go to the build.gradle.

  2. Update minSdkVersion to at least 23 (Android 6.0) or higher.

Enable Screenshot and Screen Recording Detection

To and , add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:

Screenshot Detection is supported on Android 14 (API level 34) and higher. Screen Recording Detection is supported on Android 15 (API level 35) and higher.


📦 Add the dependency

Set Talsec's Artifact Registry in your project's settings.gradle (or build.gradle). You should comment out the relevant section in settings.gradle, if you want to use build.gradle, as settings.gradle is preferred:

Config via settings.gradle:

Config via build.gradle:

Make sure that Talsec's maven dependency is at the last position.

Set dependencies in your :app module's build.gradle:


⚙️ Setup the Configuration for your App

To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided .

  1. Create an arbitrary subclass of Application(), override its onCreate()method and implement ThreatListener.ThreatDetected interface. You can, of course, use your Application subclass if you already have one in your project. If you encounter issues importing ThreatListener.ThreatDetected, please use 'Sync Project with Gradle Files' to resolve them.“

  2. Add a new subclass to AndroidManifest.xml, inside <application> tag:

  3. Set up the Configuration for your app with your values, which are explained in more detail in .


👷 Handle detected threats

You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the to learn more details about the performed checks and their importance for app security.

  1. Implement methods of ThreatListener.ThreatDetected interface:

    For the onMalwareDetected(p0: MutableList<SuspiciousAppInfo>?) callback, make sure you visit , a powerful feature designed to scan for malicious or suspicious apps.

  2. Optionally, you can use a device state listener to get additional information about the device state, like passcode lock and HW-backed Keystore state:

  3. Modify initialization of ThreatListener:

  4. (Optional) You can integrate the screen capture methods to detect threats like screenshots - onScreenshotDetected() or screen recording - onScreenRecordingDetected(). If you do not implement the steps below, these detections will not work, in that case, you can just leave the implementations empty.

    To use onScreenshotDetected() you have to be on Android 14+ (API 34+). Also, the application needs the following permission:

    To use onScreenRecordingDetected() you have to be on Android 15+ (API 35+). Also, the application needs the following permission:

    To utilize active protection, you can use Talsec.blockScreenCapture(activity, true). To receive whether the screen capture is blocked, you can use the Talsec.isScreenCaptureBlocked(). For more details about all these screen capture methods, see . Integration of all these methods should be performed at the Application level to best address the Android lifecycle:


🛡️ Start freeRASP


🌁 Enable source code obfuscation

You can make sure that the obfuscation is enabled by checking the value of minifyEnabled property in your module's build.gradle file.

Read more about why this is important in the.


☢️ (Optionally) Integrate freeMalwareDetection

freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.

It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.

Visit the repository to learn more about this feature! For the integration, refer to the for the Android platform.

Getting Signing Certificate Hash

Before an Android application can be installed or updated, it must be digitally signed with a certificate. The signing certificate hash is a unique identifier of this certificate, playing a critical role in application security and integrity.

This hash ensures that:

  • The app's origin is verified, preventing malicious actors from distributing fake or modified versions.

  • Only the original developer can provide updates, ensuring a secure upgrade path.

  • Third-party services and APIs can authenticate the app before granting access.

Understanding the signing certificate hash is essential, especially when dealing with Google Play App Signing, where the upload key and distribution key may differ. Proper management of this concept helps maintain trust, prevent security breaches, and ensure a seamless app lifecycle.

Application Signing

Developers can sign the application using one of the following methods:

  • Manual App Signing.

    • Development Certificate

    • Production Certificate

  • Play App Signing.

Manual App Signing

Manual App Signing is a process where the developer signs an Android application (APK) using a private key stored in a keystore.

Development Certificate

The Development Certificate is used primarily during the development and testing phases. This certificate is automatically generated by Android build tools. It is used for signing the app during development to test features and debug without releasing the app to the public.

The SHA-256 digest from this certificate should not be used in a production environment, as the SDK may detect it as a potential security threat.

Production Certificate

The Production Certificate is used when preparing the app for public release. Developers create a and generate a private key for signing the application. This certificate must be kept secure as it ties the app to the developer for all future updates.

How to Retrieve Certificate Details in Manual App Signing?

In manual app signing, the developer owns a keystore used to sign the application. You can use tools like keytool or apksigner to retrieve certificate details, including the SHA-256 digest.

Using keytool:

Using apksigner:

Do not forget to convert the SHA-256 digest to Base64 format, as the SDK requires it in this format. You can find the conversion steps in .

Play App Signing

With Play App Signing, Google securely manages your app’s signing key and uses it to sign your application before distribution. This ensures that your app remains protected throughout its lifecycle while also enabling features like automatic key rotation.

How to find the SHA-256 fingerprint in Google Play Console?

To retrieve the SHA-256 digest of your signing certificate, follow these steps:

  1. Go to View App.

  2. Navigate to Setup > App Signing.

  3. Under App Signing Key Certificate, locate the SHA-256 fingerprint.

An example SHA-256 fingerprint looks like this:

Do not forget to convert the SHA-256 digest to Base64 format, as the SDK requires it in this format. You can find the conversion steps in .

Converting the SHA-256 Hash to Base64

To convert hex string to Base64 form, use an online like . After conversion, you'll receive a string like this:

The resulting string is used in the Talsec configuration as a signing certificate hash.

Screen Capture

Screenshot Detection

Screenshot detection identifies when a screenshot is taken on a device. Screenshots can expose sensitive app data, such as user credentials, personal content, or confidential information, leading to privacy and security risks. By detecting screenshots, apps can take preventive measures, such as:

  • Obscuring sensitive content before the screenshot is captured.

  • Notifying users that a screenshot has been taken.

  • Logging events for security monitoring and analysis.

Platform-Specific Implementations

Screen Recording Detection

Screen recording detection helps identify when a device's screen is being recorded. Screen recordings can capture sensitive data, such as user interactions and proprietary app content. By detecting screen recordings, apps can:

  • Mask sensitive information during recording.

  • Alert users that their screen is being recorded.

  • Log events for further security analysis.

Platform-Specific Implementations

Recommended action: Log the event on your BE or hide the sensitive content.

Screen Capture Protection

Screen capture protection prevents your app’s content from appearing in screenshots and screen recordings. When enabled, captured images and recordings display a black screen, protecting sensitive information.

To enable or disable protection dynamically, pass true or false.

Check Screen Capture State

To check whether screen capture is currently blocked in the application, use the following method:

For Android 11 (API 30) and lower, Screen Capture is able to help around 70% of the devices reliably. This is because on certain devices, keyboard taps can be recorded.

Read More

In our article we explain how to block screenshots, screen recording, and remote access tools in mobile apps to protect user data. It discusses security threats such as built-in screenshot tools, remote desktop apps like TeamViewer, screen mirroring software, third-party recording apps, and ADB-based access.

Watch on YouTube

User Data Policies

Information about collected data

freeRASP collects anonymized security diagnostics data from apps. These data contain:

  • Application state and security.

  • Device state and security.

  • Anonymous app instance ID and device ID.

This information allows Talsec to provide a , improve the freeRASP product and even the , or prepare mobile security reports and articles.

Data collection can be disabled or configured to a custom customer-owned logging service in

All the data collected by the freeRASP is technical diagnostics information and anonymous, but depending on the regulations applied, it could be considered sensitive and/or personal data.

Talsec recommends adding the statement below to the dedicated privacy policy page of your app. You can also use the text below while filling in the or publishing.

Privacy Policy Statement

For the purpose of Fraud prevention, user safety, and compliance the dedicated App safety SDK needs to send the following anonymous diagnostic data off the device for detection of security issues. Thus the application collects the following data:

  • Category: App info and performance

    • Data Type: Diagnostics

    • Information about the integrity of the app and the operating system. For example, rooting, running in an emulator, hooking framework usage, etc...

  • Category: Device or other identifiers

    • Data Type: Device or other identifiers

    • Information that relates to an individual device. For example, a device model and anonymous identifier to control that app instance executed on the original device that it was initially installed on. It is needed to combat threats like bots and API abuse.

Google Play's Data Safety Policy

Google Play requires all app publishers to declare how they collect and handle user data for the apps they publish on Google Play. They should inform users properly of the data collected by the apps and how the data is shared and processed. Google will reject the apps which do not comply with the policy.

More about Google Play's Data safety .

The checks for the Google Play and details about data are specified above in .

App Store User Data Policy

Apple requires that all app developers disclose their data collection and handling practices for apps published on the App Store. Developers must clearly inform users about the data their apps collect, as well as how this data is shared and processed. Apps that do not adhere to Apple's data privacy guidelines will be rejected.

More about Apple App privacy .

To comply with the policy, in the App Privacy section, it is important to check the following:

  • Identifiers -> Device ID -> App Functionality

    • It is an anonymous device identifier for the App vendor as per:

    • Talsec Security SDK can not link the device identifier to the user

  • Diagnostics -> Performance Data -> App Functionality, Other Purposes, No for linking to the user

  • Diagnostics -> Other diagnostics data -> App Functionality, Other Purposes, No for linking to the user

  • Other data -> App Functionality, No for linking to the user

    • Security diagnostics data (such as jailbreak)

Disclosure Screen

Google Play’s User Data policy indicates that a prominent disclosure should be presented to the users in case of an app collecting personal or sensitive data.

Although freeRASP collects diagnostical data (anonymous and not user-related), you (as the app publisher) should consider adding a disclosure screen, describing why the security diagnostic data is needed, what data, and how the data is used.

More about Google's best practices for prominent disclosure and consent .

keytool -printcert -jarfile app.apk
apksigner verify --print-certs app.apk
88:8c:7f:02:d6:2e:ed:3a:53:bb:9c:a6:6b:82:5c:0d:78:a8:e5:b6:b2:11:28:bc:f5:ac:67:c8:e0:a3:7c:5a
iIx/AtYu7TpAu5cma4JdDXio5bayFSi89axnyOCjfFo=
custom keystore
this section
this section
Base64 Encode
security report
commercial RASP SDK
premium plans of Talsec.
Google Play Safety Section
similar for Apple App Store
here
here
https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor
here
Example of disclosure screen
Privacy Policy Statement

Detecting unofficial installation

Users can share a copy of the application on unofficial stores or various pirate forums. While some users download these copies to avoid paying for the product, they can include unknown and possibly dangerous modifications. Verifying an official installation consequently protects both the users and the owner. This reaction is also triggered, if you install the application through alternative ways like unofficial store or Xcode build.

Below are code snippets demonstrating detection of unofficial installation across various platforms:

// Android
override fun onUntrustedInstallationSourceDetected() {...}

// iOS
case unofficialStore

// Flutter
onUnofficialStore: () => print("Unofficial store")

// Cordova 
unofficialStore: () => {
    // Place your reaction here 
}

// React Native
unofficialStore: () => {
    // Place your reaction here 
}

// Capacitor
unofficialStore: () => {
    // Place your reaction here 
}

Recommended action: Notify users that the application is installed from an unofficial store. In some cases, it is recommended to even kill the application.

Define alternative supported stores

If you want to define which applications can install the application, insert its package name in the supportedAlternativeStores (or supportedStores on Flutter) parameter. If you publish on Google Play, Huawei AppGallery, App Store (iOS), and TestFlight (iOS), you don't need to assign anything, as they are already supported out of the box.

Store / Distribution method
Package name
Notes

App Store (iOS)

Included by default, no action needed

TestFlight (iOS)

Included by default, no action needed

Google Play

Included by default, no action needed

Huawei AppGallery

Included by default, no action needed

Firebase App Distribution

dev.firebase.appdistribution

Samsung Galaxy Store

com.sec.android.app.samsungapps

Common on Samsung devices

Vivo App Store

com.vivo.appstore

Common on Vivo devices

HeyTap

com.heytap.market

Common on Realme and Oppo devices

Oppo App Market

com.oppo.market

Common on Oppo devices

GetApps

com.xiaomi.mipicks

Common on Xiaomi, Redmi and POCO devices

The application can also be installed by "cloning" apps, which users employ to transfer apps between devices. The following list comprises popular examples of such apps. By default, freeRASP categorizes them as installations from an unofficial store .

Mover / Cloner app
Package name

Mi Mover (Xiaomi)

com.miui.huanji

Phone Clone (Huawei)

com.hicloud.android.clone

Samsung Smart Switch

com.sec.android.easyMover

Samsung Cloud for Wear OS

com.samsung.android.scloud

OPPO Clone Phone

com.coloros.backuprestore

EasyShare (Vivo)

com.vivo.easyshare

Clone Phone (OnePlus)

com.oneplus.backuprestore

SHAREit (Lenovo)

com.lenovo.anyshare.gps

SHAREit Lite

shareit.lite

ShareMe (Xiaomi)

com.xiaomi.midrop

MIUI Backup (Xiaomi)

com.miui.backup

Phone Clone (Honor)

com.hihonor.android.clone

Finally, it's very common application gets installed through browser, file manager, cloud storage or various messaging apps. By default, freeRASP categorizes them as installations from unofficial store.

freeMalwareDetection
#ifndef TALSECRUNTIME_SWIFT_H
#define TALSECRUNTIME_SWIFT_H
build.gradle
buildscript {
    ext {
      minSdkVersion 23
    }
}
 <uses-permission android:name="android.permission.DETECT_SCREEN_CAPTURE" />
 <uses-permission android:name="android.permission.DETECT_SCREEN_RECORDING" />
repositories {
    google()
    mavenCentral()
    maven { url "https://jitpack.io" }
    maven { url "https://europe-west3-maven.pkg.dev/talsec-artifact-repository/freerasp" }
}
repositories {
    google()
    mavenCentral()
    maven { url = uri("https://jitpack.io") }
    maven { url = uri("https://europe-west3-maven.pkg.dev/talsec-artifact-repository/freerasp") }
}
repositories {
    google()
    mavenCentral()
    maven { url "https://jitpack.io" }
    maven { url "https://europe-west3-maven.pkg.dev/talsec-artifact-repository/freerasp" }
}
repositories {
    google()
    mavenCentral()
    maven { url = uri ("https://jitpack.io") }
    maven { url = uri ("https://europe-west3-maven.pkg.dev/talsec-artifact-repository/freerasp") }
}
[build.gradle (: app)]
dependencies {
    // freeRASP SDK  
    implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:15.1.0'
}
TalsecApplication.kt
class TalsecApplication : Application(), ThreatListener.ThreatDetected {
    override fun onCreate() {
        super.onCreate()
    }
}
AndroidManifest.xml
<application
    android:name=".TalsecApplication"
/>
TalsecApplication.kt
companion object {
    private const val expectedPackageName = "com.aheaditec.talsec.demoapp" // Don't use Context.getPackageName!
    private val expectedSigningCertificateHashBase64 = arrayOf(
        "mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k="
    ) // Replace with your release (!) signing certificate hash(es)
    private const val watcherMail = "[email protected]" // for Alerts and Reports
    private val supportedAlternativeStores = arrayOf(
        "com.sec.android.app.samsungapps" // Add other stores, such as the Samsung Galaxy Store
    )
    private val  = true
}
TalsecApplication.kt
override fun onCreate() {
    ...
    
    val config = TalsecConfig.Builder(
        expectedPackageName,
        expectedSigningCertificateHashBase64)
        .watcherMail(watcherMail)
        .supportedAlternativeStores(supportedAlternativeStores)
        .prod(isProd)
        .build()
}
TalsecApplication.kt
override fun () {
    TODO("Not yet implemented")
}

override fun () {
    TODO("Not yet implemented")
}

override fun () {
    TODO("Not yet implemented")
}

override fun () {
    TODO("Not yet implemented")
}

override fun () {
    TODO("Not yet implemented")
}

override fun () {
    TODO("Not yet implemented")
}

override fun () {
    TODO("Not yet implemented")
}

override fun () {
    TODO("Not yet implemented")
}

override fun () {
    TODO("Not yet implemented")
}

override fun () {
    TODO("Not yet implemented")
}

override fun (p0: MutableList<SuspiciousAppInfo>?) {
    println("onMalwareDetected")
}
TalsecApplication.kt
private val deviceStateListener = object : ThreatListener.DeviceState {
    override fun () {
        TODO("Not yet implemented")
    }
    override fun () {
        TODO("Not yet implemented")
    }

    override fun () {
        TODO("Not yet implemented")
    }
    
    override fun () {
        TODO("Not yet implemented")
    }

    override fun () {
        TODO("Not yet implemented")
    }
}
TalsecApplication.kt
override fun onCreate() {
    ...
    // ThreatListener(this).registerListener(this)
    ThreatListener(this, deviceStateListener).registerListener(this)
}
<uses-permission android:name="android.permission.DETECT_SCREEN_CAPTURE" />
<uses-permission android:name="android.permission.DETECT_SCREEN_RECORDING" />
TalsecApplication.kt
import android.view.WindowManager.SCREEN_RECORDING_STATE_VISIBLE
import java.util.function.Consumer

class TalsecApplication : Application(), ThreatListener.ThreatDetected {
    private var currentActivity: Activity? = null
    private var screenCaptureCallback: Activity.ScreenCaptureCallback? = null
    private val screenRecordCallback: Consumer<Int> = Consumer<Int> { state ->
        if (state == SCREEN_RECORDING_STATE_VISIBLE) {
            Talsec.onScreenRecordingDetected()
        }
    }
    
    override fun onCreate() {
        ...
        registerActivityLifecycleCallbacks(object : ActivityLifecycleCallbacks {
            override fun onActivityCreated(activity: Activity, bundle: Bundle?) {

                // Set to 'true' to block screen capture
                Talsec.blockScreenCapture(activity, false)
            }

            override fun onActivityStarted(activity: Activity) {
                unregisterCallbacks()
                currentActivity = activity
                registerCallbacks(activity)
            }

            override fun onActivityResumed(activity: Activity) {}
            override fun onActivityPaused(activity: Activity) {}

            override fun onActivityStopped(activity: Activity) {
                if (activity == currentActivity) {
                    unregisterCallbacks()
                    currentActivity = null
                }
            }

            override fun onActivitySaveInstanceState(activity: Activity, bundle: Bundle) {}
            override fun onActivityDestroyed(activity: Activity) {}
        })
    }
    
    private fun registerCallbacks(activity: Activity) {
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
            screenCaptureCallback = Activity.ScreenCaptureCallback {
                Talsec.onScreenshotDetected()
            }
            activity.registerScreenCaptureCallback(
                baseContext.mainExecutor, screenCaptureCallback!!
            )
        }

        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.VANILLA_ICE_CREAM) {
            val initialState = activity.windowManager.addScreenRecordingCallback(
                mainExecutor, screenRecordCallback
            )
            screenRecordCallback.accept(initialState)
        }
    }
    
    private fun unregisterCallbacks() {
        currentActivity?.let { activity ->
            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE && screenCaptureCallback != null) {
                activity.unregisterScreenCaptureCallback(screenCaptureCallback!!)
                screenCaptureCallback = null
            }

            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.VANILLA_ICE_CREAM) {
                activity.windowManager.removeScreenRecordingCallback(screenRecordCallback)
            }
        }
    }
}
TalsecApplication.kt
override fun onCreate() {
    ...
    Talsec.start(this, config)
}
android {
    ...
    buildTypes {
        release {
            minifyEnabled true
            shrinkResources true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }
}
https://github.com/talsec/Free-RASP-Android/tree/master/FreeRASPDemoApp
detect screenshots
screen recordings
on the API page
API
Threat detection
freeMalwareDetection
Screen Capture
wiki
freeMalwareDetection
integration guide
// Android screenshot detection
override fun onScreenshotDetected() {
    TODO("Not yet implemented")
}

// iOS screenshot detection
case screenshot

// Flutter screenshot detection
onScreenshot: () => print("Screenshot capture detected")

// React Native, Capacitor and Cordova
screenshot: () => {
  console.log('screenshot');
},
// Android screen recording detection
override fun onScreenRecordingDetected() {
    TODO("Not yet implemented")
}

// iOS screen recording and screen mirrorring detection
case screenRecording

// Flutter screen recording detection and screen mirrorring detection
onScreenRecording: () => print("Screen recording detected")

// React Native, Capacitor and Cordova
screenRecording: () => {
  console.log('screenRecording');
},
// Android screen capture protection
Talsec.blockScreenCapture(activity, true)

// iOS screen capture protection
Talsec.blockScreenCapture(enable: true, window: UIWindow)

// Flutter screen capture protection
await Talsec.instance.blockScreenCapture(enabled: true)

// React Native
import { blockScreenCapture } from 'freerasp-react-native';
await blockScreenCapture(true);
// response: Screen capture is now Blocked

// Capacitor
import { blockScreenCapture } from 'capacitor-freerasp';
await blockScreenCapture(true);
// response: true

// Cordova
await talsec.blockScreenCapture(true);
// response: Screen capture is now Blocked
// Android screen capture state
Talsec.isScreenCaptureBlocked()

// iOS screen capture state
Talsec.isScreenCaptureBlocked(in window: UIWindow)

// Flutter screen capture state
await Talsec.instance.isScreenCaptureBlocked()

// React Native
import { isScreenCaptureBlocked } from 'freerasp-react-native';
const response = await isScreenCaptureBlocked();
// response: true

// Capacitor
import { isScreenCaptureBlocked } from 'capacitor-freerasp';
const response = await isScreenCaptureBlocked();
//response: true

// Cordova
const response = await talsec.isScreenCaptureBlocked();
//response: true

API

Description of the freeRASP API

Variables

TalsecConfig

Specifies configuration for your app. See the table below for detailed description of the attributes.

field
type
description
sample value

AndroidConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field
type
description
sample value

IOSConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field
type
description
sample value

Methods

Future<void> start(TalsecConfig config)

Starts freeRASP with configuration provided in config.

void attachListener(ThreatCallback callback)

Attaches instance of ThreatCallback to freeRASP. If ThreatCallback is already attached, current one will be detached and replaced with callback. When threat is detected, respective callback of ThreatCallback is invoked.

Classes

ThreatCallback

A class which represents a set of callbacks that are used to notify the application when certain security threat is detected. Read more about the meaning of the callbacks in the .

Methods

method name
return type
Android
iOS

API

Description of the freeRASP API

Types

TalsecConfig

Specifies configuration for your app. See the table below for detailed description of the attributes.

field
type
description
sample value

AndroidConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field
type
description
sample value

IOSConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field
type
description
sample value

NativeEventEmitterActions

Specifies a set of callbacks that are used to notify the application when certain security threat is detected.

Actions

threat
type
Android
iOS

Methods

const start = async (config: FreeraspConfig, eventListenerConfig: NativeEventEmitterActions): Promise<void>

Method is used to start freeRASP's audit and set up listeners for threats.

const blockScreenCapture = async (enable: boolean): Promise<string>

const isScreenCaptureBlocked = async (): Promise<boolean>

FlutterFlow

This page provides you with all the necessary information about for . Please read it carefully. If you have a question, don't hesitate to .

📦 Install the plugin

In this section, you will implement the imported freeRASP Action.

  1. On your app's initial page, navigate to the UI Builder.

  2. On the right panel, click on Actions.

  3. In the Action Flow Editor box, click Open.

  4. In the newly opened window, click on On Page Load at the top.

  5. Click Add Action (or + and then Add Action, if you already have an Action).

  6. On the right panel, search for the runRASP Custom Action.

  7. Select the runRASP Action.

In the Set Function Arguments section, you will find the configuration-related arguments and several "onX" arguments. More about reactions in the .

⚙️ Setup the Configuration for your App

The freeRASP Action requires several arguments to be filled to function. Some data are related to specific platforms.

If you are developing the application exclusively for one platform, you can omit the configuration part related to the other platform. If you don't want to provide configuration to an unrelated platform, provide an empty string:

  1. Click the orange variable icon next to the Value label

  2. Scroll down to Constants

  3. Click Constant to expand the dropdown menu

  4. Select Empty String

Configuration parameters

watcherMail

watcherMail is an email address designated for receiving security reports. Ensure that the email address follows the strict [email protected] format.

isProd

isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this .

[Android] packageName

packageName is a unique identifier for your Android application.

You can find the packageName value for your application in FlutterFlow settings:

  1. Navigate to Settings and Integrations.

  2. Locate and select App Details.

  3. In the textbox labelled Package Name, you will find the package name associated with your application.

Do NOT use solutions such as to provide the value of the package name! The package name has to be hardcoded.

[Android] signingCertHash

signingCertHash is a hash of the certificate of the key which was used to sign the application. The value of the hash must be encoded in Base64 form.

More about signing hash and how to obtain it in .

[Android] supportedStore (optional)

supportedStore is a third-party app store to which your application is uploaded. By including this store, freeRASP considers it as trusted source.

To add a store, add the package name of the store to the supportedStore list.

Google Play store and Huawei AppGallery are supported out of the box. You don't need to add them.

[iOS] bundleId

bundleId is a unique identifier for your iOS application.

More about bundle ID and how to obtain one: .

[iOS] teamId

teamId is a unique identifier assigned to a development team enrolled in the Apple Developer Program.

You can find your teamId on the Apple Developer portal:

  1. Go to the website: .

  2. Log in using the account that is used to sign and release your app.

  3. Scroll down to the Membership details section.

  4. Look for the line labelled "Team ID" - the value of your team will be displayed there.

👷 Handle detected threats

The freeRASP Action offers multiple callbacks for handling threats. A callback is an that gets triggered when a threat is detected.

To implement callback:

  1. Open Action Flow Editor with runRASP action.

  2. Open one of the dropdown menus labelled "onX" on the right panel (X for a given type of reaction, for example, onAppIntegrity)

  3. In the Action Flow Editor box, click on Open.

  4. Implement your reaction.

Visit to learn more details about the performed checks and their importance for app security.

Limitations

Limited configuration

freeRASP for Flutter allows you to define multiple values for:

  • Signing certificate hash

  • Supported app store

  • Bundle ID

Due to FlutterFlow's limitations, the current implementation of freeRASP for FlutterFlow only allows you to specify a single value for each of these attributes. If want to provide more values, you can download the code and adjust those parameters manually (see )

Mobile support only

Currently, freeRASP supports only Android and iOS. When running the application in the FlutterFlow web client, freeRASP will not be initialized.

[Android] Minimal SDK level

The minimum required Android SDK level for freeRASP is 23. FlutterFlow applications have a minimum SDK level of 21 by default.

This creates some restrictions:

  • Deploying the application from the FlutterFlow web client is not possible.

  • Downloading the APK from the FlutterFlow web client is not supported.

To overcome these limitations, we recommend following these steps:

  1. Download the code.

  2. Manually raise the SDK level in the build.gradle file to 23.

  3. Deploy the application using Google Play Console.

Raising SDK version

  1. From the root of your project, go to android > app > build.gradle

  2. In defaultConfig update minSdkVersion to at least 23 (Android 6.0) or higher

The Key Differences: freeRASP vs. RASP+

If you want to learn about the differences between freeRASP and BusinessRASP+, you’re in the right place. On this page, we’ll explore the key features and benefits of each option, compare their functionalities, and highlight how the BusinessRASP+ subscription can offer enhanced capabilities and support compared to the freeRASP plan. By the end, you’ll have a clear understanding of which solution best meets your needs and how to make the most of it.

What are the advantages of the commercial Talsec SDK subscription plans compared to freeRASP?

freeRASP is a freemium product, which means there are Fair Usage Policy conditions (over 100k downloads) for using it. This means that we count the total number of downloads, where multiple downloads or updates from a single device are considered as one download. For using freeRASP, please refer to the .

and are premium products with a subscription model (which includes SW licenses, SLA, maintenance updates, and more) for SDKs. It is not SaaS, which means we don't introduce any dependency on third-party web services for your mobile solution.

Talsec doesn't collect any customer data within RASP+, while freeRASP SDK sends the diagnostical information to Talsec servers to provide clients with regular security reports and improve the product. You should consider adding Talsec to the list of Data Processors in case of freeRASP usage.

Top 10 Advantages of Talsec RASP+ Business Subscription Over freeRASP

Here are the top 10 benefits of choosing a Talsec RASP+ Business subscription, which includes an SDK license, SLA, and additional services, compared to the freeRASP option.

Bypass Protection

The RASP+ binary SDK is built individually with bindings to app-specific data (such as signing certificate hash, package name, team ID, etc.), making it unique to each application. In contrast, the freeRASP SDK is a generic binary used by all users, which can be more easily recognized by attackers.

As a result, an app protected by freeRASP is less likely to pass a professional penetration test, as an experienced pentester would be able to bypass it more easily.

Device data collection by Talsec

Premium customers benefit from full control over telemetry and logging endpoints. I.e., Customers can use in-house or managed services like Elastic Cloud to collect mobile threat logs and set up Monitoring events for severe threats.

freeRASP SDK sends data to a Talsec-managed cloud DB (AWS in the USA) for product improvements, anomaly detection, freeRASP client reporting, and aggregated data analytics.

Better Resilience of API Callbacks

The RASP+ binary SDK is built individually with bindings to app-specific data (such as signing certificate hash, package name, team ID, etc.), making it unique to each application. In contrast, the freeRASP SDK is a generic binary used by all users, which can be more easily recognized by attackers. As a result, an app protected by freeRASP is less likely to pass a professional penetration test, as an experienced pentester could bypass it more easily.

AppiCrypt

AppiCrypt is our innovation and extremely powerful RASP hardening from the back-end that implements the concept of zero-trust for the apps world (app/device integrity control at the API gateway level). It is somewhat similar to a JWT verification for user authentication but AppiCrypt verifies that the request is generated by the legit and non-compromised app.

For more information, click . The detailed whitepaper is available .

Additional controls

In RASP+, there are additional controls compared to freeRASP, including:

  • UI Overlay attack protection.

  • Accessibility service misuse protection.

  • Google Play Services or Huawei Services control.

  • : Strings obfuscation and encryption, aka vaulting within RASP SDK (good for hiding API keys, endpoints, URLs).

  • VPN detection/prevention.

Dynamic TLS pinning

Business subscription includes SDK, which helps avoid the need to republish the app in case of certificate expiration or root certificate updates.

Self-care tools

Self-Care Tools for Remote SDK Configuration enable users to handle SDK configuration and management on their own, remotely. This functionality allows for seamless adjustments and updates, giving users greater control over their SDK settings.

New upcoming features

Stay tuned for the addition of new features, such as Remote Screen Control, Screen-cast detection, and Screen Mirroring detection.

In the mid-term plan, we will be introducing several new features to further enhance security:

  • App Enrollment for Mutual TLS SDK.

  • Voluntary Data Encryption/Decryption: Protect locally stored user data and app assets, such as ML models, with optional encryption and decryption.

  • Simple Application Layer E2E Encryption: Implement end-to-end encryption at the application layer to protect against Man-in-the-Middle (MiTM) attacks and unauthorized access by malicious administrators. This feature combats traffic data sniffing on the server side, especially behind a TLS API gateway or in server logs.

  • Advanced E2E Encryption and App Enrollment SDK + Google AppCheck: Strengthen your app's security with advanced end-to-end encryption, enhanced app enrollment SDK, and Google AppCheck, which binds secrets to the client app instance.

Automated App pentesting

Typically, our subscription package includes a free, one-time automated app scanning or pentesting. This service is useful for generic validation of OWASP compliance and preparing your app for external pentesting.

Service Level Agreement

With the BusinessRASP+ subscription, you receive an SLA that covers support and maintenance updates.

For any questions, please refer to our or schedule a call with us by choosing a time slot on .

API

Description of the freeRASP API

Types

FreeraspConfig

Specifies configuration for your app. See the table below for detailed description of the attributes.

field
type
description
sample value

AndroidConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field
type
description
sample value

IOSConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field
type
description
sample value

NativeEventEmitterActions

Specifies a set of callbacks that are used to notify the application when certain security threat is detected.

Actions

threat
type
Android
iOS

Methods

const startFreeRASP = async (config: FreeraspConfig, reactions: NativeEventEmitterActions): Promise<bool>

Method is used to start freeRASP's audit and set up listeners for threats. Returns true when successful.

const removeThreatListeners = (): void

Unregisters threat listeners. Should be called only when the app is being terminated.

const blockScreenCapture = async (enable: boolean): Promise<boolean>

const isScreenCaptureBlocked = async (): Promise<boolean>

androidConfig

AndroidConfig?

Configuration for Android apps

any AndroidConfig instance

iosConfig

IOSConfig?

Configuration for iOS apps

any IOSConfig instance

watcherMail

string

The value is automatically used as the target address for your security reports. Mail has a strict form '[email protected]'.

'[email protected]'

isProd

boolean?

Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.

true

packageName

string

Package name of the app.

'com.talsec.freerasp.demoapp'

certificateHashes

string[]

Certificate hashes of your app.

['mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=']

supportedAlternativeStores

string[]

Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the Detecting Unofficial Installation wiki page.

[ 'com.sec.android.app.samsungapps']

appBundleId

string

Apple Bundle ID for the app

'com.talsec.freerasp.demoapp'

appTeamId

string

Apple Team ID used in the app

'M8AK35...'

privilegedAccess

() => any

debug

() => any

simulator

() => any

appIntegrity

() => any

unofficialStore

() => any

hooks

() => any

deviceBinding

() => any

deviceID

() => any

passcode

() => any

secureHardwareNotAvailable

() => any

obfuscationIssues

() => any

devMode

() => any

adbEnabled

() => any

systemVPN

() => any

malware

(apps: SuspiciousAppInfo[]) => any

screenshot

() => any

screenRecording

() => any

androidConfig

AndroidConfig?

Configuration for Android apps

any AndroidConfig instance

iosConfig

IOSConfig?

Configuration for iOS apps

any IOSConfig instance

watcherMail

string

The value is automatically used as the target address for your security reports. Mail has a strict form '[email protected]'.

'[email protected]'

isProd

boolean?

Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.

true

packageName

string

Package name of the app.

'com.talsec.freerasp.demoapp'

certificateHashes

string[]

Certificate hashes of your app.

['mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=']

supportedAlternativeStores

string[]

Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the Detecting Unofficial Installation wiki page.

[ 'com.sec.android.app.samsungapps']

appBundleId

string

Apple Bundle ID for the app

'com.talsec.freerasp.demoapp'

appTeamId

string

Apple Team ID used in the app

'M8AK35...'

privilegedAccess

() => any

debug

() => any

simulator

() => any

appIntegrity

() => any

unofficialStore

() => any

hooks

() => any

deviceBinding

() => any

deviceID

() => any

passcode

() => any

secureHardwareNotAvailable

() => any

obfuscationIssues

() => any

devMode

() => any

adbEnabled

() => any

systemVPN

() => any

malware

(apps: SuspiciousAppInfo[]) => any

screenshot

() => any

screenRecording

() => any

android {
...
defaultConfig {
    ...
    minSdkVersion 23
    ...
    }
...
}
freeRASP integration
FlutterFlow
open an issue
wiki section
package_info_plus
Getting Signing Certificate Hash
FlutterFlow Documentation | App Deployment
https://developer.apple.com/account
Action
Threat detection
Flutter
👷 Handle detected threats
wiki
wiki
wiki

androidConfig

AndroidConfig?

Configuration for Android apps

any AndroidConfig instance

iosConfig

IOSConfig?

Configuration for iOS apps

any IOSConfig instance

watcherMail

String

The value is automatically used as the target address for your security reports. Mail has a strict form '[email protected]'.

'[email protected]'

isProd

bool?

Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.

true

packageName

String

Package name of the app.

'com.talsec.freerasp.demoapp'

signingCertHashes

List<String>

Certificate hashes of your app.

['mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=']

supportedStores

List<String>

Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the Detecting Unofficial Installation wiki page.

[ 'com.sec.android.app.samsungapps']

bundleIds

List<String>

List of Bundle IDs for the app

['com.talsec.freerasp.demoapp']

teamId

String

Apple Team ID used in the app

'M8AK35...'

onPrivilegedAccess

VoidCallback?

onDebug

VoidCallback?

onSimulator

VoidCallback?

onAppIntegrity

VoidCallback?

onUnofficialStore

VoidCallback?

onHooks

VoidCallback?

onDeviceBinding

VoidCallback?

onDeviceID

VoidCallback?

onPasscode

VoidCallback?

onSecureHardwareNotAvailable

VoidCallback?

onObfuscationIssues

VoidCallback?

onDevMode

VoidCallback?

onADBEnabled

VoidCallback?

onSystemVPN

VoidCallback?

wiki
Integration Manual
here
here
discussion
Calendly

FAQ

This page is intended to provide quick answers to common questions.

Is freeRASP right for your app?

freeRASP is our community-driven security solution, ideal for early-stage development and low-risk applications. While it provides a solid foundation for mobile app protection, it’s best suited for environments where regulatory compliance and advanced protections are not critical.

Please take into account that:

  • freeRASP includes experimental capabilities and contributes to our continuous research, product improvement, and data insights.

  • It offers effective baseline protection for low-risk environments.

  • For applications requiring enhanced protection, compliance assurance, or long-term support, RASP+ offers extended capabilities and SLA-backed support.

To learn more about acceptable use and limitations, please refer to our Fair Usage Policy.

How to determine the correct value for the supportedStores parameter?

The name of a wanted supported alternative store is in the form of its package name. You need to find out the package name of the application, which installs your application. For example, these are some package names of known alternative stores:

  • com.xiaomi.mipicks

  • com.vivo.appstore

  • com.heytap.market

There are also some services, which use package installer for distribution of the application, e.g. the App Center uses com.google.android.packageinstaller or com.android.packageinstaller.

See Detecting unofficial installation for more information.

How does the watcherMail parameter work?

When you put a mail address into the watcherMail parameter in TalsecConfig. Talsec registers this mail address and sends regular (weekly) security reports describing the application's security state and the characteristics of the devices it runs on, e.g. how many devices are rooted or if your application has been tampered with. See theSecurity Reportchapter for more details.

What is the difference between the Dev and Release versions?

The Dev version is used to simplify the development process of the application, e.g. if you would implement killing of the application on the debugger callback. It disables some checks which won't be triggered during the development process:

  • Emulator

  • Debugging

  • Tampering

  • Unofficial store

  • Obfuscation Issues

  • Developer Mode

If you want to use the Dev version to disable checks, you need to set isProd parameter to false in TalsecConfig object instance. By default, the isProd parameter is set to true.

How do I test callbacks to verify their functionality?

The easiest way how to produce an incident (trigger local check and create a record in the security report) is to install a release build on an emulator (e.g., Android Emulator, that comes with Android Studio). Both the app and freeRASP must be in release mode. You can also use a rooted Android device/emulator, in which case you create an incident event in debug mode.

NB: Debugging detection is disabled in debug mode to prevent false positives.

Are there different types of checks performed by freeRASP?

Internally, there are two types of checks:

  • one-time checks,

  • periodic checks.

One-time checks are executed only once when the app is launched and wasn't running in the background.

Periodic checks are performed regularly, at defined intervals (e.g. every X seconds or minutes).

Can the order of threat detection be configured in freeRASP?

Currently, there is no way to set the order of threat detection for freeRASP. The checks are performed asynchronously on Android and synchronously on iOS. If a check fails, the corresponding callback is executed.

What steps should I take when I'm upgrading from a previous version (<5.0.0) of freeRASP on Flutter?

There are a few steps to take when you want to do this. You need to remove the old TalsecRuntime.xcframework and integration script from your project:

  • Go to your project's ios folder.

  • Open Runner.xcworkspace in Xcode.

  • On the top bar select Product -> Scheme -> Edit Scheme....

  • On the left side select Build -> Pre-actions.

  • Find the integration script and click the trash icon on the right side to remove it.

  • Open the .flutter-plugins (in the root folder of the app), and get the address where the freeRASP is installed.

  • Go to the given folder, and remove the freerasp folder file.

  • Delete .symlinks folder from project.

  • Run pub get.

  • Run pod install to test it.

What happens if I use the free version of freeRASP and my application is downloaded more than 100k times?

The Fair Usage Policy applies if a customer’s app using freeRASP exceeds 100k downloads. This means that we count the total number of downloads (multiple downloads or updates from a single device are considered as one download).

If 100k downloads are exceeded, it means that you are violating the Fair Usage Policy. Currently, we are not enforcing strong limitations. Only:

  • we may use the app name in our PR communications

  • app security consolidated report can be stopped

This list of limitations is subject to change, and we plan to introduce additional requirements to be fulfilled over 100k downloads (like mentioning "Protected by freeRASP"). If these requirements are not fulfilled, the license for usage can be formally revoked.

Generally, we recommend upgrading to a Business RASP+ subscription over the 100k App downloads.

How does integrating freeRASP affect the size of the APK?

In our experience, integrating freeRASP typically results in a more modest increase of around 10 MB in the APK size, as seen in the example app in the freeRASP project.

Does it cause performance issues if I put callbacks in multiple classes?

Putting callbacks into multiple classes shouldn't cause any performance issues, but while the general idea of dissolving checks all over the codebase is valid, you won't get many advantages, as an attacker can still circumvent duplicate sections.

Why the callbacks are not received immediately when coming from background?

Due to inevitable performance impact, freeRASP cannot perform security scans all the time, which means it can take some time to detect specific threats. On the other hand, freeRASP performs specific checks like adbEnabled periodically. This periodicity interval is randomized, but no longer than four minutes and as of now it is not configurable. This approach helps keep your app responsive while still ensuring threat detection, though with a slight delay. The only moment you are guaranteed all the detection will be triggered is just after the app launch. If, for example, ADB gets enabled after the app has started, you’ll need to wait for the next scan cycle to complete. Once that happens, the check will run again, and the callback will be triggered.

With Talsec, we offer additional solutions to help overcome this limitation:

  1. RASP+ RASP+ allows you to customize the detection interval in your own SDK build to better match your requirements. We’re also working on a dynamic interval management feature, which will give you even more control over how frequently each check runs. Additionally, RASP+ includes built-in threat responses, so you won’t have to wait for callbacks to react to detections. For more details on the differences between freeRASP and RASP+, check out our GitBook: https://docs.talsec.app/freerasp/features-and-pricing-plans/the-key-differences-freerasp-vs.-rasp+

  2. AppiCrypt AppiCrypt secures communication between your app and backend. It includes the results of the Talsec security audit, which you can verify server-side. This way, you can confirm that the device sending the request has passed the security checks before proceeding with further communication. Learn more about AppiCrypt here: .

Thank you for reading the freeRASP FAQ. If you didn't find the answer to your question, please do not hesitate to create a GitHub issue on the respective repository (preferably) or email [email protected].

API

Description of the freeRASP API

Types

TalsecConfig

Specifies configuration for your app. See the table below for detailed description of the attributes.

field
type
description
sample value

AndroidConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field
type
description
sample value

IOSConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field
type
description
sample value

NativeEventEmitterActions

Specifies a set of callbacks that are used to notify the application when certain security threat is detected.

Actions

threat
type
Android
iOS

Hooks

const useFreeRasp = (config: TalsecConfig, actions: NativeEventEmitterActions)

React Custom Hook responsible for starting freeRASP and setting up listeners

Methods

const setThreatListeners = async (config: NativeEventEmitterActions): void

Sets up listeners for detected threats

const talsecStart = async (options: TalsecConfig): Promise<string>

Method is used to start freeRASP's audit. Returns 'freeRASP started'string when successful.

const removeThreatListeners = async (): void

Unregisters threat listeners. Should be called only when the app is being terminated.

const blockScreenCapture = async (enable: boolean): Promise<string>

const isScreenCaptureBlocked = async (): Promise<boolean>

Missing obfuscation detection [Android devices only]

The freeRASP SDK contains public API, so the integration process is as simple as possible. Unfortunately, this public API also creates opportunities for the attacker to interrupt freeRASP SDK operations or modify the custom code in threat callbacks. All internal freeRASP classes are already obfuscated, so it is simple to distinguish freeRASP sources from the rest of the application code during the static analysis. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also to make it partially randomized for each application so it cannot be automatically abused by generic hooking scripts.

Please follow the integration guide of your platform for more information about how to obfuscate the app.

Below are code snippets demonstrating missing obfuscation detection across various platforms:

Recommended action: Use this callback during the development process to ensure that the app is obfuscated.

androidConfig

AndroidConfig?

Configuration for Android apps

any AndroidConfig instance

iosConfig

IOSConfig?

Configuration for iOS apps

any IOSConfig instance

watcherMail

string

The value is automatically used as the target address for your security reports. Mail has a strict form '[email protected]'.

'[email protected]'

isProd

boolean?

Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.

true

packageName

string

Package name of the app.

'com.talsec.freerasp.demoapp'

certificateHashes

string[]

Certificate hashes of your app.

['mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=']

supportedAlternativeStores

string[]

Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the Detecting Unofficial Installation wiki page.

[ 'com.sec.android.app.samsungapps']

appBundleId

string

Apple Bundle ID for the app

'com.talsec.freerasp.demoapp'

appTeamId

string

Apple Team ID used in the app

'M8AK35...'

privilegedAccess

() => any

debug

() => any

simulator

() => any

appIntegrity

() => any

unofficialStore

() => any

hooks

() => any

deviceBinding

() => any

deviceID

() => any

passcode

() => any

secureHardwareNotAvailable

() => any

obfuscationIssues

() => any

devMode

() => any

adbEnabled

() => any

systemVPN

() => any

malware

`(apps: SuspiciousAppInfo[]) => any

screenshot

() => any

screenRecording

() => any

// Android
override fun onObfuscationIssuesDetected() {
    TODO("Not yet implemented")
}

// Flutter
onObfuscationIssues: () => print("Obfuscation issues")

// Cordova
obfuscationIssues: () => {
    // Place your reaction here
},

// React Native
obfuscationIssues: () => {
    // Place your reaction here
},

// Capacitor
obfuscationIssues: () => {
    // Place your reaction here
},

Threat detection

freeRASP performs several security checks to detect potential threats during runtime, each targeting specific attack vectors. Developers and business owners can determine the appropriate response to these incidents, whether by terminating the application, alerting the user, logging the incident details, or choosing to ignore it.

For a detailed explanation of each security check and guidance on selecting an appropriate response, please refer to the individual threat descriptions in the subsections. Remember, the ideal response will depend on your application's specific security needs and use cases.

Sections

  • Detecting rooted or jailbroken devices

  • Emulator detection

  • Hook detection

  • App tampering detection

  • Debugger detection

  • Detecting unofficial installation

  • Device binding detection

  • Missing obfuscation detection [Android devices only]

  • Secure Hardware detection (Keystore/Keychain secure storage check)

  • Passcode

  • System VPN detection

  • Developer Mode detection [Android devices only]

  • ADB enabled detection [Android devices only]

  • Screen Capture (Screenshot and screen recording detection, block screenshot capture)

isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.

Features and Pricing plans

Talsec offers enhanced features and benefits with our BusinessRASP+ plans, building on top of our freeRASP offering. Here’s what you can expect:

  • No limitations of freeRASP's Fair Usage Policy: Have an unrestricted number of app downloads* (beyond the 100k cap of freeRASP).

  • No Data Collection to Talsec Database: Your app's data are sent to your data collection services. You can even disable data collection.

  • FinTech Grade Security: Experience advanced security features and service level agreements (SLAs) tailored for the financial technology sector.

  • Bypass Protection: Business RASP+ offers enhanced security with app-specific SDK customization, while freeRASP uses a universal binary that is more susceptible to bypass.

  • Enhanced API Protection: Safeguard your APIs and benefit from risk scoring with our proprietary technology, AppiCrypt®.

For further details, please refer to the next page.

AppiCrypt®

One of the most valued commercial features is AppiCrypt® - App Integrity Cryptogram.

It allows easy-to-implement API protection and App Integrity verification on the backend to prevent API abuse:

  • Bruteforce attacks

  • Botnets

  • API abuse by App impersonation

  • Session-hijacking

  • DDoS

It is a unified solution that works across all mobile platforms without dependency on external web services (i.e., without extra latency, an additional point of failure, and maintenance costs).

Learn more about commercial features at talsec.app.

You can try freeRASP and then upgrade easily to an enterprise service.

Plans Comparison

freeRASP is freemium software, i.e. there is a Fair Usage Policy (FUP) that imposes some limitations on free usage.

Get your price for premium products.

freeRASP
BusinessRASP+

Runtime App Self Protection (RASP, app shielding)

Advanced root/jailbreak protections (including Magisk)

basic

advanced

Runtime reverse engineering controls

  • Debugger

  • Emulator / Simulator

  • Hooking and reversing frameworks (e.g. Frida, Magisk, XPosed, Cydia Substrate and more)

basic

advanced

Runtime integrity controls

  • Tampering protection

  • Repackaging / Cloning protection

  • Device binding protection

  • Unofficial store detection

basic

advanced

Device OS security status check

  • HW security module control

  • Screen lock control

  • Google Play Services enabled/disabled

  • Last security patch update

  • System VPN control

  • Developer mode control

  • ADB enabled detection

yes

yes

Screen Capture

  • Screen capture protection

  • Screenshot detection

  • Screen recording cetection

yes

yes

UI protection

  • Overlay protection

  • Accessibility services misuse protection

no

yes

Penetration Test Ready

can be bypassed by professional

designed to sustain pentesting

Security hardening suite

  • End-to-end encryption

  • Strings protection (e.g. API keys)

  • Dynamic TLS certificate pinning

no

yes

- App Integrity Cryptogram

API protection by mobile client integrity check, online risk scoring, online fraud prevention, client App integrity check. The cryptographic proof of app & device integrity.

no

yes

Security events data collection, Auditing and Monitoring tools

Threat events data collection from SDK

yes (collected to Talsec's DB)

yes (collected to Customer's DB)

AppSec regular email reporting service

yes (up to 100k devices)

yes

Access to Data portal for Logging, data analytics and auditing

no

yes

Support and Maintenance

SLA

not committed

yes

Maintenance updates

not committed

yes

- up to 100k Downloads*

Mentioning of the App name and logo in the marketing communications of Talsec (e.g. "Trusted by" section on the web).

over 100k devices

no

Threat signals data collection to Talsec database for processing and product improvement

yes

no

Place "Protected by freeRASP" in the App Screen(s)

over 100k devices

no

*The Fair Usage Policy refers to the total number of downloads, where multiple downloads or updates from a single device are counted as one download. Get your price for premium products.


For additional comparison details and information on planned features, please see the next page.

How to Block Screenshots, Screen Recording, and Remote Access Tools in Android and iOS Apps | AppSec Articles
Screenshot & Screen Recording Protection Demo | Talsec RASP+ & freeRASP

Capacitor

Example:

📝 Prerequisites

The freeRASP has the following prerequisites that must be met before starting.

Android

freeRASP for Android requires a minSdkVersion level of >=23 and a targetSdkVersion level of >=33. Some Capacitor projects, by default, support even lower levels of minimum and target SDKs. This creates an inconsistency we must solve by updating the SDK levels of the application:

  • From the root of your project, go to android > variables.gradle (or equivalent).

  • In ext, update minSdkVersion to at least 23 (Android 6.0) or higher.

Raise Kotlin version

Since freeRASP 2.0.0, it is necessary to raise version of Kotlin in your project.

  • From the root of your project, go to android > build.gradle (or equivalent).

  • In buildscript.ext, update kotlin_version to at least 2.0.0 or higher.

Enable Screenshot and Screen Recording Detection

To and , add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:

Screenshot Detection is supported on Android 14 (API level 34) and higher. Screen Recording Detection is supported on Android 15 (API level 35) and higher.

To utilize active protection, you can use

To receive whether the screen capture is blocked, you can use

For more details about all these screen capture methods, see .


📦 Install the plugin

Install the plugin using your preferred package manager

Synchronize the project files across native platforms


⚙️ Setup the Configuration for your App

To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided.

For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.

In the the entry point to your app, import freeRASP and add the code below.


👷 Handle detected threats

freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the in the wiki to learn more details about the performed checks and their importance for app security.

Threat reactions can be specified inside a JavaScript object, which is then passed into the initialization function:


🛡️ Start freeRASP

Pass the configuration and reactions you set up in previous steps into startFreeRASP function.

Based on your framework, we recommend:

  • In React: Wrap this function in useEffect with an empty dependency array

  • In Vue: Call the method inside the mounted property

  • In Angular: Call the method inside the ngOnInit method

For the version you’re integrating, you can find the specific dSYMs for debugging in .


🌁 Enable source code obfuscation

The easiest way to obfuscate your app is via code minification, a technique that reduces the size of the compiled code by removing unnecessary characters, whitespace, and renaming variables and functions to shorter names. It can be configured for Android devices in android/app/build.gradle like so:

Please note that some other modules in your app may rely on reflection, therefore it may be necessary to add corresponding keep rules into proguard-rules.pro file.

If there is a problem with the obfuscation, freeRASP will notify you about it via obfuscationIssues callback.

Read more about why this is important in the.


☢️ (Optionally) Integrate freeMalwareDetection

freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.

It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.

Visit the repository to learn more about this feature! For the integration, refer to the for the Capacitor platform.

Flutter

Example:

📝 Prerequisites

The freeRASP has the following prerequisites that must be met before starting:

  • Minimum SDK level: 23 or higher

  • Gradle version: 8.12.1 or higher

  • Compile SDK version: 35

  • Kotlin version: 2.1.0

Did you know Talsec is a big fan of Flutter? 🥳 Check out the great Flutter-first we've prepared together with the community!

Android

Some versions of Flutter projects, by default, support lower levels of minimum SDK or Gradle version.

Update minimum SDK and compile SDK level :

  • From the root of your project, go to android > app > build.gradle

  • In defaultConfig, update minSdkVersion property to at least 23 (Android 6.0) or higher.

Update Gradle and Kotlin version:

  • From the root of your project, go to android > settings.gradle

  • In plugins

    • Update version of com.android.application plugin to 8.8.1

    • Update version of org.jetbrains.kotlin.android plugin to 2.1.0

In older projects using imperative approach, the paths may be different:

  • From the root of your project, go to android > build.gradle

  • In dependencies , update version of com.android.tools.build:gradle dependecy to 8.8.1

Then you also need to update gradle wrapper:

  • From the root of your project, go to android > gradle> wrapper > gradle-wrapper.properties

  • In distributionUrl update version to 8.12.1

Enable Screenshot and Screen Recording Detection

To and , add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:

Screenshot Detection is supported on Android 14 (API level 34) and higher. Screen Recording Detection is supported on Android 15 (API level 35) and higher.

To utilize active protection, you can use await Talsec.instance.blockScreenCapture(enabled: true). To receive whether the screen capture is blocked, you can use the await Talsec.instance.isScreenCaptureBlocked(). For more details about all these screen capture methods, see .

iOS

Xcode 15 is required to be able to build the application


📦 Install the plugin

Run the following command inside the project directory to add the freeRASP dependency:


⚙️ Setup the Configuration for your App

To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Detailed descriptions of the configuration options are provided.

For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.

In the entry point to your app, import freeRASP and add the following code:

It is necessary that Flutter Bindings are initialized. This can be satisfied by calling WidgetsFlutterBinding.ensureInitialized(), as shown in the code snippet above.


👷 Handle detected threats

freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the in the wiki to learn more details about the performed checks and their importance for app security.

freeRASP reacts to threats using ThreatCallback. Internally, each threat has its own callback (of VoidCallback type), which is called when a threat is detected.


🛡️ Start freeRASP

Start freeRASP to detect threats just by adding this line below the created config and the callback handler:

For the version you’re integrating, you can find the specific dSYMs for debugging in .


🌁 Enable source code obfuscation

In order to provide as much protection as possible, freeRASP enhances security measures by implementing ProGuard consumer rules, which obfuscate specific sections of the SDK. However, these rules are applied to your Android app code as well due to inheritance.

In certain cases, you may prefer to exclude this rule.

To remove the rule, you need to find freerasp in your cache folder. More about where to find the cache folder . Then navigate to the freerasp-X.Y.Z/android/build.gradle file and delete the line:

Read more about why obfuscation is important in the.


☢️ (Optionally) Integrate freeMalwareDetection

freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.

It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.

Visit the repository to learn more about this feature! For the integration, refer to the for the Flutter platform.

variables.gradle
ext {
    minSdkVersion 23
 }
buildscript {
    ext {
        kotlin_version = '2.0.0'
    }
 <uses-permission android:name="android.permission.DETECT_SCREEN_CAPTURE" />
 <uses-permission android:name="android.permission.DETECT_SCREEN_RECORDING" />
import { blockScreenCapture } from 'capacitor-freerasp';
await blockScreenCapture(true);
import { isScreenCaptureBlocked } from 'capacitor-freerasp';
const response = await isScreenCaptureBlocked();
npm
$ npm install capacitor-freerasp
npm
$ npx cap sync
App.ts
import { startFreeRASP } from 'capacitor-freerasp';

// app configuration
const config = {
  androidConfig: {
    packageName: 'com.capacitor.example',
    certificateHashes: ['mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k='], // Replace with your release (!) signing certificate hash(es)
    supportedAlternativeStores: ['com.sec.android.app.samsungapps'],
  },
  iosConfig: {
    appBundleId: 'com.capacitor.example',
    appTeamId: 'yourTeamID',
  },
  watcherMail: '[email protected]',
  isProd: true,
};
// reactions for detected threats
const actions = {
  // Android & iOS
  : () => {
    console.log('privilegedAccess');
  },
  // Android & iOS
  : () => {
    console.log('debug');
  },
  // Android & iOS
  : () => {
    console.log('simulator');
  },
  // Android & iOS
  : () => {
    console.log('appIntegrity');
  },
  // Android & iOS
  : () => {
    console.log('unofficialStore');
  },
  // Android & iOS
  : () => {
    console.log('hooks');
  },
  // Android & iOS
  : () => {
    console.log('deviceBinding');
  },
  // Android & iOS
  : () => {
    console.log('secureHardwareNotAvailable');
  },
  // Android & iOS
  : () => {
    console.log('systemVPN');
  },
  // Android & iOS
  : () => {
    console.log('passcode');
  },
  // iOS only
  : () => {
    console.log('deviceID');
  },
  // Android only
  : () => {
    console.log('obfuscationIssues');
  },
  // Android only
  : () => {
    console.log('devMode');
  },
  // Android only
  : () => {
    console.log('adbEnabled');
  },
  // Android & iOS
  : () => {
    console.log('screenshot');
  },
  // Android & iOS
  : () => {
    console.log('screenRecording');
  },
};
// returns `true` if freeRASP starts successfully; you can ignore this value
const started = await startFreeRASP(config, actions);
android {
    buildTypes {
        release {
            minifyEnabled true
            shrinkResources true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }
}
https://github.com/talsec/Free-RASP-Capacitor/tree/main/example
detect screenshots
screen recordings
Screen Capture
on the API page
this manual
Threat detection
Releases
wiki
freeMalwareDetection
integration guide

isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.

android/app/build.gradle
android {
    compileSdk 35
    // ... some other declarations ...
    defaultConfig {
        minSdkVersion 23
        // ... some other declarations ...
    }
}
android/settings.gradle
plugins {
    id "dev.flutter.flutter-plugin-loader" version "1.0.0"
    id "com.android.application" version "8.8.1" apply false
    id "org.jetbrains.kotlin.android" version "2.1.0" apply false
}
android/build.gradle
dependencies {
    classpath 'com.android.tools.build:gradle:8.8.1'    
    classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
}
android/gradle/wrapper/gradle-wrapper.properties
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.12.1-all.zip
 <uses-permission android:name="android.permission.DETECT_SCREEN_CAPTURE" />
 <uses-permission android:name="android.permission.DETECT_SCREEN_RECORDING" />
flutter pub add freerasp
main.dart
import 'package:freerasp/freerasp.dart';

void main() {

  // This line is important!
  WidgetsFlutterBinding.ensureInitialized();

  // create a configuration for freeRASP
  final config = TalsecConfig(
    /// For Android
    androidConfig: AndroidConfig(
      packageName: 'your.package.name',
      signingCertHashes: [
        'mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k='
      ], // Replace with your release (!) signing certificate hash(es)
      supportedStores: ['com.sec.android.app.samsungapps'],
    ),

    /// For iOS
    iosConfig: IOSConfig(
      bundleIds: ['YOUR_APP_BUNDLE_ID'],
      teamId: 'M8AK35...',
    ),
    watcherMail: '[email protected]',
    isProd: true,
  );
}
main.dart
import 'package:freerasp/freerasp.dart';

void main() {

  // Setting up callbacks
  final callback = ThreatCallback(
      : () => print("App integrity"),
      : () => print("Obfuscation issues"),
      : () => print("Debugging"),
      : () => print("Device binding"),
      : () => print("Device ID"),
      : () => print("Hooks"),
      : () => print("Passcode not set"),
      : () => print("Privileged access"),
      : () => print("Secure hardware not available"),
      : () => print("Simulator"),
      : () => print("System VPN"),
      : () => print("Developer mode"),
      : () => print("USB debugging enabled"),
      : () => print("Unofficial store"),
      : () => print("Screenshot"),
      : () => print("Screen recording"),
  );

  // Attaching listener
  Talsec.instance.attachListener(callback);
}
void main() async {

  // start freeRASP
  await Talsec.instance.start(config);
}
consumerProguardFiles 'consumer-rules.pro'
https://github.com/talsec/Free-RASP-Flutter/tree/master/example
security articles
detect screenshots
screen recordings
Screen Capture
on the API page
this manual
Threat detection
Releases
here
wiki
freeMalwareDetection
integration guide

isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.

Community [Apply to Join!]

Space for developer's creativity, community programs

Cover
https://docs.talsec.app/premium-products/appicrypt-product-page
android:extractNativeLibs="true"
<application
    android:label="freerasp_example"
    android:icon="@mipmap/ic_launcher"
    android:extractNativeLibs="true">
Logo
Fair Usage Policy
logo
AppiCrypt®

Cordova

Example: https://github.com/talsec/Free-RASP-Cordova/tree/master/example

📝 Prerequisites

The freeRASP has the following prerequisites that must be met before starting.

Android

The Android implementation uses Kotlin serialization plugin; following line has to be added to the plugins block in platforms/android/build.gradle:

platforms/android/build.gradle
plugins {
    id 'org.jetbrains.kotlin.plugin.serialization' version '1.7.10'
}

freeRASP requires minSdkVersion level of >=23, targetSdkVersion level of >=31, compileSdkVersion level of >=34, and Kotlin support.

Since freeRASP 8.0.0, it is also necessary to raise version of Kotlin above 2.0.0 in your project.

Add the following lines to the config.xml file in your project root directory.

config.xml
<preference name="GradlePluginKotlinEnabled" value="true" />
<preference name="GradlePluginKotlinCodeStyle" value="official" />
<preference name="GradlePluginKotlinVersion" value="2.0.0" />
<preference name="android-minSdkVersion" value="23" />
<preference name="android-targetSdkVersion" value="31" />
<preference name="android-compileSdkVersion" value="34" />

Then run the following command to apply the preferences:

bash
$ cordova prepare android

Enable Screenshot and Screen Recording Detection

To detect screenshots and screen recordings , add the following permission to your Android Manifest (via config.xml):

 <platform name="android">
  <config-file target="AndroidManifest.xml" parent="/*">
   <uses-permission android:name="android.permission.DETECT_SCREEN_CAPTURE" />
   <uses-permission android:name="android.permission.DETECT_SCREEN_RECORDING" />
  </config-file>
</platform>

Screenshot Detection is supported on Android 14 (API level 34) and higher. Screen Recording Detection is supported on Android 15 (API level 35) and higher.

To utilize active protection, you can use

await talsec.blockScreenCapture(true);

To receive whether the screen capture is blocked, you can use

const response = await talsec.isScreenCaptureBlocked();

For more details about all these screen capture methods, see Screen Capture.

iOS

freeRASP plugin uses Swift. Install the following plugin to support Swift in your project.

bash
$ cordova plugin add cordova-plugin-add-swift-support --save

📦 Install the plugin

Install the plugin using Cordova CLI

bash
cordova plugin add cordova-talsec-plugin-freerasp

⚙️ Setup the Configuration for your App

To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.

For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through this manual to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.

In the the entry point to your app, import freeRASP and add the code below.

index.js
/* global cordova, talsec */

const config = {
    androidConfig: {
        packageName: 'com.example.helloapp',
        certificateHashes: ['mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k='],  // Replace with your release (!) signing certificate hash(es)
        supportedAlternativeStores: ['com.sec.android.app.samsungapps'],
    },
    iosConfig: {
        appBundleIds: 'com.example.helloapp',
        appTeamId: 'your_team_ID'
    },
    watcherMail: '[email protected]',
    isProd: true
};

isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this .


👷 Handle detected threats

freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the Threat detection in the wiki to learn more details about the performed checks and their importance for app security.

Threat reactions can be specified inside a JavaScript object, which is then passed into the initialization function:

// reactions to detected threats
const actions = {
    // Android & iOS
    : () => {
        console.log('privilegedAccess');
    },
    // Android & iOS
    : () => {
        console.log('debug');
    },
    // Android & iOS
    : () => {
        console.log('simulator');
    },
    // Android & iOS
    : () => {
        console.log('appIntegrity');
    },
    // Android & iOS
    : () => {
        console.log('unofficialStore');
    },
    // Android & iOS
    : () => {
        console.log('hooks');
    },
    // Android & iOS
    : () => {
        console.log('deviceBinding');
    },
    // Android & iOS
    : () => {
        console.log('secureHardwareNotAvailable');
    },
    // Android & iOS
    : () => {
        console.log('systemVPN');
    },
    // Android & iOS
    : () => {
        console.log('passcode');
    },
    // iOS only
    : () => {
        console.log('deviceID');
    },
    // Android only
    : () => {
        console.log('obfuscationIssues');
    },
    // Android only
    : () => {
        console.log('devMode');
    },
    // Android only
    : () => {
        console.log('adbEnabled');
    },
    // Android & iOS
    : () => {
      console.log('screenshot');
    },
    // Android & iOS
    : () => {
      console.log('screenRecording');
    },
};

🛡️ Start freeRASP

freeRASP can be started after the Cordova initialization is completed, for example, inside the onDeviceReady function in the index.js.

talsec.start(config, actions)
    .then(() => {
        console.log('Talsec initialized.');
    })
    .catch((error) => {
        console.log('Error during Talsec initialization: ', error);
    });

For the version you’re integrating, you can find the specific dSYMs for debugging in Releases.


🌁 Enable source code obfuscation

The easiest way to obfuscate your app is via code minification, a technique that reduces the size of the compiled code by removing unnecessary characters, whitespace, and renaming variables and functions to shorter names. It can be configured for Android devices in android/app/build.gradle like so:

android {
    buildTypes {
        release {
            minifyEnabled true
            shrinkResources true
            proguardFiles getDefaultProguardFile("proguard-android.txt"), "proguard-rules.pro"
        }
    }
}

Additionally, create or extend proguard-rules.pro in android/app folder and exclude Cordova’s specific classes that rely on package names from being obfuscated:

proguard-rules.pro
-keep class org.apache.cordova.** {*;}
-keep public class * extends org.apache.cordova.CordovaPlugin
-flattenpackagehierarchy

Please note that some other modules in your app may rely on reflection, therefore it may be necessary to add corresponding keep rules into proguard-rules.pro file.

If there is a problem with the obfuscation, freeRASP will notify you about it via obfuscationIssues callback.

Read more about why this is important in the wiki.


☢️ (Optionally) Integrate freeMalwareDetection

freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.

It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.

Visit the freeMalwareDetection repository to learn more about this feature! For the integration, refer to the integration guide for the Cordova platform.

Unity

🚨 freeRASP for Unity – Early Release [6/2025]

We’re excited to introduce freeRASP for Unity as a new flavor of our runtime protection library. As it’s still fresh, you may encounter some integration issues that need to be ironed out.

We’d love to hear about your experience—good or bad. Please open an issue on GitHub or write us directly at [email protected]. Your feedback helps us make it better!

Example: https://github.com/talsec/Free-RASP-Unity-POC

📝 Prerequisites

The freeRASP has the following prerequisites that must be met before starting:

  • Unity Editor level: 6 or higher

  • Minimum SDK level: 23 or higher

📦 Install Plugin

First, you'll need to install freeRASP for Unity. Head over to [Github Unity Plugin Release Link] and download the latest plugin. The plugin file should have a .unitypackage extension.

Next, import the plugin into your Unity project: right-click on Assets → Import Package → Custom Package.

Editor - Import Package

Android (freeRASP for Android v15.1.0)

⚙️ Set Up the Configuration for Your App

To ensure freeRASP works properly, you need to configure and initialize it with the required settings. All necessary values must be provided for the plugin to function correctly. Detailed explanations of each configuration option are available on the Android API documentation page.

The first step involves obtaining your app's signing certificate hashes in Base64 format. Refer to the provided manual for comprehensive guidance on app signing, which covers both manual signing methods and Google Play's app signing service.

In this guide, we'll create the Game.cs script (see our sample) attached to a GameObject to initialize freeRASP and configure reactions. You can use any other scripts in your business logic that are initiated when the app starts.

To make your Game.cs script run, you need to attach it to a GameObject in your Scene (drag'n'drop the Game.cs onto some object):

  • Create an empty GameObject in your scene (or select an existing one).

  • Drag your Game.cs script from the Project window onto that GameObject in the Hierarchy window or the Inspector window.

  • When you run the scene, the Start() and Update() methods (and others) of your Game.cs script will be called on that GameObject.

In the Game.cs (or your app’s entry point), import freeRASP and add the following code:

using UnityEngine;

public class Game : MonoBehaviour
{
    // Start is called once before the first execution of Update after the MonoBehaviour is created
    void Start()
    {
        bool isProd = true;
        string watcherMailAddress = "[email protected]";

        // Android related configs
        string expectedPackageName = "com.unity.rasp.game";
        string[] expectedSigningCertificateHashBase64 = new string[] { "Tmac/QIomCqEGS1jYqy9cMMrqaitVoZLpjXzCMnt55Q=" };
        string[] supportedAlternativeStores = new string[] { "com.sec.android.app.samsungapps" };

        // initialize talsec
        TalsecPlugin.Instance.initAndroidTalsec(expectedPackageName, expectedSigningCertificateHashBase64, 
        supportedAlternativeStores, watcherMailAddress, isProd);
        TalsecPlugin.Instance.setAndroidCallback(this); // set Android callback
    }

    // Update is called once per frame
    void Update()
    {

    }
}

👷 Handle detected threats

To receive threat notifications, implement the AndroidThreatDetectedCallback interface. It contains multiple methods that are triggered when freeRASP periodically scans the device for security threats. Implement these methods within your game logic or main application class.

// Implementation of AndroidThreatDetectedCallback interface
public void onRootDetected()
{
    Debug.Log("Unity - Root detected");
}

public void onTamperDetected()
{
    Debug.Log("Unity - Tamper detected");
}

public void onDebuggerDetected()
{
    Debug.Log("Unity - Debugger detected");
}

public void onEmulatorDetected()
{
    Debug.Log("Unity - Emulator detected");
}

public void onObfuscationIssuesDetected()
{
    Debug.Log("Unity - Obfuscation issues detected");
}
public void onScreenshotDetected()
{
    Debug.Log("Unity - Screenshot detected");
}

public void onScreenRecordingDetected()
{
    Debug.Log("Unity - Screen recording detected");
}

public void onUntrustedInstallationSourceDetected() {
    Debug.Log("Unity - Untrusted installation source detected");
}

public void onHookDetected() {
    Debug.Log("Unity - Hook detected");
}

public void onDeviceBindingDetected() {
    Debug.Log("Unity - Device binding detected");
}

public void onUnlockedDeviceDetected() {
    Debug.Log("Unity - Unlocked device detected");
}

public void onHardwareBackedKeystoreNotAvailableDetected() {
    Debug.Log("Unity - Hardware backed keystore not available detected");
}

public void onDeveloperModeDetected() {
    Debug.Log("Unity - Developer mode detected");
}

public void onADBEnabledDetected() {
    Debug.Log("Unity - ADB enabled detected");
}

public void onSystemVPNDetected() {
    Debug.Log("Unity - System VPN detected");
}

Add freeRASP Maven Repository

preview
dependencyResolutionManagement {
    repositoriesMode.set(RepositoriesMode.PREFER_SETTINGS)

    repositories {
        google()
        mavenCentral()

        maven { url 'https://jitpack.io' }
        maven { url 'https://europe-west3-maven.pkg.dev/talsec-artifact-repository/freerasp' }

        flatDir {
            dirs "${project(':unityLibrary').projectDir}/libs"
        }
    }
}

iOS (freeRASP for iOS v6.11.0)

⚙️ Set Up the Configuration for Your App

To ensure freeRASP works properly, you need to configure and initialize it with the required settings. All necessary values must be provided for the plugin to function correctly. Detailed explanations of each configuration option are available on the iOS API documentation page.

To make your Game.cs script run, you need to attach it to a GameObject in your Scene (drag'n'drop the Game.cs onto some object):

  • Create an empty GameObject in your scene (or select an existing one).

  • Drag your Game.cs script from the Project window onto that GameObject in the Hierarchy window or the Inspector window.

  • When you run the scene, the Start() and Update() methods (and others) of your Game.cs script will be called on that GameObject.

In your app’s entry point, import freeRASP and add the following code:

using System;
using UnityEngine;
using System.Collections;
using System.Collections.Generic;

public class Game : MonoBehaviour
{
    // Start is called once before the first execution of Update after the MonoBehaviour is created
    void Start()
    {
        // common configs
        bool isProd = true;
        string watcherMailAddress = "[email protected]";

        // iOS related configs
        string[] appBundleIds = new string[] { "com.unity.freeRASP" };
        string teamId = "TEAM ID";

        // initialize talsec
        TalsecPlugin.Instance.initiOSTalsec(appBundleIds, teamId, watcherMailAddress, isProd);
        TalsecPlugin.Instance.setiOSCallback(this); // set callback
    }

}

👷 Handle detected threats

To receive threat notifications, implement the IOSThreatDetectedCallback interface. It contains multiple methods that are triggered when freeRASP periodically scans the device for security threats. Implement these methods within your game logic or main application class.

// Implementation of IOSThreatDetectedCallback interface
public void signatureDetected() {
Debug.Log("Signature detected");
}

public void jailbreakDetected() {
Debug.Log("Jailbreak detected");
}

public void debuggerDetected() {
Debug.Log("Debugger detected");
}

public void runtimeManipulationDetected() {
Debug.Log("Runtime manipulation detected");
}

public void passcodeDetected() {
Debug.Log("Passcode detected");
}

public void passcodeChangeDetected() {
Debug.Log("Passcode change detected");
}

public void simulatorDetected() {
Debug.Log("Simulator detected");
}

public void missingSecureEnclaveDetected() {
Debug.Log("Unity - Missing secure enclave detected");
}

public void deviceBindingDetected() {
Debug.Log("Device binding detected");
}

public void unofficialStoreDetected() {
Debug.Log("Unofficial store detected");
}

public void systemVPNDetected() {
Debug.Log("System VPN detected");
}

public void screenshotDetected() {
Debug.Log("Screenshot detected");
}

public void screenRecordingDetected() {
Debug.Log("Screen recording detected");
}

public void deviceIDDetected() {
Debug.Log("Device ID detected");
}

Add freeRASP

Once you are done with your game in Unity Hub; proceed to export the project. Once exported, open up the project in Xcode and add freeRASP dependency:

  1. From GitHub, Copy Talsec folder into your Application folder.

    (select v6.11.0: https://github.com/talsec/Free-RASP-iOS/tree/v6.11.0/Talsec)

  2. Drag & drop the Talsec folder to your .xcworkspace.

  3. Add TalsecRuntime framework to Target > Build Phases > Link Binary With Libraries.

  4. In the General > Frameworks, Libraries, and Embedded Content choose Embed & Sign.

Note: In case you are using Carthage, the zipped version of the framework is included in the GitHub Releases (https://github.com/talsec/Free-RASP-iOS/releases/tag/v6.11.0).

AppiCrypt
RASP+

iOS

Example:

📦 Add the dependency

  1. From GitHub, Copy into your Application folder.

  2. Drag & drop the Talsec folder to your .xcworkspace.

  3. Add TalsecRuntime framework to Target > Build Phases > Link Binary With Libraries.

  4. In the General > Frameworks, Libraries, and Embedded Content choose Embed & Sign.

Note: In case you are using Carthage, the zipped version of the framework is included in the .


⚙️ Setup the Configuration for your App

To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided .

In the AppDelegate import TalsecRuntime and add the following code (e.g., in the didFinishLaunchingWithOptions method.:

It does not have to be AppDelegate, it can be anywhere. However, the recommended approach is to start the SDK as soon as possible.


👷 Handle detected threats

You can handle the detected events using handlers. For example, you can log the event, show a window to the user or kill the application. See the to learn more details about the performed checks and their importance for app security.

  1. Anywhere in your project (e.g. in AppDelegate), add the following code as an extension:

  2. Use the code above for handling these types of events:


📱(Optionally) Add screenshot and screen capture blocking

To utilize active screen shot and screen capture (e.g. mirroring, screen recording) protection, you can use Talsec.blockScreenCapture(enable: Bool, window: UIWindow) with specific UIWindow on which it should be blocked. To receive whether the screen capture is blocked in the specific UIWindow, you can use the Talsec.isScreenCaptureBlocked(in window: UIWindow). For more details about all these screen capture methods, see .

🛡️ Start freeRASP

Invoke the following method right after setting up the TalsecConfig in previous steps.

For the version you’re integrating, you can find the specific dSYMs for debugging in .

wiki section
AppDelegate.swift
let config = TalsecConfig(
    appBundleIds: ["YOUR_APP_BUNDLE_ID"], 
    appTeamId: "YOUR TEAM ID", 
    watcherMailAddress: "WATCHER EMAIL ADDRESS", 
    isProd: true
)
AppDelegate.swift
import TalsecRuntime

extension SecurityThreatCenter: SecurityThreatHandler {
    public func threatDetected(_ securityThreat: TalsecRuntime.SecurityThreat) {
        print("Found incident: \(securityThreat.rawValue)")
    }
}
TalsecRuntime
public enum SecurityThreat: String, Codable, CaseIterable, Equatable {
    /// app integrity / repackaging / tampering
    case  = "appIntegrity"
    /// jailbreak
    case  = "privilegedAccess"
    /// debugger
    case  = "debug"
    /// runtime manipulation / hooks
    case  = "hooks"
    /// disabled passcode
    case 
    /// [DEPRECATED] passcode change
    case passcodeChange
    /// simulator
    case 
    /// missing Secure Enclave
    case 
    /// device binding
    case  = "device binding"
    /// changed deviceID
    case 
    /// unofficial store or Xcode build
    case 
    /// Detected system VPN
    case 
    /// screenshot
    case 
    /// screen recording and screen mirroring
    case 
}
AppDelegate.swift
...
let config = TalsecConfig(...)
Talsec.start(config: config)
https://github.com/talsec/Free-RASP-iOS
Talsec folder
GitHub Releases
on the API page
Threat detection
Screen Capture
Releases

isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.

Secret Vault
Dynamic TLS Pinning
Hardening suite

React Native

Example:

📝 Prerequisites

The freeRASP has the following prerequisites that must be met before starting.

Android

freeRASP requires a minimum SDK level of 23. React Native projects, by default, support even lower levels of minimum SDK. This creates an inconsistency we must solve by updating the minimum SDK level of the application:

  • From the root of your project, go to android > build.gradle.

  • In buildscript, update minSdkVersion to at least 23 (Android 6.0) or higher.

Raise Kotlin version

Since freeRASP 4.0.0, it is necessary to raise version of Kotlin in your project. This applies for projects running on RN < 0.77.

  • From the root of your project, go to android > build.gradle (or equivalent).

  • In buildscript.ext, update kotlinVersion to at least 2.0.0 or higher.

  • In buildscript.dependencies, specify the same version forkotlin-gradle-plugin .

Enable Screenshot and Screen Recording Detection

To and , add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:

Screenshot Detection is supported on Android 14 (API level 34) and higher. Screen Recording Detection is supported on Android 15 (API level 35) and higher.

To utilize active protection, you can use

To receive whether the screen capture is blocked, you can use

For more details about all these screen capture methods, see .

iOS

freeRASP React Native plugin uses Pods. Navigate to the ios folder and run:


📦 Install the plugin

  • Install the plugin using your preferred package manager

  • Navigate to the ios folder and run:


⚙️ Setup the Configuration for your App

To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided.

In the the entry point to your app, import freeRASP and add the code below.

For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.

FreeRASP provides a React Custom Hook that handles all required logic as registration of freeRASP, mounting and unmounting of listeners for you.


👷 Handle detected threats

freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the in the wiki to learn more details about the performed checks and their importance for app security.

Threat reactions should be specified inside a JavaScript object.


🛡️ Start freeRASP

Start freeRASP to detect threats by calling the useFreeRasp hook, below the created config and the callback handler:

Please note that useFreeRasp Hook should be called outside useEffect.

When freeRASP initializes correctly, you should see freeRASP initialized message in the logs. Otherwise, you'll see a warning with a description of what went wrong.

You can override this default behaviour by extending the actions object with started key (to change action after successful initialization), and initializationError key (to set up action after unsuccessful initialization)

For the version you’re integrating, you can find the specific dSYMs for debugging in .

Alternative: Initialize freeRASP in a Class component

Import methods from the freeRASP plugin:

Override componentDidMount() method in the entry point to your app set listeners to threats and start freeRASP:

In this code snippet, actions is object with your reactions to threats and config is a freeRASP configuration object from previous parts of the readme.

Override componentWillUnmount() method where you clean up the listeners:


🌁 Enable source code obfuscation

The easiest way to obfuscate your app is via code minification, a technique that reduces the size of the compiled code by removing unnecessary characters, whitespace, and renaming variables and functions to shorter names. It can be configured for Android devices in android/app/build.gradle like:

Please note that some other modules in your app may rely on reflection, therefore it may be necessary to add corresponding keep rules into proguard-rules.pro file.

If there is a problem with the obfuscation, freeRASP will notify you about it via obfuscationIssues callback.

Read more about why this is important in the.


☢️ (Optionally) Integrate freeMalwareDetection

freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.

It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.

Visit the repository to learn more about this feature! For the integration, refer to the for the React Native platform.

android/build.gradle
buildscript {
    ext {
      minSdkVersion 23
    }
}
buildscript {
    ext {
        kotlinVersion = '2.0.0'
    }
    dependencies {
        classpath("org.jetbrains.kotlin:kotlin-gradle-plugin:2.0.0")
    }
 <uses-permission android:name="android.permission.DETECT_SCREEN_CAPTURE" />
 <uses-permission android:name="android.permission.DETECT_SCREEN_RECORDING" />
import { blockScreenCapture } from 'freerasp-react-native';
await blockScreenCapture(true);
import { isScreenCaptureBlocked } from 'freerasp-react-native';
const response = await isScreenCaptureBlocked();
$ pod install
npm
npm install freerasp-react-native
yarn
yarn add freerasp-react-native
$ pod install
App.tsx
import { useFreeRasp } from 'freerasp-react-native';

// app configuration
const config = {
  androidConfig: {
    packageName: 'com.awesomeproject',
    certificateHashes: ['mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k='],  // Replace with your release (!) signing certificate hash(es)
    supportedAlternativeStores: ['com.sec.android.app.samsungapps'],
  },
  iosConfig: {
    appBundleId: 'com.awesomeproject',
    appTeamId: 'your_team_ID',
  },
  watcherMail: '[email protected]',
  isProd: true,
};
// reactions for detected threats
const actions = {
  // Android & iOS
  : () => {
    console.log('privilegedAccess');
  },
  // Android & iOS
  : () => {
    console.log('debug');
  },
  // Android & iOS
  : () => {
    console.log('simulator');
  },
  // Android & iOS
  : () => {
    console.log('appIntegrity');
  },
  // Android & iOS
  : () => {
    console.log('unofficialStore');
  },
  // Android & iOS
  : () => {
    console.log('hooks');
  },
  // Android & iOS
  : () => {
    console.log('deviceBinding');
  },
  // Android & iOS
  : () => {
    console.log('secureHardwareNotAvailable');
  },
  // Android & iOS
  : () => {
    console.log('systemVPN');
  },
  // Android & iOS
  : () => {
    console.log('passcode');
  },
  // iOS only
  : () => {
    console.log('deviceID');
  },
  // Android only
  : () => {
    console.log('obfuscationIssues');
  },
  // Android only
  : () => {
    console.log('devMode');
  },
  // Android only
  : () => {
    console.log('adbEnabled');
  },
  // Android & iOS
  : () => {
    console.log('screenshot');
  },
  // Android & iOS
  : () => {
    console.log('screenRecording');
  },
};
useFreeRasp(config, actions);
import {
  talsecStart,
  setThreatListeners,
  removeThreatListeners,
} from 'freerasp-react-native';
async componentDidMount() {
  await setThreatListeners(actions);
  const response = await talsecStart(config);
  console.log(response); // freeRASP started
}
componentWillUnmount() {
  removeThreatListeners();
}
android {
    buildTypes {
        release {
            minifyEnabled true
            shrinkResources true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }
}
https://github.com/talsec/Free-RASP-ReactNative
detect screenshots
screen recordings
Screen Capture
on the API page
this manual
Threat detection
Releases
wiki
freeMalwareDetection
integration guide

isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.

hook detection
root
jailbreak

What's New and Changelog

Stay up-to-date with the latest features, improvements and bug fixes for freeRASP. Here you'll find detailed information about each update we've rolled out, organized by platform. Whether you're using the Android, iOS, Flutter, React Native, Capacitor, or Cordova version, all platforms are supported.

Explore the tabs below to see what's new and how the experience has been improved for you. If you're looking for specific changes or features, each update is documented for your convenience.

Latest from Articles

  • How to Block Screenshots, Screen Recording, and Remote Access Tools in Android and iOS Apps

  • Emulators in Gaming: Threats and Detections

  • OWASP Top 10 For Flutter - M1: Mastering Credential Security in Flutter

  • Hook, Hack, Defend: Frida’s Impact on Mobile Security & How to Fight Back

  • Exclusive Research: Unlocking Reliable Crash Tracking with PLCrashReporter for iOS SDKs

  • 🚀A Developer’s Guide to Implement End-to-End Encryption in Mobile Apps 🛡️

Learn more: https://docs.talsec.app/appsec-articles

Changelog

Latest Version 15.1.0

Improvement

  • Added new root detection checks.

  • Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.

  • Added externalId to put an integrator-specified custom identifier into the logs. This feature will be presented later.

Fixed

  • Resolved SecurityException caused by getNetworkCapabilities() - Android 11 specific bug (GH Android issue #56).

Version 15.0.0

Changed

  • Compile API increased to 35, dependencies updated

  • Internal library obfuscation reworked

  • Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)

Fixed

  • ANR issues bug-fixing

Version 14.0.1

Breaking Change, new feature

  • ❗️Added onScreenshotDetected() - detection of screenshots, refer to the Android freeRASP integration documentation.

  • ❗️Added onScreenRecordingDetected() - detection of screen recording, refer to the Android freeRASP integration documentation.

Improvement

  • Added blockScreenCapture(Activity activity, boolean enable) for FLAG_SECURE control, an active protection against screen capturing.

  • isScreenCaptureBlocked() - to receive whether the screen capture is blocked

  • Rate limiting for both screenshot and screenRecording incidents

  • Improved root detection capabilities

Bug Fix

  • Updated proguard rules to fix warnings from okhttp dependency.

Version 13.2.0

Improvement

  • Added request integrity information to data collection headers.

  • Enhanced and accelerated the data collection logic.

Version 13.0.0

New features

  • BREAKING CHANGE: Added onADBEnabledDetected detection feature, which allows you to detect USB debugging option enabled in the developer settings on the device. App needs to implement this new callback.

Version 12.0.0

Improvement

  • Refactored Magisk checks in the root detection

  • Internal refactoring of Malware detection feature

Bug Fix

  • Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver

Version 11.1.3

Bug Fix

  • Reported ANR issues present on some devices were resolved (GH issue #138).

  • Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter #140).

  • Reported crashes caused by the UnsupportedOperationException were resolved.

Version 11.1.1

Bug Fix

  • False positives in Hook detection (runtimeManipulation).

Version 11.1.0

New Feature

  • Added onMalwareDetected to ThreatListener.ThreatDetected interface, this is a breaking change and the onMalwareDetected has to be implemented by the integrating application.

    • Important Information

      • Further details for this feature will be provided shortly with the new repositories.

      • For now, do not react to the callback, you can implement it simply by just using println().

  • Added the auditing of the internal execution for the future check optimization and overall security improvements.

Improvement

  • Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.

  • Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).

  • Refactored fetching the list of installed applications for root and hook detection.

Bug Fix

  • Fixed native crashes (SEGFAULT errors) in ifpip method.

  • Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 9.6.0

New Feature

  • Two new threat callbacks, onDeveloperModeDetected and onSystemVPNDetected, have been added for detecting Developer mode and System VPN.

Improvement

  • Updated GMS dependency to a newer version for improved performance and compatibility.

  • Updated CA bundle to enhance security for secure connections.

Bug Fix

  • Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 9.1.0

Improvement

  • Updated freeRASP SDK artifact hosting ensuring better stability and availability.

Version 9.0.2

Improvement

  • Shortened duration of threat evaluation.

  • Improved appIntegrity check and its logging.

  • Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.

Bug Fix

  • Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).

Version 9.0.0

Improvement

  • Increased the compileSdk and targetSdk in the demo application.

  • Updated dependencies in the demo application.

Bug Fix

  • Fixed issue with ProviderException (#26).

Curious about more in-depth changes for Android? Head over to our GitHub Changelog for the complete history of updates!

Version 6.11.0

New Feature

  • Screen capture protection obscuring app content in screenshots and screen recordings preventing unauthorized content capture. Refer to the iOS freeRASP integration documentation.

Improvement

  • Added externalId to put an integrator-specified custom identifier into the logs. This feature will be presented later.

  • Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.

Bug Fix

  • Resolved an issue that prevented Xcode tests from running correctly.

  • Resolved an issue with the screen recording detection.

Version 6.9.0

Improvement

  • Improvement of the obfuscation of the SDK

Changed

  • Deep signing of the OpenSSL binaries

Version 6.8.0

New feature

  • Enhanced security with our new Screen Capture Threat Detection, now capable of identifying screen recording, AirPlay mirroring, and screenshots to guard against unauthorized viewing. Check out the new screenshot and screenRecording callbacks.

Version 6.6.3

Maintenance

  • Updated SDK code signing; it will now be signed with:

    • Team ID: PBDDS45LQS

    • Team Name: Lynx SFT s.r.o.

Version 6.6.2

New feature

  • Added Serotonin jailbreak detection.

Version 6.6.1

Improvement

  • Renewed the signing certificate.

Version 6.6.0

New feature

  • Dopamine jailbreak detection.

Version 6.5.3

Improvement

  • Updated OpenSSL to version 3.0.14 and CURL to version 8.8.0. (Github issue #114)

Version 6.5.0

New Feature

  • Added request integrity information to data collection.

  • Significantly improved the response time from data collection service.

Version 6.4.0

New Feature

  • Added new threat callback systemVPN for System VPN detection.

Improvement

  • Passcode check is now performed periodically.

  • Updated the CA bundle to enhance security for secure connections.

Bug Fix

  • Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 6.1.2

New Feature

  • Added Privacy Manifest.

  • Added codesigning for the SDK, it is signed by:

    • Team ID: ASQC376HCN,

    • Team Name: AHEAD iTec, s.r.o..

Improvement

  • Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.

  • Improved obfuscation of Swift and C strings.

Bug Fix

  • Fixed memory leak (#13).

Curious about more in-depth changes for iOS? Head over to our GitHub Changelog for the complete history of updates!

Latest Version 7.1.0

New feature

  • Added interface for screenshot / screen recording blocking on iOS.

Improvements

  • Added interface for external ID storage.

  • Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.

  • [Android] New root detection checks added.

Fixed

  • Issue that caused compilation errors due to unknown references.

  • [iOS] Resolved an issue with the screen recording detection.

  • [iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 7.0.0

Added

  • fvm support for Flutter version management

Changed

  • Updated versions for example app

  • [Android] Breaking: Raised Kotlin version to 2.1.0

  • [Android] Compile API increased to 35, dependencies updated

  • [Android] Internal library obfuscation reworked

  • [Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)

  • [iOS] Improvement of the obfuscation of the SDK

  • [iOS] Deep signing of the OpenSSL binaries

Fixed

  • [Android] ANR issues bug-fixing

Version 6.12.0

New feature

  • Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.

  • Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.

  • Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.

  • Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

  • [Android] Raised Android CompileSDK level to 35

  • [Android] Monitoring is now disabled by default

Improvement

  • [Android] Improved root detection

Bug Fix

  • [Android] Proguard rules to address warnings from okhttp dependency

Version 6.11.0

Improvement

  • [Android] Added request integrity information to data collection headers.

  • [Android] Enhanced and accelerated the data collection logic.

Version 6.10.0

Improvement

  • App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method

  • [Android] Malware data is now parsed on background thread to improve responsiveness.

Version 6.9.0

New features

  • [Android] onADBEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 6.8.0

New features and improvements

  • [Android] Malware detection as a new callback for enhanced app security.

  • [Android] Internal refactoring of Malware detection feature.

  • [Android] Refactoring Magisk checks in the root detection.

  • [iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

  • [iOS] Updated SDK code signing; it will now be signed with:

    • Team ID: PBDDS45LQS

    • Team Name: Lynx SFT s.r.o.

Bug Fix

  • [Android] Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver

Version 6.7.3

Improvement

  • [iOS] Renewed the signing certificate.

Version 6.7.2

Bug Fix

  • [Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).

  • [Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).

  • [Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 6.7.1

Bug Fix

  • [Android] False positives for hook detection.

Version 6.7.0

New Feature

  • [Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.

  • [iOS] Dopamine jailbreak detection.

Improvement

  • Migration to declarative Gradle plugin.

  • Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).

  • [Android] TalsecConfig creation was migrated to a Builder pattern.

  • [Android] Refactored fetching the list of installed applications for root and hook detection.

  • [iOS] Enhanced and accelerated the data collection logic.

Bug Fix

  • [Android] Native crashes (SEGFAULT) in ifpip method.

  • [Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 6.6.0

New Feature

  • Added new threat Threat.systemVPN for VPN detection.

  • Added new callback onSystemVPN in ThreatCallback for handling Threat.systemVPN threat.

  • [Android] Added a new threat detection feature, Threat.devMode, to identify Developer mode.

  • [Android] Added a new callback onDevMode in ThreatCallback for handling Threat.devMode threat.

Improvement

  • Increased minimal Dart SDK version to 2.18.0 and minimal Flutter version to 3.3.0

  • Updated the CA bundle to enhance security for secure connections.

  • [Android] Increased the version of the GMS dependency

  • [iOS] Passcode check is now performed periodically.

Bug Fix

  • Resolved a problem in logging caused by the device’s default system locale

Version 6.5.1

Improvement

  • [Android] New Talsec SDK artifact hosting - better stability and availibility.

Version 6.5.0

New Feature

  • [iOS] Added Privacy Manifest.

  • [iOS] Added codesigning for the SDK, it is signed by:

    • Team ID: ASQC376HCN,

    • Team Name: AHEAD iTec, s.r.o..

Improvement

  • Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.

  • [Android] Improved appIntegrity check and its logging.

  • [iOS] Improved obfuscation of Swift and C strings.

Bug Fix

  • [Android] Fixed issue with disappearing threats when the app is quickly put into the background and then back to the foreground (resolves issue #91).

  • [Android] Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).

Version 6.4.0

Improvement

  • Improved reaction obfuscation.

  • [iOS] Improved obfuscation of the iOS SDK.

  • [iOS] Raised supported Xcode version to 14.3.1 .

Bug Fix

  • [Android] Fixed ProviderException.

  • Fixed typo in namespace which caused incompatibility with AGP 8.0 .

Curious about more in-depth changes for Flutter? Head over to our GitHub Changelog for the complete history of updates!

Latest Version 4.1.0

New feature

  • Added interface for screenshot / screen recording blocking on iOS.

Improvements

  • Added interface for external ID storage.

  • Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.

  • [Android] New root detection checks added.

Fixed

  • [iOS] Resolved an issue with the screen recording detection.

  • [iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 4.0.0

Changed

  • Android SDK requires kotlin_version >= 2.0.0

  • Set Java version to 17

  • [Android] Compile API increased to 35, dependencies updated

  • [Android] Internal library obfuscation reworked

  • [Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)

  • [iOS] Improvement of the obfuscation of the SDK

  • [iOS] Deep signing of the OpenSSL binaries

Fixed

  • [Android] ANR issues bug-fixing

Version 3.14.0

New feature

  • Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.

  • Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.

  • Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.

  • Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

  • [Android] Raised Android compileSDK level to 35

Improvement

  • [Android] Improved root detection

Fixed

  • Compatibility issues with RN New Architecture

  • [Android] Added proguard rules for malware data serialization in release mode on Android

  • [Android] Proguard rules to address warnings from okhttp dependency

Version 3.13.0

Improvement

  • [Android] Added request integrity information to data collection headers.

  • [Android] Enhanced and accelerated the data collection logic.

Version 3.12.0

Improvement

  • App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.

  • Parsing of malware data is now async.

  • [Android] Malware data is now parsed on background thread to improve responsiveness.

Version 3.11.0

New features

  • [Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 3.10.0

New features and improvements

  • Added configuration fields for malware detection.

  • [Android] Malware detection as a new callback for enhanced app security.

  • [Android] Refactoring Magisk checks in the root detection.

  • [iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

  • [iOS] Updated SDK code signing; it will now be signed with:

    • Team ID: PBDDS45LQS

    • Team Name: Lynx SFT s.r.o.

Version 3.9.3

Improvement

  • [iOS] Renewed the signing certificate.

Version 3.9.2

Bug Fix

  • [Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).

  • [Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).

  • [Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 3.9.1

Bug Fix

  • [Android] False positives for hook detection.

Version 3.9.0

New Feature

  • [Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.

  • [iOS] Dopamine jailbreak detection.

Improvement

  • Improved error messages when validation of the freeRASP configuration fails.

  • Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).

  • [Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.

  • [Android] Refactored fetching the list of installed applications for root and hook detection.

Bug Fix

  • Fixed incorrect path to types in package.json.

  • [Android] Fixed native crashes (SEGFAULT errors) in ifpip method.

  • [Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 3.8.2

Improvement

  • Updated proguard rules to resolve build issues in RN 0.75.x.

Version 3.8.0

New Feature

  • Added a new threat systemVPN for VPN detection.

  • [Android] Added a new threat devMode for Developer mode detection.

Improvement

  • Updated the CA bundle to enhance security for secure connections.

  • [Android] Updated the GMS dependency to a newer version for improved performance and compatibility.

  • [iOS] Enhanced and accelerated the data collection logic.

  • [iOS] Passcode check is now performed periodically.

Bug Fix

  • Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

  • [Android] Fixed proguard warning in specific versions of RN.

Version 3.7.2

Improvement

  • Updated expo config plugin to fix release build issue in RN 0.73.

Version 3.7.1

Improvement

  • [Android] Updated freeRASP SDK artifact hosting ensuring better stability and availibility.

Bug Fix

  • [Android] Fixed compatibility issues with RN < 0.63.

Version 3.7.0

New Feature

  • Added support for apps built with Expo SDK.

  • [iOS] Added Privacy Manifest.

  • [iOS] Added codesigning for the SDK, it is signed by:

    • Team ID: ASQC376HCN,

    • Team Name: AHEAD iTec, s.r.o..

Improvement

  • Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.

  • [Android] Shortened duration of threat evaluation.

  • [Android] Improved appIntegrity check and its logging.

  • [iOS] Improved obfuscation of Swift and C strings.

Bug Fix

  • [Android] Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).

  • [iOS] Fixed memory leak (freeRASP iOS issue #13).

Curious about more in-depth changes for React Native? Head over to our GitHub Changelog for the complete history of updates!

Latest Version 8.0.0

New feature

  • Added interface for screenshot / screen recording blocking on iOS.

Changed

  • Plugin now requires kotlin version >= 2.0.0.

Improvements

  • Added interface for external ID storage.

  • Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.

  • [Android] New root detection checks added.

Fixed

  • [iOS] Resolved an issue with the screen recording detection.

  • [iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 7.4.1

Changed

  • [Android] Compile API increased to 35, dependencies updated

  • [Android] Internal library obfuscation reworked

  • [Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)

  • [iOS] Improvement of the obfuscation of the SDK

  • [iOS] Deep signing of the OpenSSL binaries

Fixed

  • [Android] ANR issues bug-fixing

Version 7.4.0

New feature

  • Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.

  • Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.

  • Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.

  • Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

  • [Android] Set following required SDK versions for Android plugin:

    • minSdkVersion 23

    • targetSdkVersion to 35

    • compileSdkVersion to 35

Improvement

  • [Android] Improved root detection

Fixed

  • [Android] Proguard rules to address warnings from okhttp dependency

Version 7.3.0

Improvement

  • [Android] Added request integrity information to data collection headers.

  • [Android] Enhanced and accelerated the data collection logic.

Version 7.2.0

Improvement

  • App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.

  • Parsing of malware data is now async.

  • [Android] Malware data is now parsed on background thread to improve responsiveness.

Version 7.1.0

New features

  • [Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 7.0.0

New features and improvements

  • Added configuration fields for malware detection.

  • [Android] Malware detection as a new callback for enhanced app security.

  • [Android] Refactoring Magisk checks in the root detection.

  • [iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

  • BREAKING CHANGE: New dependency is required to run freeRASP; add following plugin to android/build.gradle:

plugins {
    id 'org.jetbrains.kotlin.plugin.serialization' version '1.7.10'
}
  • [iOS] Updated SDK code signing; it will now be signed with:

    • Team ID: PBDDS45LQS

    • Team Name: Lynx SFT s.r.o.

Bug Fix

  • [Android] Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver

Version 6.3.3

Improvement

  • [iOS] Renewed the signing certificate.

Version 6.3.2

Bug Fix

  • [Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).

  • [Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).

  • [Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 6.3.1

Bug Fix

  • [Android] False positives for hook detection.

Version 6.3.0

New Feature

  • [Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.

  • [iOS] Dopamine jailbreak detection.

Improvement

  • Improved error messages when validation of the freeRASP configuration fails.

  • Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).

  • [Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.

  • [Android] Refactored fetching the list of installed applications for root and hook detection.

  • [iOS] Enhanced and accelerated the data collection logic.

Bug Fix

  • [Android] Fixed native crashes (SEGFAULT errors) in ifpip method.

  • [Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 6.2.0

New Feature

  • Added a new threat systemVPN for VPN detection.

  • [Android] Added a new threat devMode for Developer mode detection.

Improvement

  • Updated the CA bundle to enhance security for secure connections.

  • [Android] Updated the GMS dependency to a newer version for improved performance and compatibility.

  • [iOS] Passcode check is now performed periodically.

Bug Fix

  • Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 6.1.3

Bug Fix

  • Fixed BAD_ACCESS error occurring in specific versions of cordova-ios plugin (#28).

Version 6.1.2

Bug Fix

  • [Android] Removed the talsec namespace that caused change of namespaces for whole app.

  • [iOS] Fixed issue causing app crash with lower versions of cordova-ios plugin.

Version 6.1.1

Improvement

  • [Android] Updated freeRASP SDK artifact hosting ensuring better stability and availibility.

Curious about more in-depth changes for Cordova? Head over to our GitHub Changelog for the complete history of updates!

Latest Version 2.1.0

New feature

  • Added interface for screenshot / screen recording blocking on iOS.

Improvements

  • Added interface for external ID storage.

  • Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.

  • [Android] New root detection checks added.

Fixed

  • [iOS] Resolved an issue with the screen recording detection.

  • [iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 2.0.0

Changed

  • Android SDK requires kotlin_version >= 2.0.0

  • [Android] Compile API increased to 35, dependencies updated

  • [Android] Internal library obfuscation reworked

  • [Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)

  • [iOS] Improvement of the obfuscation of the SDK

  • [iOS] Deep signing of the OpenSSL binaries

Fixed

  • [Android] ANR issues bug-fixing

Version 1.10.0

New feature

  • Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.

  • Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.

  • Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.

  • Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

  • [Android] Raised Android compileSDK level to 35

  • [Android] Set minifyEnabled in plugin to true implicitly

Improvement

  • [Android] Improved root detection

Fixed

  • [Android] Proguard rules to address warnings from okhttp dependency

Version 1.9.0

Improvement

  • [Android] Added request integrity information to data collection headers.

  • [Android] Enhanced and accelerated the data collection logic.

Version 1.8.0

Improvement

  • App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.

  • Parsing of malware data is now async.

  • [Android] Malware data is now parsed on background thread to improve responsiveness.

Version 1.7.0

New features

  • [Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 1.6.0

New features

  • Added configuration fields for malware detection.

  • [Android] Malware detection as a new callback for enhanced app security.

  • [Android] Refactoring Magisk checks in the root detection.

  • [iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

  • [iOS] Updated SDK code signing; it will now be signed with:

    • Team ID: PBDDS45LQS

    • Team Name: Lynx SFT s.r.o.

Bug Fix

  • Resolved compatibilty issues with JDK 21 (issue #21)

Version 1.5.3

Improvement

  • [iOS] Renewed the signing certificate.

Version 1.5.2

Bug Fix

  • [Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).

  • [Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).

  • [Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 1.5.1

Bug Fix

  • [Android] False positives for hook detection.

Version 1.5.0

New Feature

  • [Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.

  • [iOS] Dopamine jailbreak detection.

Improvement

  • Improved error messages when validation of the freeRASP configuration fails.

  • Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).

  • [Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.

  • [Android] Refactored fetching the list of installed applications for root and hook detection.

  • [iOS] Enhanced and accelerated the data collection logic.

Bug Fix

  • [Android] Fixed native crashes (SEGFAULT errors) in ifpip method.

  • [Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 1.4.0

New Feature

  • Added a new threat systemVPN for VPN detection.

  • [Android] Added a new threat devMode for Developer mode detection.

Improvement

  • Updated the CA bundle to enhance security for secure connections.

  • [Android] Updated the GMS dependency to a newer version for improved performance and compatibility.

  • [iOS] Passcode check is now performed periodically.

Bug Fix

  • Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 1.3.1

Improvement

  • [Android] Updated freeRASP SDK artifact hosting ensuring better stability and availibility.

Version 1.3.0

New Feature

  • [iOS] Added Privacy Manifest.

  • [iOS] Added codesigning for the SDK, it is signed by:

    • Team ID: ASQC376HCN,

    • Team Name: AHEAD iTec, s.r.o..

Improvement

  • Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.

  • [Android] Shortened duration of threat evaluation.

  • [Android] Improved appIntegrity check and its logging.

  • [iOS] Improved obfuscation of Swift and C strings.

Bug Fix

  • [Android] Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).

  • [iOS] Fixed memory leak (freeRASP iOS issue #13)

Version 1.2.1

  • [Android] Fixed bug that prevented firing callbacks in specific situations.

  • [iOS] Fixed bug that caused app being killed in specific situations (#42).

Curious about more in-depth changes for Capacitor? Head over to our GitHub Changelog for the complete history of updates!