See the most frequent issues occurring during integration.
Currently, there are no commonly present issues solely for the Native iOS development platform. For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.
Troubleshooting
See the most frequent issues occurring during integration.
The most frequent issues occurring during integration:
ReferenceError: TalsecPlugin is not defined
Reason:
Cordova Angular cannot find the talsec object.
Solution:
Add the following line below imports: declare var talsec: any;
For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.
Troubleshooting
See the most frequent issues occurring during integration.
The most frequent issues occurring during integration:
javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007aa9f06888: Failure in SSL library, usually a protocol error
Reason:
Conflicts between one of our device binding detection controls and TLS/SSL, using AndroidKeyStore
Solution:
We've created a special version in which the device binding is disabled. Please, use the following dependency:
For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.
Integration
Integrate freeRASP into your mobile app step by step, from prerequisites and SDK setup to threat callbacks, obfuscation.
The general flow of the integration can be decomposed into the following steps:
Conforming to the prerequisites, e.g. setting up Android minSdkVersion.
Looking at , to provide an additional layer of protection by detecting malware or suspicious applications.
Looking at Features and Pricing Plans if you are interested in more advanced solutions to protect your application and business.
Reading through Wiki and FAQ, if you are interested in more detailed information about internal workings.
Dev vs. Release version
The Dev version is intended for development purposes. It allows you to work on your app without interference from security features that could disrupt the process, e.g. if you would implement killing of the application on the debugger callback.
The Release version is meant for production and must always be used for your published app. It enables all security protections provided by freeRASP.
To configure this, set the isProd flag in freeRASP:
Release: isProd = true
Dev: isProd = false
⚠️Dev version disables some detections which won't be triggered during the development process:
Emulator/Simulator
Debugging
Tampering/Repackaging
Unofficial store/source
Obfuscation issues
Developer mode
ADB Enabled
Make sure that you use the Release version for the production.
Choose the Appropriate Version to Continue Integration
Choose the relevant section based on your app development platform:
API
Description of the freeRASP API
Variables
TalsecConfig
Specifies configuration for your app. See the table below for a detailed description of the attributes.
Registers your reactions to detected threats with freeRASP.
fun unregisterListener(context: Context)
Unregisters the reactions to detected threats.
object Talsec
Methods
fun start(context: Context, config: TalsecConfig, mode: TalsecMode? = TalsecMode.BACKGROUND)
The method used to start freeRASP's functionality. TalsecMode is an optional parameter that can be used to force the execution of freeRASP in FOREGROUND / BACKGROUND thread (default value is TalsecMode.BACKGROUND).
fun blockScreenCapture(activity: Activity, enable: Boolean)
The method used to block/unblock screen capture.
fun isScreenCaptureBlocked(): Boolean
The method used to know the state of screen capture blocking whether blocked or not.
fun storeExternalId(context: Context, externalId: String): ExternalIdResult
Validates and stores a custom identifier (External ID) for the user.
Requirements:
Allowed characters: Alphanumeric (a-z, A-Z, 0-9) and special characters: +, _
fun removeExternalId(context: Context)
Removes the previously stored External ID.
Abstract Classes
public abstract class ThreatDetected
Sends callbacks to your app when a threat is detected. Read more about the meaning of the callbacks in the .
Methods:
open fun onRootDetected()
open fun onDebuggerDetected()
open fun onEmulatorDetected()
Methods have default empty implementations, so you only need to override the ones you want to handle.
abstract class DeviceState
Provides device state listener to get additional information about device state. Read more about the meaning of the device state listeners in the .
Methods:
open fun onUnlockedDeviceDetected()
open fun onHardwareBackedKeystoreNotAvailableDetected()
open fun onDeveloperModeDetected()
abstract class RaspExecutionState
A class which represents a set of callbacks that are used to notify the application when state of executing RASP checks changes.
Methods:
open fun onAllChecksFinished()
sealed interface ExternalIdResult
Represents the result of the storeExternalId operation.
Subclasses:
class Success - Indicates that the externalId was successfully validated and stored.
class Error(val errorMsg: String) - Indicates that validation failed due to invalid characters. Contains a description of the error.
Troubleshooting
See the most frequent issues occurring during integration.
The most frequent issues occurring during integration:
General
Could not determine the dependencies of task ':freerasp-react-native:compileDebugAidl'
Solution:
In package.json, update react-native to a higher patch version and run npm install (or yarn install).
See to find out which patch version is relevant for you.
Invalid hook call. Hooks can only be called inside of the body of a function component.
Reason: The useFreeRasp Hook cannot be called inside useEffect.
Solution:
Android Devices
Execution failed for task ':freerasp-react-native:minifyReleaseWithR8'.
Sealed classes are not supported as program classes when generating class files.
Reason: Kotlin sealed classes are not supported in AGP 8.1 used by some versions of RN (currently 0.73.x)
Solution: Follow , which also contains additional information about the issue.
iOS Devices
Unsupported Swift architecture
Reason: The arm64 macro is not set under Rosetta.
Solution: Go to <your_project>/node_modules/freerasp-react-native/ios/TalsecRuntime.xcframework/ios-arm64/TalsecRuntime.framework/Headers/TalsecRuntime-Swift.h and move the following code (lines 4 and 5 in the file) to the top of the file:
For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.
AI-Assisted Integration
⚡️ Quick Start: AI-Assisted freeRASP Integration with Curated Prompt
How to use this
This curated AI prompt is designed to get the freeRASP into your app to save you time. The AI cannot make security decisions for you.
CRITICAL: This AI integration is a starting point only. You MUST manually configure:
Signing certificate hash
Watcher email
Threat reactions
Commit your code before starting so you can review/rollback changes.
Steps
➡️ Open your AI coding assistant & your IDE
➡️ Proceed with steps related to your AI coding assistant (see tabs below)
⚠️ Finally,read again and manually configure TalsecConfig and threat reactions
Choose your AI assistant:
Create an Integration.md file inside your app folder.
Navigate to. In the top right corner, click the arrow next to the copy button and choose the "Copy page" option.
Paste the content into your newly created Integration.md
Expo
freeRASP for React Native is a bare React Native plugin. When installing freeRASP into a project that uses Expo SDK, there may be extra configuration needed.
To integrate freeRASP into the Expo projects, follow the instructions for React Native. After that, continue on this page.
We provide a plugin config that sets up the dependencies of freeRASP without the need to eject the Expo project. It is recommended to use the plugin config. However, manual setup is also possible.
Plugin config setup
Add the plugin config to your app.json and specify the minSdkVersion (use at least 23).
Additional configuration for Expo SDK 50 projects or older
If you are using Expo 50, increase the version of R8 above 8.2 with the R8Version property .
Manual setup
Increase minSdkVersion
This can be done in two ways:
update the minSdkVersion property directly in android/build.gradle, or
Introduction
freeRASP is a free mobile app protection SDK that detects rooting, jailbreak, hooking, tampering, emulators, and other runtime threats,and real-time security analytics via Talsec Portal.
freeRASP is a lightweight and easy-to-integrate mobile security library designed to detect potential threats during the application's runtime. It contains multiple security checks, each aimed to cover possible attack vectors to ensure a high level of application security.
What does freeRASP do?
freeRASP provides detection of potentially dangerous behaviour, including the following:
supportedAlternativeStores
Array<String>
Package names of the alternative stores on which you are publishing the application. The Google Play Store and Huawei AppGallery, are included internally. (You can assign just emptyArray()). For more information, visit the wiki page.
arrayOf( "com.sec.android.app.samsungapps")
isProd
Boolean?
Defaults to true when undefined. If you want to use the Dev version to make the development process viable, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.
true
killOnBypass
Boolean?
Defaults to false .
Determines whether the app should be killed within the SDK, if the callbacks are hooked or modified by an attacker.
true
,
-
,
/
,
:
,
=
.
Returns:
ExternalIdResult.Success if the ID is valid and stored, or ExternalIdResult.Error if the ID violates the requirements (the ID will not be stored).
open fun onTamperDetected()
open fun onUntrustedInstallationSourceDetected()
open fun onHookDetected()
open fun onDeviceBindingDetected()
open fun onObfuscationIssuesDetected()
open fun onScreenshotDetected()
open fun onScreenRecordingDetected()
open fun onMultiInstanceDetected()
open fun onLocationSpoofingDetected()
open fun onTimeSpoofingDetected()
open fun onUnsecureWifiDetected()
open fun onAutomationDetected()
open fun onMalwareDetected(suspiciousApps: List<SuspiciousAppInfo>)
open fun onADBEnabledDetected()
open fun onSystemVPNDetected()
expectedPackageName
String
Package name of the app.
"com.talsec.freerasp.demoapp"
expectedSigningCertificateHashBase64
Array<String>
Certificate hashes of your app. You must get your expected signing certificate hashes in Base64 form. You can go through this manual to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
Paste the content into your newly created Integration.md file.
Create the CLAUDE.md file in your app folder with the content from the link
Now, launch Claude in your app folder and type start. Grant the LLM the necessary permissions when prompted. After a successful build of your app with freeRASP integrated, the LLM will provide you with the next integration steps.
Create an Integration.md file inside your app folder.
Paste the content into your newly created Integration.md file.
Create the AGENTS.md file in your app folder with the content from the link.
Now, launch Codex in your app folder and type start. Grant the LLM the necessary permissions when prompted. After a successful build of your app with freeRASP integrated, the LLM will provide you with the next integration steps.
Create an Integration.md file inside your app folder.
Paste the content into your newly created Integration.md file.
Create the GEMINI.md file in your app folder with the content from the link.
Now, launch gemini cli in your app folder and type start. Grant the LLM the necessary permissions when prompted. After a successful build of your app with freeRASP integrated, the LLM will provide you with the next integration steps.
public enum SecurityThreat : String, Codable, CaseIterable, Equatable
Provides all types of threats detected by freeRASP. Read more about the meaning of the threats in the .
Cases
signature
jailbreak
debugger
Wiki
Explore the freeRASP wiki for practical guides on signing certificate hash, threat detection behavior, code obfuscation, and other technical details that help you understand and configure the SDK.
Welcome to the freeRASP wiki page!
This page provides additional information about the product. The main goal is to present clear and easily accessible content that will help you better understand freeRASP. We hope you find it helpful and informative.
What will you find on this Wiki page?
How to .
Details on .
Information about .
Overview of .
We encourage you to explore the different sections of this wiki to gain a more comprehensive understanding of the freeRASP product and its features. If you have any questions or need further assistance, please feel free to reach out to our support team at [email protected].
iOS
Example:
📝 Prerequisites
freeRASP requires a minimum iOS
Google Play App Signing Method
Google manages your app’s signing key and uses it to sign your application.
Watch the video walkthrough or continue with the step-by-step guide below:
Step 1: Find SHA-256 Hash in Google Play Console
To retrieve the SHA-256 hash in , follow these steps:
Open your app and navigate to Test and release > App integrity > Play app signing.
Threat Detection
Learn how freeRASP detects rooted or jailbroken devices, emulators, hooks, app tampering, and other runtime threats, and how to choose the right in‑app response for your mobile security use case.
freeRASP performs several security checks to detect potential threats during runtime, each targeting specific attack vectors. Developers and business owners can determine the appropriate response to these incidents, whether by terminating the application, alerting the user, logging the incident details, or choosing to ignore it.
For a detailed explanation of each security check and guidance on selecting an appropriate response, please refer to the individual threat descriptions in the subsections. Remember, the ideal response will depend on your application's specific security needs and use cases.
Troubleshooting
See the most frequent issues occurring during integration.
Currently, there are no commonly present issues solely for the Capacitor development platform. For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.
Automation detection [Android only]
Automation detection identifies when the application is being controlled, analyzed, or interacted with by automated testing frameworks (specifically targeting Appium and UI Automator). This describes a situation where software, rather than a human, is driving the application's UI.
Attackers use automation tools to simulate user actions at high speed and scale to perform attacks such as:
Bot Farms: Automating actions like account creation, voting, or transaction execution to manipulate platform metrics or defraud the system.
Data Scraping
Integrate free RASP into `your app` folder, while following the guide inside `Integration.md`. Check that integration was done correctly by building the app with gradle files. You are **PROHIBITED** from modifying any code in the target app that is not explicitly mentioned in the guide. Do not refactor or "improve" unrelated existing logic.
Take a look at this link “https://raw.githubusercontent.com/talsec/Free-RASP-Android/refs/heads/master/FreeRASPDemoApp/app/src/main/java/com/aheaditec/talsec/demoapp/TalsecApplication.kt”, It is reference integration, please follow it, especially imports. Replace any TODO comments found in the integration steps (specifically within callbacks or event handlers) with executable print functions (e.g., Log.d or println) containing relevant logging text, ensuring the events are observable.
After the integration, mention to the user what he needs to do next, according to the guide. For the `expectedSigningCertificateHashBase64`, you must explicitly provide the link `https://docs.talsec.app/freerasp/wiki/getting-signing-certificate-hash` and instruct the user to follow that guide to obtain the correct hash for their certificate.
Find the integration script and click the trash icon on the right side to remove it
Open the .flutter-plugins (in the root folder of the app), and get the address where the freerasp is installed.
Go to the given folder, and remove the freerasp folder file.
Delete the .symlinks folder from the project.
Run pub get
Run pod install to test it
keeps the libraries uncompressed and stored within the APK, which increases the APK size but might allow the application to load faster because the libraries are loaded directly at runtime.
The Secure Enclave and the Android Keystore system make it very difficult to decrypt sensitive data without physical access to the device. In that order, these keys need to be stored securely. freeRASP checks if the keys reside inside secure hardware.
Below are code snippets demonstrating missing hardware detection across various platforms:
// Android Keystore
override fun onHardwareBackedKeystoreNotAvailableDetected() {
TODO("Not yet implemented")
}
// iOS Secure Enclave
case missingSecureEnclave
// Flutter HW backed keystore not available and missing secure enclave detection
onSecureHardwareNotAvailable: () => print("Secure hardware not available")
// Cordova HW backed keystore not available and missing secure enclave detection
secureHardwareNotAvailable: () => {
// Place your reaction here
}
// React Native HW backed keystore not available and missing secure enclave detection
secureHardwareNotAvailable: () => {
// Place your reaction here
}
// Capacitor HW backed keystore not available and missing secure enclave detection
secureHardwareNotAvailable: () => {
// Place your reaction here
}
Recommended action: Ignore the callback or log the event to your BE.
Time Spoofing detection
Time spoofing attack is when an attacker (or malicious app) manipulates the device's clock or its time source (e.g. network, GPS, or NTP) to cause system apps to behave incorrectly.
Time spoofing in mobile apps is often used to extend or reuse expired tokens, OTPs, or sessions, bypass trial periods and usage quotas, and skip waiting or cooldown times for time‑restricted features, giving attackers or unauthorised users continued access or unfair advantages.
Below are code snippets demonstrating time spoofing detection across various platforms:
// Android timeSpoofing check
override fun onTimeSpoofingDetected() {
TODO("Not yet implemented")
}
// iOS timeSpoofing detection
case timeSpoofing
// Flutter time spoofing detection
onTimeSpoofing: () => print("Time spoofing detected")
// Cordova time spoofing detection
timeSpoofing: () => {
// Place your reaction here
}
// React Native time spoofing detection
timeSpoofing: () => {
// Place your reaction here
}
// Capacitor time spoofing detection
timeSpoofing: () => {
// Place your reaction here
}
Location Spoofing detection [Android only]
Location spoofing is when an attacker (or malicious app) falsifies the device’s reported location or the location signals it trusts (e.g., GNSS/GPS, Wi‑Fi positioning, cellular location, or IP‑based geolocation), causing the OS and apps to receive incorrect location data.
Location spoofing in mobile apps is commonly used to bypass geofences and region locks, fake presence (e.g., on dating apps or games), create alibis (e.g., on social or parental control apps), or commit location‑based fraud (offers, check‑ins).
Below are code snippets demonstrating debugger detection across various platforms:
// Android location spoofing check
override fun onLocationSpoofingDetected() {
TODO("Not yet implemented")
}
// Flutter location spoofing detection
onLocationSpoofing: () => print("Multi instance detected")
// Cordova location spoofing detection
locationSpoofing: () => {
// Place your reaction here
}
// React Native location spoofing detection
locationSpoofing: () => {
// Place your reaction here
}
// Capacitor location spoofing detection
locationSpoofing: () => {
// Place your reaction here
}
: Automatically navigating the app to extract proprietary data, content, or user information.
Dynamic Analysis: Rapidly probing the application logic and UI flows to discover vulnerabilities or bypass security checks.
Below are code snippets demonstrating automation detection:
Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!
true
runtimeManipulation
passcode
simulator
missingSecureEnclave
systemVPN
deviceChange
deviceID
unofficialStore
screenshot
screenRecording
timeSpoofing
appBundleIds
[String]
List of Bundle IDs for the app
["com.talsec.freerasp.demoapp"]
appTeamId
String
Apple Team ID for the signing of the app
"M8AK35..."
watcherMailAddress
String?
The value is automatically used for Security Reports, Product Updates, and Talsec Portal updates, learn more.
From GitHub, Copy Talsec folder into your Application folder.
Drag & drop the Talsec folder to your .xcworkspace.
Add TalsecRuntime framework to Target > Build Phases > Link Binary With Libraries.
In the General > Frameworks, Libraries, and Embedded Content choose Embed & Sign.
Note: In case you are using Carthage, the zipped version of the framework is included in the GitHub Releases.
⚙️ Setup the Configuration for your App
To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.
In the AppDelegate import TalsecRuntime and add the following code (e.g., in the didFinishLaunchingWithOptions method.:
It does not have to be AppDelegate, it can be anywhere. However, the recommended approach is to start the SDK as soon as possible.
Configuration Parameters
isProd - a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.
watcherMail - By providing your watcherMail, you consent to receive security reports, product updates, and other essential communications from Talsec. about the role of watcherMail.
👷 Handle detected threats
You can handle the detected events using handlers. For example, you can log the event, show a window to the user or kill the application. See the Threat detection to learn more details about the performed checks and their importance for app security.
Anywhere in your project (e.g. in AppDelegate), add the following code as an extension:
Use the code above for handling these types of events:
📱(Optionally) Add screenshot and screen capture blocking
To utilize active screen shot and screen capture (e.g. mirroring, screen recording) protection, you can use Talsec.blockScreenCapture(enable: Bool, window: UIWindow) with specific UIWindow on which it should be blocked.To receive whether the screen capture is blocked in the specific UIWindow, you can use the Talsec.isScreenCaptureBlocked(in window: UIWindow). For more details about all these screen capture methods, see Screen Capture.
👷(Optionally) Get information about state of check execution
You can use RaspExecutionState to get callback when are initial checks are finished:
🛡️ Start freeRASP
Invoke the following method right after setting up the TalsecConfig in previous steps.
For the version you’re integrating, you can find the specific dSYMs for debugging in Releases.
🖥️ Check Talsec Portal
Check out Data Visualisation Portal and register using your watcherMail to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.
You have to use the same email for the Portal as you used for the watcherMail parameter.
App Data Migration detection identifies situations where application data is restored, transferred, and reused on a different physical device. This behavior can indicate that sensitive application state, credentials, or tokens have been migrated outside the original environment.
A new install of the application (e.g. in case of buying a new device and transfer the apps) is not detected.
The deviceID detects, whether the device identifier has been changed. It is triggered after reinstallation of the application if there are no other applications from the same vendor installed. The value can also change when installing test builds using Xcode or when installing an app on a device using ad-hoc distribution.
Below are code snippets demonstrating device binding detection across various platforms:
Recommended action: Log the event on your BE and react to it if you need to have an instance attached to a particular mobile device (e.g., activation scenarios); otherwise you can ignore it.
Manual App Signing Method
You sign your Android application (APK) yourself using a private key that's stored in a keystore.
Step 1: Use Your Release Keystore to Get the SHA-256 Hash
A common mistake is using the wrong signing key, which will cause the Talsec SDK to flag your app as a security risk. To avoid this, you must use the keystore that signs your app for public release.
Here’s the difference:
Debug Keystore: Created automatically by Android Studio. DO NOT USE THIS ONE. It is insecure and only for development purposes.
Release Keystore: The secure keystore you create and manage. USE THIS ONE. It's what permanently ties your app to you as the developer.
If you haven't created a release keystore yet, the will walk you through the process.
Step 2: Retrieve SHA-256 Hash
You can use tools like keytool or apksigner to retrieve certificate details, including the SHA-256 hash. Choose whichever is most convenient: get the hash from your signed release APK or directly from your release keystore:
Alternative approach if you have a keystore file (.jks or .keystore)
-keystore <path_to_your_keystore_file>: Specifies the full path to your keystore file. Replace <path_to_your_keystore_file> with the actual location of your .jks or .keystore file.
This command will output the certificate details, including the SHA-256 hash, which will look something like this:
You'll need this value for the next step.
Step 3: Convert the SHA-256 Hash to Base64 Format
Convert the hash to Base64 format, as the SDK requires it in this format. Follow the steps in ➡️
Result: Convert the SHA-256 Hash to Base64 Format
Step 1: Convert to Base64
To convert the hash to Base64 form, use an online tool like Base64 Encode:
Example of Base64 conversion
After conversion, you'll receive a final Base64 string like this:
iIx/AtYu7TpAu5cma4JdDXio5bayFSi89axnyOCjfFo=
Alternative approach using a command-line
This command removes colons from a SHA-256 string, then converts the hexadecimal output to a Base64-encoded binary string for Talsec's configuration.
This command will output the final Base64 string:
iIx/AtYu7TpAu5cma4JdDXio5bayFSi89axnyOCjfFo=
Step 2: Use resulting string in your Talsec configuration ✅
Your work here is done. Insert it into your Talsec configuration.
Example of a Talsec freeRASP configuration in Flutter with the resulting string:
Detecting rooted or jailbroken devices
Rooting/jailbreaking is a technique of acquiring privileged control over the operating system of an Android/iOS device. While most users root their devices to overcome the limitations put on the devices by the manufacturers, it also enables those with malicious intent to abuse privileged access and steal sensitive information. Many different attack vectors require privileged access to be performed. Tools such as Magisk, Shamiko, Shad0worDopaminecan hide privileged access and are often used by attackers.
Learn more about the root detection and jailbreak detection.
Learn more about and detection in our glossary.
freeRASP uses various checks to detect whether the device is rooted or jailbroken. It detects not only rooted/jailbroken devices but also looks for the presence of their hiders (e.g., Magisk Hide, Shamiko, Shad0w, Dopamine).
From our data, around 0.5% - 1% of devices have traces of rooting and jailbreaking. Keep that in mind when choosing the appropriate reaction type.
Below are code snippets demonstrating root and jailbreak detection across various platforms:
Recommended action: Notify users that their device is insecure and log the event on your BE. Some of the applications (mostly banking) are often even killed upon the detection of this threat.
About Us
Talsec is an academic-based and community-driven mobile security company. We deliver in-App Protection and a User Safety suite for Fintechs. We aim to bridge the gaps between the user's perception of app safety and the strong security requirements of the financial industry.
Talsec offers a wide range of security solutions, such as App and API protection SDK, monitoring services, and the User Safety suite. You can check out the offered products on our web.
Links
Give us a ⭐:
Follow to stay up to date with the news at Talsec:
Read articles about security issues and their prevention:
isProd flag
There are two possible values for this flag:
true
Indicates the Release version.
This is the default value when undefined.
false
Indicates the Dev version.
The Dev version of freeRASP is intended for usage during the development phase. It serves the purpose of segregating development and production data, as well as disabling certain checks that are not applicable during the development process. These checks include:
Emulator usage (onSimulator),
Debugging (onDebug),
Signing (onAppIntegrity),
FlutterFlow
This page provides you with all the necessary information about for . Please read it carefully. If you have a question, don't hesitate to .
📦 Install the plugin
In this section, you will implement the imported freeRASP Action.
Getting Signing Certificate Hash
This guide provides step-by-step instructions for getting the Base64-encoded signing certificate hash for your Talsec configuration.
What is Signing Certificate Hash?
All Android apps must be signed with a digital certificate before installation. The signing certificate SHA-256 hash in Base64 form - which we'll refer to as the hash for short, also known as a fingerprint -is the certificate's unique identifier, crucial for security and integrity. The Talsec SDK uses this hash for .
Passcode
Saving any sensitive data on a device without a lock / passcode makes them more prone to theft. With no user authentification device can be accessed and modified with minimal effort. freeRASP checks if the device is secured with any type of lock.
Below are code snippets demonstrating passcode detection across various platforms:
Recommended action: Log the event on your BE or react to it if you need users to have a screen lock set up, otherwise ignore it.
Multi-Instance detection [Android devices only]
Multi-instance refers to the ability to launch multiple instances of the same application—either intentionally (such as through app cloning or multi-user modes) or unintentionally (due to a malicious attack or system bug). Each instance may run in a separate process, which can lead to security, privacy, or data consistency issues—especially in sensitive applications like finance, messaging, or enterprise tools.
Currently, detection of multi-instance using is supported.
Below are code snippets demonstrating passcode detection across various platforms:
Recommended action: Log the event on your BE and optionally react to it.
ADB enabled detection [Android devices only]
ADB (Android Debug Bridge) Enabled is a power-user feature activated through the "USB Installation" option in the Developer settings. This state can signal potential security risks, such as apps being installed via USB, the device being connected to a man-in-the-middle (MiTM) proxy, or the device running as an emulator.
When ADB is enabled (either via USB or Wireless/Wi-Fi), it allows extensive access to the device, including pulling and pushing files, issuing shell commands, working with the activity manager (e.g., starting activities, broadcasting intents, modifying hidden Android settings, attaching a profiler to a process, or making an app debuggable), and managing packages. Additionally, it enables capturing screenshots, recording the screen, and other actions that can compromise app security and user privacy.
FreeRASP monitors and detects whether any form of ADB debugging is active on the device, providing protection against both physical and network-based debugging attempts.
Below are code snippets demonstrating ADB enabled detection across various platforms:
Role of watcherMail
A valid business email is your key to the Talsec Portal and the critical security intelligence for your application. This is where your freeRASP data comes to life.
Don't use example or throw-away email. Enter your business email to ensure the access, security reports, and important product announcements.
We need to ensure that critical security information reaches the right person—or team—responsible for your app.
Developer Mode detection [Android devices only]
Android developer mode allows deeper system access and debugging capabilities that can bypass app security measures. Developer mode can enable settings that facilitate the installation of uncertified applications and the execution of potentially harmful code, posing significant risks to data integrity and app functionality. FreeRASP detects whether the developer mode is enabled.
Warning: This vulnerability is particularly critical on Android 12 and 13 devices with Developer Mode enabled. A local attacker with ADB shell access can execute arbitrary code within the context of any non-system app, granting them full access to the app’s private data files, AccountManager-stored credentials, and other privileged resources. This bypasses the Application Sandbox’s intended protections, which are designed to isolate app data even from device owners.
Below are code snippets demonstrating developer mode detection across various platforms:
Emulator detection
Running an application inside an emulator/simulator allows an attacker to hook or trace program execution. For applications running inside an emulator, it is easy to inspect the system's state, reset it to a saved image, or monitor how the app operates. Keep in mind that not every emulator/simulator usage means an ongoing potential threat for the application.
Below are code snippets demonstrating emulator detection across various platforms:
Recommended action: Notify users that their device is insecure and log the event on your BE. Some of the applications (mostly banking) are often even killed upon the detection of this threat.
Unsecure WiFi detection [Android only]
Unsecure Wi‑Fi describes a situation where a device is connected to an open or poorly protected wireless network (for example an open hotspot, weak WPA, or a rogue access point), allowing an attacker to observe, intercept, or alter the device’s traffic and network behavior so the OS and apps communicate over an untrusted link.
Attackers can use unsecured Wi‑Fi to perform man‑in‑the‑middle attacks such as:
Eavesdrop on unencrypted traffic to harvest credentials and session cookies
Hijack or replay active sessions to gain unauthorized access
System VPN detection
Detecting a running VPN service on mobile devices is critical for security-sensitive applications, as it can indicate potential privacy and security risks. VPNs can obscure the user’s actual IP address and route data through servers potentially under external control, which might interfere with geographical restrictions and bypass network security settings intended to protect data integrity and confidentiality. Such anonymising features could be exploited to mask illicit activities, evade compliance controls, or access services from unauthorised regions. FreeRASP checks whether the system VPN is enabled.
Below are code snippets demonstrating system VPN detection across various platforms:
Recommended action: Log the event on your BE
App Tampering detection
Every application can be easily modified and then resigned by an attacker. This process is known as application repackaging. There may be many reasons for application repackaging, whether it's adding new code, removing app protections, or bypassing app licensing. A modified/tampered application is often distributed using third-party stores or other side channels.
Talsec uses various checks to detect whether the application was tampered (e.g., changed package name, signing hash).
Make sure that you have integrated Talsec correctly (e.g., signing certificate hash). Otherwise, this check might be triggered very often.
Below are code snippets demonstrating app tampering detection across various platforms:
License
This project is provided as freemium software, i.e. there is a that imposes some limitations on the free usage. The SDK software consists of open-source and binary parts, which is the property of Talsec. The open-source part is licensed under the MIT License - see the file on GitHub for details.
Troubleshooting
Currently, there are no commonly present issues solely for the Capacitor development platform. For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.
The app's origin is verified, preventing malicious actors from distributing fake or modified versions.
Only the original developer can provide updates, ensuring a secure upgrade path.
Third-party services and APIs can authenticate the app before granting access.
Choose Your Signing Method
The first step is to determine which app signing method you're using.
If you're using Google Play App Signing, a very common practice for Android App Bundles (AAB) distribution, your upload key and distribution key are distinct. So, be sure to use the app signing certificate key from the Google Play Console. Proceed with the Google Play App Signing Method.
If you're managing your own signing key (Manual App Signing), you'll need to generate the hash yourself from your keystore, proceed with the Manual App Signing Method.
Continue with the method that matches your signing process ➡️
Invite Your Team: The business email you provide serves as the foundation for your Organization within the Talsec Portal. Once established, you can invite other developers, security analysts, and managers to a centralized dashboard.
Prevent Missed Threats: Imagine a new, widespread attack targeting apps like yours. A throwaway email address means you will miss the security alert, leaving your application and users vulnerable.
Secure Authentication: A valid email is our primary method for verifying your identity & app ownership to ensure that only authorized personnel can access your app's sensitive security data on the Talsec Portal.
It’s Your Professional Identity: We treat you as a professional partner. A business email helps us to establish a proper communication channel with you.
By providing your watcherMail, you consent to receive security reports, product updates, and other essential communications from Talsec. You can unsubscribe at any time (mail us at [email protected]). For more details, please review our Privacy Policy.
-alias <your_alias_name>: Specifies the alias for the specific key you want to inspect within the keystore. Replace <your_alias_name> with the alias you created for your release key.
// Android lock check
override fun onUnlockedDeviceDetected() {
TODO("Not yet implemented")
}
// iOS lock check
case passcode
// Flutter unlocked device and passcode detection
onPasscode: () => print("Passcode not set")
// Cordova unlocked device and passcode detection
passcode: () => {
// Place your reaction here
}
// React Native unlocked device and passcode detection
passcode: () => {
// Place your reaction here
}
// Capacitor unlocked device and passcode detection
passcode: () => {
// Place your reaction here
}
Recommended action: Log the event on your BE
// Android ADB enabled detection
override fun onADBEnabledDetected() {
TODO("Not yet implemented")
}
// Flutter ADB enabled detection
onADBEnabled: () => print("ADB Enabled detected")
// Cordova ADB enabled detection
adbEnabled: () => {
// Place your reaction here
}
// React Native ADB enabled detection
adbEnabled: () => {
// Place your reaction here
}
// Capacitor ADB enabled detection
adbEnabled: () => {
// Place your reaction here
}
Recommended action: Log the event on your BE
// Android Developer mode detection
override fun onDeveloperModeDetected() {
TODO("Not yet implemented")
}
// Flutter Developer mode detection
onDevMode: () => print("Developer mode detected")
// Cordova Developer mode detection
devMode: () => {
// Place your reaction here
}
// React Native Developer mode detection
devMode: () => {
// Place your reaction here
}
// Capacitor Developer mode detection
devMode: () => {
// Place your reaction here
}
// Android emulator check
override fun onEmulatorDetected() {
TODO("Not yet implemented")
}
// iOS simulator detection
case simulator
// Flutter emulator and simulator detection
onSimulator: () => print("Simulator")
// Cordova emulator and simulator detection
simulator: () => {
// Place your reaction here
}
// React Native emulator and simulator detection
simulator: () => {
// Place your reaction here
}
// Capacitor emulator and simulator detection
simulator: () => {
// Place your reaction here
}
// Android system VPN detection
override fun onSystemVPNDetected() {
TODO("Not yet implemented")
}
// iOS system VPN detection
case systemVPN
// Flutter system VPN detection
onSystemVPN: () => print("System VPN detected")
// Cordova system VPN detection
systemVPN: () => {
// Place your reaction here
}
// React Native system VPN detection
systemVPN: () => {
// Place your reaction here
}
// Capacitor system VPN detection
systemVPN: () => {
// Place your reaction here
}
Debugger detection
While most developers use debuggers to trace the flow of their program during its execution same tool can be attached to an application in an attempt to reverse engineer, check memory values, and steal confidential information. This method looks for specific flags to determine whether the debugger is active and offers the option to disable it.
Below are code snippets demonstrating debugger detection across various platforms:
// Android debugger detection
override fun onDebuggerDetected() {
TODO("Not yet implemented")
}
// iOS debugger detection
case debugger
// Flutter
onDebug: () => print("Debugging")
// Cordova
debug: () => {
// Place your reaction here
}
// React Native
debug: () => {
// Place your reaction here
}
// Capacitor
debug: () => {
// Place your reaction here
}
The freeRASP SDK contains public API, so the integration process is as simple as possible. Unfortunately, this public API also creates opportunities for the attacker to interrupt freeRASP SDK operations or modify the custom code in threat callbacks. All internal freeRASP classes are already obfuscated, so it is simple to distinguish freeRASP sources from the rest of the application code during the static analysis. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also to make it partially randomized for each application so it cannot be automatically abused by generic hooking scripts.
Please follow the integration guide of your platform for more information about how to obfuscate the app.
Below are code snippets demonstrating missing obfuscation detection across various platforms:
// Android
override fun onObfuscationIssuesDetected() {
TODO("Not yet implemented")
}
// Flutter
onObfuscationIssues: () => print("Obfuscation issues")
// Cordova
obfuscationIssues: () => {
// Place your reaction here
},
// React Native
obfuscationIssues: () => {
// Place your reaction here
},
// Capacitor
obfuscationIssues: () => {
// Place your reaction here
},
Recommended action: Use this callback during the development process to ensure that the app is obfuscated.
On your app's initial page, navigate to the UI Builder.
On the right panel, click on Actions.
In the Action Flow Editor box, click Open.
In the newly opened window, click on On Page Load at the top.
Click Add Action (or + and then Add Action, if you already have an Action).
On the right panel, search for the runRASP Custom Action.
Select the runRASP Action.
In the Set Function Arguments section, you will find the configuration-related arguments and several "onX" arguments. More about reactions in the 👷 Handle detected threats.
⚙️ Setup the Configuration for your App
The freeRASP Action requires several arguments to be filled to function. Some data are related to specific platforms.
If you are developing the application exclusively for one platform, you can omit the configuration part related to the other platform. If you don't want to provide configuration to an unrelated platform, provide an empty string:
Click the orange variable icon next to the Value label
Scroll down to Constants
Click Constant to expand the dropdown menu
Select Empty String
Configuration parameters
watcherMail
watcherMail is an email address designated for receiving security reports. Ensure that the email address follows the strict [email protected] format.
isProd
isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.
[Android] packageName
packageName is a unique identifier for your Android application.
You can find the packageName value for your application in FlutterFlow settings:
Navigate to Settings and Integrations.
Locate and select App Details.
In the textbox labelled Package Name, you will find the package name associated with your application.
Do NOT use solutions such as package_info_plus to provide the value of the package name! The package name has to be hardcoded.
[Android] signingCertHash
signingCertHash is a hash of the certificate of the key which was used to sign the application. The value of the hash must be encoded in Base64 form.
Log in using the account that is used to sign and release your app.
Scroll down to the Membership details section.
Look for the line labelled "Team ID" - the value of your team will be displayed there.
👷 Handle detected threats
The freeRASP Action offers multiple callbacks for handling threats. A callback is an Action that gets triggered when a threat is detected.
To implement callback:
Open Action Flow Editor with runRASP action.
Open one of the dropdown menus labelled "onX" on the right panel (X for a given type of reaction, for example, onAppIntegrity)
In the Action Flow Editor box, click on Open.
Implement your reaction.
Visit Threat Detection to learn more details about the performed checks and their importance for app security.
Limitations
Limited configuration
freeRASP for Flutter allows you to define multiple values for:
Signing certificate hash
Supported app store
Bundle ID
Due to FlutterFlow's limitations, the current implementation of freeRASP for FlutterFlow only allows you to specify a single value for each of these attributes. If want to provide more values, you can download the code and adjust those parameters manually (see Flutter)
Mobile support only
Currently, freeRASP supports only Android and iOS. When running the application in the FlutterFlow web client, freeRASP will not be initialized.
[Android] Minimal SDK level
The minimum required Android SDK level for freeRASP is 23. FlutterFlow applications have a minimum SDK level of 21 by default.
This creates some restrictions:
Deploying the application from the FlutterFlow web client is not possible.
Downloading the APK from the FlutterFlow web client is not supported.
To overcome these limitations, we recommend following these steps:
Download the code.
Manually raise the SDK level in the build.gradle file to 23.
Deploy the application using Google Play Console.
Raising SDK version
From the root of your project, go to android > app > build.gradle
In defaultConfig update minSdkVersion to at least 23 (Android 6.0) or higher
🖥️ Check Talsec Portal
Check out Data Visualisation Portal and register using your watcherMail to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.
You have to use the same email for the Portal as you used for the watcherMail parameter.
Below are code snippets demonstrating unsecure wifi detection across various platforms:
// Android unsecure wifi detection
override fun onUnsecureWifiDetected() {
TODO("Not yet implemented")
}
// Flutter unsecure wifi detection
onUnsecureWifi: () => print("Multi instance detected")
// Cordova unsecure wifi detection
unsecureWifi: () => {
// Place your reaction here
}
// React Native unsecure wifi detection
unsecureWifi: () => {
// Place your reaction here
}
// Capacitor unsecure wifi detection
unsecureWifi: () => {
// Place your reaction here
}
Recommended action: Kill the application.
// Android tampering
override fun onTamperDetected() {
TODO("Not yet implemented")
}
// iOS signature
case signature
// Flutter tampering and signature detection
onAppIntegrity: () => print("App integrity")
// Cordova tampering and signature detection
appIntegrity: () => {
// Place your reaction here
}
// React Native tampering and signature detection
appIntegrity: () => {
// Place your reaction here
}
// Capacitor tampering and signature detection
appIntegrity: () => {
// Place your reaction here
}
// Android device binding check
override fun onDeviceBindingDetected() {
TODO("Not yet implemented")
}
// iOS device binding methods
case deviceChange
case deviceID
// Flutter
// device binding and device change detection
onDeviceBinding: () => print("Device binding")
// device ID
onDeviceID: () => print("Device ID") // iOS only
// Cordova
// device binding and device change detection
deviceBinding: () => {
// Place your reaction here
}
// device ID
deviceID: () => { // iOS only
// Place your reaction here
}
// React Native
// device binding and device change detection
deviceBinding: () => {
// Place your reaction here
}
// deviceID
deviceID: () => { // iOS only
// Place your reaction here
}
// Capacitor
// device binding and device change detection
deviceBinding: () => {
// Place your reaction here
}
// deviceID
deviceID: () => { // iOS only
// Place your reaction here
}
What is multi-instacing, why is it an issue and how to detect it?
// Android multi instance check
override fun onMultiInstanceDetected() {
TODO("Not yet implemented")
}
// Flutter multi instance detection
onMultiInstance: () => print("Multi instance detected")
// Cordova multi instance detection
multiInstance: () => {
// Place your reaction here
}
// React Native multi instance detection
multiInstance: () => {
// Place your reaction here
}
// Capacitor multi instance detection
multiInstance: () => {
// Place your reaction here
}
Learn Your Security Posture, Detect Threats, and Benchmark Your App
🖥️ Talsec Portal
Access real-time security insights, global benchmarks, and detailed analytics!
Talsec Portal is a centralized dashboard that visualizes the security data collected by freeRASP from your app, giving you real-time insights into threats, incidents, and benchmarks—so if you're using freeRASP, this is where your app's security intelligence lives.
📊 Real-Time Threat Monitoring: Gain insights into threat counts, types, and occurrences over time.
📈 Global Benchmarking: Benchmark your app's security against global statistics.
📚 Stay informed: Read the latest articles and documentation on app security best practices.
Watch the Demo
✨ Features
🛡️ Security incidents
Details about incidents:
📱 Device info
Details about devices:
OS version
Screen lock
Biometrics
Hardware-backed Keystore
🧾 Activity log
Real-time activity logs from the application, showing ongoing threats.
🔑 Access
🚀 Initial Steps
Visit the .
Run through the onboarding wizard and explore demo data.
Discover insights using demo applications and global security statistics.
🔐 Accessing Your Account
Click on Login, then Sign Up.
Use the email address () associated with your TalsecConfig.
Create an Organization.
Now, you can view data for your applications. You can invite other users to your organization to see your data (see Organization Settings). The users can also add their applications to your organization to share their data.
Got any questions regarding the Talsec Portal? Feel free to reach out! You can use the chatbot on the Portal or write to us at [email protected].
Hook detection
The application can be analysed or modified even though its source code has not been changed, applying a technique known as hooking. This technique can be used to intercept system or application calls and then modify them. An attacker can exploit this by inserting new (often malicious) code or by altering existing one to obtain personal client data. The most well-known hooking frameworks are Frida, Xposed, or Cydia Substrate.
Learn more about in our glossary.
Below are code snippets demonstrating hook detection across various platforms:
// Android hook check
override fun onHookDetected() {
TODO("Not yet implemented")
}
// iOS hook detection
case runtimeManipulation
// Flutter hook and runtime manipulation detection
onHooks: () => print("Hooks")
// Cordova hook and runtime manipulation detection
hooks: () => {
// Place your reaction here
}
// React Native hook and runtime manipulation detection
hooks: () => {
// Place your reaction here
}
// Capacitor hook and runtime manipulation detection
hooks: () => {
// Place your reaction here
}
Recommended action: Notify users that their device or app is insecure and log the event on your BE. In some cases, it is recommended to even kill the application.
Contribution
At Talsec, our commitment goes beyond just providing strong security solutions. We believe in continuously evolving our offerings by actively listening to community feedback and responding to the unique needs of developers. Our goal is not only to protect your applications but also to ensure that your insights and experiences shape our products.
We value your input because we understand that secure and effective development tooling is built through collaboration. Your voice, as a developer, is crucial to making our solutions more robust, dev-friendly, and aligned with real-world challenges.
Issues
We strive to deliver a flawless experience with our software. However, despite our best efforts, occasional bugs or issues may still arise. If you encounter any problems or notice anything that seems out of place, we encourage you to let us know.
Enhancements
If you have ideas that could enhance freeRASP or improve your developer experience, we want to hear from you. We value suggestions from the community, as they reflect real needs and practical experiences.
To share your idea, please open an enhancement issue on our GitHub repository. Your input helps us prioritize features and improvements that matter most to our users.
Enhancements Tracking
We recognize that some ideas are already on our radar and are actively under consideration. To keep track of proposed enhancements and their progress, we use GitHub Projects.
Before submitting a new idea, we recommend reviewing our GitHub Projects board. This will help you see if your suggestion is already being worked on or if similar ideas have been proposed.
💬 Join the Talsec Community!
Are you looking for upcoming events, ways to engage on social media, or a quick overview of our key programs? This is the hub of our community! Visit the main go-to resource for staying connected with Talsec.
Source Code Obfuscation
The freeRASP contains public API so that the integration process is as simple as possible. Unfortunately, this public API also creates opportunities for the attacker to use publicly available information to interrupt freeRASP operations or modify your custom reaction implementation in threat callbacks. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also partially randomized for each application so it cannot be automatically abused by generic hooking scripts.
The majority of Android projects support code shrinking and obfuscation without any additional need for setup. The owner of the project can define the set of rules that are usually automatically used when the application is built in the release mode. For detailed guidance, explore the official documentation through these links: first reference and second reference.
Learn More
Explore obfuscation, its types, and Talsec's practical approach—balancing developer experience, app performance, and attack resistance while minimizing drawbacks and ensuring cost-efficient mobile app security:
Android
Example:
Let your AI assistant (Cursor, Claude, Gemini, Codex) add freeRASP into your app (experimental):
API
Description of the freeRASP API
Types
TalsecConfig
API
Description of the freeRASP API
Variables
TalsecConfig
User Data Policies
Information about collected data
freeRASP collects anonymized security diagnostics data from apps. These data contain:
Application state and security.
Device state and security.
Fair Usage Policy (FUP)
Understand the freeRASP and freeMalwareDetection Fair Usage Policy (FUP), including free usage limits, data collection rules, and when you must upgrade to a commercial Talsec subscription.
& Fair Usage Policy
Version Number: 1.1
Effective Date: October 13, 2025
1. Introduction
// Root detection on Android
override fun onRootDetected() {
TODO("Not yet implemented")
}
// iOS jailbreaking detection
case jailbreak
// Flutter root and jailbreak detection
onPrivilegedAccess: () => print("Privileged access")
// Cordova root and jailbreak detection
privilegedAccess: () => {
// Place your reaction here
}
// React Native root and jailbreak detection
privilegedAccess: () => {
// Place your reaction here
}
// Capacitor root and jailbreak detection
privilegedAccess: () => {
// Place your reaction here
}
freeRASP requires a minimum SDK level of 23. To update the minimum SDK level of the application, follow these steps:
From the root of your project (or module level), go to thebuild.gradle.
Update minSdkVersion to at least 23 (Android 6.0) or higher.
Add permissions for checks
Some checks require additional permissions in order to work properly. If your app already has these permissions, you don't need to add them again.
Screenshot and Screen Recording Detection
To detect screenshots and screen recordings , add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:
Screenshot Detection is supported on Android 14 (API level 34) and higher.
Screen Recording Detection is supported on Android 15 (API level 35) and higher.
Location Spoofing Detection
To detect location spoofing, add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:
Unsecure WiFi Detection
To detect unsecure WiFi, add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:
Set Talsec's Artifact Registry in your project'ssettings.gradle(orbuild.gradle). You should comment out the relevant section in settings.gradle, if you want to use build.gradle, as settings.gradle is preferred:
Config via settings.gradle:
Config via build.gradle:
Make sure that Talsec's maven dependency is at the last position.
Set dependencies in your :app module's build.gradle:
⚙️ Setup the Configuration for your App
To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.
To guarantee protection starts immediately, initialize freeRASP inside the onCreate method of your Application subclass. If you don't have a custom Application class, create one extending Application:
Add a new subclass to AndroidManifest.xml, inside <application> tag:
Set up the Configuration for your app with your values, which are explained in more detail in .
Configuration Parameters
isProd - a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.
killOnBypass - a boolean flag that enables the freeRASP in-SDK reaction to kill the application if it detects any unwanted manipulation with the callback mechanisms.
watcherMail - By providing your watcherMail, you consent to receive security reports, product updates, and other essential communications from Talsec. about the role of watcherMail.
👷 Handle detected threats
You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the Threat detection to learn more details about the performed checks and their importance for app security.
Create a ThreatListener.ThreatDetected object and override the methods you want to handle. You don't need to override all methods; only implement the ones relevant to your app's security policy.
If you encounter issues importing ThreatListener.ThreatDetected, please use 'Sync Project with Gradle Files' to resolve them.“
For the onMalwareDetected(suspiciousApps: List<SuspiciousAppInfo>) callback, make sure you visit ,a powerful feature designed to scan for malicious or suspicious apps.
Optionally, you can use a device state listener to get additional information about the device state, like passcode lock and HW-backed Keystore state:
Optionally, you can use the RaspExecutionState listener, to get information about state of check execution:
Modify initialization of ThreatListener:
(Optional) Screen Capture & Recording Protection:
You can use freeRASP to detect screenshots (onScreenshotDetected), screen recordings (onScreenRecordingDetected).
To actively prevent capture entirely (resulting in a black screen), use
ScreenProtector
You can detect when a screenshot or recording occurs without blocking it, which is useful for auditing or specific security reactions. The ScreenProtector utility automatically handles Android API level checks (Android 14+ for screenshots, Android 15+ for recordings).
🛡️ Start freeRASP
We recommend starting Talsec with TalsecMode.BACKGROUND to prevent performance impacts in the application.
🌁 Enable source code obfuscation
You can make sure that the obfuscation is enabled by checking the value of minifyEnabled property in your module's build.gradle file.
Read more about why this is important in the wiki.
🆔 (Optionally) Set External ID
The externalId allows you to send a custom identifier (such as a User ID) to the Talsec Portal. This identifier will be visible in the Dashboard, enabling you to correlate security incidents with specific users in your system.
Requirements
Allowed characters: Only alphanumeric characters (a-z, A-Z, 0-9) and the following special characters: +, _, -, /, :, =.
If the ID contains any other characters, the method returns ExternalIdResult. Error and the value is not stored.
☢️ (Optionally) Integrate freeMalwareDetection
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Visit the freeMalwareDetection repository to learn more about this feature! For the integration, refer to the integration guide for the Android platform.
🖥️ Check Talsec Portal
Check out Data Visualisation Portal and register using your watcherMail to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.
You have to use the same email for the Portal as you used for the watcherMail parameter.
Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
field
type
description
sample value
packageName
string
Package name of the app.
'com.talsec.freerasp.demoapp'
certificateHashes
string[]
Certificate hashes of your app.
['mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=']
supportedAlternativeStores
string[]
Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the wiki page.
IOSConfig
Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
field
type
description
sample value
appBundleId
string
Apple Bundle ID for the app
'com.talsec.freerasp.demoapp'
appTeamId
string
Apple Team ID used in the app
'M8AK35...'
NativeEventEmitterActions
Specifies a set of callbacks that are used to notify the application when certain security threat is detected.
Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
field
type
description
sample value
packageName
String
Package name of the app.
'com.talsec.freerasp.demoapp'
signingCertHashes
List<String>
Certificate hashes of your app.
['mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=']
supportedStores
List<String>
Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the wiki page.
IOSConfig
Specifies configuration for instances of the app running on iOS devices. See the table below for detailed description of the attributes.
field
type
description
sample value
bundleIds
List<String>
List of Bundle IDs for the app
com.talsec.freerasp.demoapp']
teamId
String
Apple Team ID used in the app
'M8AK35...'
Methods
Future<void> start(TalsecConfig config)
Starts freeRASP with configuration provided in config.
void attachListener(ThreatCallback callback)
Attaches instance of ThreatCallback to freeRASP. If ThreatCallback is already attached, current one will be detached and replaced with callback. When threat is detected, respective callback of ThreatCallback is invoked.
Future<void> storeExternalId(String data)
Sets a custom identifier (External ID) for the current installation. Throws ExternalIdFailureException if the format is invalid or storing fails.
Future<void> removeExternalId()
Removes the previously set External ID. Throws ExternalIdFailureException if the removal fails.
Classes
ThreatCallback
A class which represents a set of callbacks that are used to notify the application when certain security threat is detected. Read more about the meaning of the callbacks in the wiki.
Methods
method name
return type
Android
iOS
onPrivilegedAccess
VoidCallback?
onDebug
VoidCallback?
onSimulator
VoidCallback?
RaspExecutionStateCallback
A class which represents a set of callbacks that are used to notify the application when state of executing RASP checks changes.
method name
return type
Android
iOS
onAllChecksDone
VoidCallback?
Anonymous app instance ID and device ID.
This information allows Talsec to provide a security report, improve the freeRASP product and even the commercial RASP SDK, or prepare mobile security reports and articles.
Data collection can be disabled or configured to a custom customer-owned logging service in premium plans of Talsec.
All the data collected by the freeRASP is technical diagnostics information and anonymous, but depending on the regulations applied, it could be considered sensitive and/or personal data.
Talsec recommends adding the statement below to the dedicated privacy policy page of your app. You can also use the text below while filling in the Google Play Safety Section or similar for Apple App Store publishing.
Privacy Policy Statement
For the purpose of Fraud prevention, user safety, and compliance the dedicated App safety SDK needs to send the following anonymous diagnostic data off the device for detection of security issues. Thus the application collects the following data:
Category: App info and performance
Data Type: Diagnostics
Information about the integrity of the app and the operating system. For example, rooting, running in an emulator, hooking framework usage, etc...
Category: Device or other identifiers
Data Type: Device or other identifiers
Information that relates to an individual device. For example, a device model and anonymous identifier to control that app instance executed on the original device that it was initially installed on. It is needed to combat threats like bots and API abuse.
Google Play's Data Safety Policy
Google Play requires all app publishers to declare how they collect and handle user data for the apps they publish on Google Play. They should inform users properly of the data collected by the apps and how the data is shared and processed. Google will reject the apps which do not comply with the policy.
The checks for the Google Play and details about data are specified above in Privacy Policy Statement.
App Store User Data Policy
Apple requires that all app developers disclose their data collection and handling practices for apps published on the App Store. Developers must clearly inform users about the data their apps collect, as well as how this data is shared and processed. Apps that do not adhere to Apple's data privacy guidelines will be rejected.
Talsec Security SDK can not link the device identifier to the user
Diagnostics -> Performance Data -> App Functionality, Other Purposes, No for linking to the user
Diagnostics -> Other diagnostics data -> App Functionality, Other Purposes, No for linking to the user
Other data -> App Functionality, No for linking to the user
Security diagnostics data (such as jailbreak)
Disclosure Screen
Google Play’s User Data policy indicates that a prominent disclosure should be presented to the users in case of an app collecting personal or sensitive data.
Although freeRASP collects diagnostical data (anonymous and not user-related), you (as the app publisher) should consider adding a disclosure screen, describing why the security diagnostic data is needed, what data, and how the data is used.
More about Google's best practices for prominent disclosure and consent here.
Example of disclosure screen
This Fair Usage Policy (“Policy”) is incorporated by reference into the Agreement and governs the permitted use of Talsec’s freeRASP (the “Service”) provided by Lynx SFT s.r.o. (“Talsec”, “Provider”, “we”, “us”, or “our”). By utilizing the Service, the Customer (“you”, “your”) agrees to abide by this Policy.
2. Usage Limits
The Service is provided, free of charge, for integration into mobile applications (“Applications”) under the condition that the total cumulative download count across all Applications owned or controlled by the Customer or their organization does not exceed one hundred thousand (100,000) unique devices. For clarity, multiple downloads or updates from the same device are counted as a single download, and the download limit applies collectively to all such Applications per Customer or organization.
Exceeding this threshold constitutes a breach of this Policy and obliges the Customer to transition to a commercial subscription plan.
3. Right to Reference Application Name and Logo in Marketing
Talsec reserves the right to reference the Application’s name and logo in Talsec’s marketing communications, including, but not limited to, website sections such as “Trusted by”, presentations, and other promotional materials.
4. Data Collection
The Service collects and processes security telemetry and threat data. This data is used for product enhancement, operational improvements, and aggregated security insights. By using the Service, you consent to such data collection and processing practices.
No personally identifiable information is intentionally collected or processed.
App publishers should provide clear disclosure to users in compliance with Google Play and Apple App Store policies.
5. Enforcement and Remedies
In the event of suspected or actual usage in breach of this Policy (including but not limited to exceeding limits, or interfering with data collection), Talsec may, at its sole discretion and without prejudice to any other remedies:
Suspend or terminate your license to use the Service,
Withhold or discontinue consolidated security reporting or related services,
Require immediate transition to a commercial subscription plan.
6. Policy Modifications
Talsec may revise this Policy at any time. Notice of material changes will be provided by publishing the updated Policy on the Service website. Continued use of the Service after posting will constitute acceptance of those changes.
Users can share a copy of the application on unofficial stores or various pirate forums. While some users download these copies to avoid paying for the product, they can include unknown and possibly dangerous modifications. Verifying an official installation consequently protects both the users and the owner. This reaction is also triggered, if you install the application through alternative ways like unofficial store or Xcode build.
Below are code snippets demonstrating detection of unofficial installation across various platforms:
Recommended action: Notify users that the application is installed from an unofficial store. In some cases, it is recommended to even kill the application.
Define alternative supported stores
If you want to define which applications can install the application, insert its package name in the supportedAlternativeStores (or supportedStores on Flutter) parameter. If you publish on Google Play, Huawei AppGallery, App Store (iOS), and TestFlight (iOS), you don't need to assign anything, as they are already supported out of the box.
Store / Distribution method
Package name
Notes
The application can also be installed by "cloning" apps, which users employ to transfer apps between devices. The following list comprises popular examples of such apps. By default, freeRASP categorizes them as installations from an unofficial store .
Mover / Cloner app
Package name
Finally, it's very common application gets installed through browser, file manager, cloud storage or various messaging apps. By default, freeRASP categorizes them as installations from unofficial store.
Screen Capture
Screenshot Detection
Screenshot detection identifies when a screenshot is taken on a device. Screenshots can expose sensitive app data, such as user credentials, personal content, or confidential information, leading to privacy and security risks. By detecting screenshots, apps can take preventive measures, such as:
Obscuring sensitive content before the screenshot is captured.
Notifying users that a screenshot has been taken.
Logging events for security monitoring and analysis.
Platform-Specific Implementations
Screen Recording Detection
Screen recording detection helps identify when a device's screen is being recorded. Screen recordings can capture sensitive data, such as user interactions and proprietary app content. By detecting screen recordings, apps can:
Mask sensitive information during recording.
Alert users that their screen is being recorded.
Log events for further security analysis.
Platform-Specific Implementations
Recommended action: Log the event on your BE or hide the sensitive content.
Screen Capture Protection
Screen capture protection prevents your app’s content from appearing in screenshots and screen recordings. When enabled, captured images and recordings display a black screen, protecting sensitive information.
To enable or disable protection dynamically, pass true or false.
Check Screen Capture State
To check whether screen capture is currently blocked in the application, use the following method:
For Android 11 (API 30) and lower, Screen Capture is able to help around 70% of the devices reliably. This is because on certain devices, keyboard taps can be recorded.
Read More
In our article we explain how to block screenshots, screen recording, and remote access tools in mobile apps to protect user data. It discusses security threats such as built-in screenshot tools, remote desktop apps like TeamViewer, screen mirroring software, third-party recording apps, and ADB-based access.
Watch on YouTube
Callback Delay, Telemetry Impact, and Threat Scanning Completion Status
We would like to reflect on a few performance and telemetry-related topics that emerge occasionally.
Common Questions:
Why does it take too long to finish all the checks?
How to know when all checks are finished?
When are telemetry data transmitted?
Key Notes:
Incidents that are triggered during the development (integration & testing) won't happen to a majority of users in the production.
Callbacks can be invoked slower if the freeRASP backend endpoint is overloaded. Data collection takes precedence. However, do not worry; the application will function as intended, and only callbacks might be a little delayed.
freeRASP's threat detection operates asynchronously and continuously. The Talsec.start(...) function merely initiates monitoring; it does not perform a synchronous, one-time scan that returns all results immediately. Actual threat detections are reported over time via callbacks.
The Performance
freeRASP works smoothly in production, but it may be tricky to understand all the freeRASP concepts during development. During the integration and testing of the freeRASP, you may have observed that it took longer than expected to get results for all threats (callbacks). You want to get results quickly, respond to threats effectively, and ensure there is no noticeable jankiness in the UI interactions.
freeRASP has to do a lot of work once started. The cold boot is a really intensive moment when all detections must be performed, telemetry data transmitted, and callbacks to your app must be delivered (in this order).
Talsec team efforts and community contributions allow freeRASP to improve the performance and security trade-offs continually by tuning the asynchronous processes, network activity, and internal business logic. Like that time when the internal detector ordering was reworked to significantly speed evaluation based on and the telemetry insights about the speed of detectors 👌.
Beware Development vs. Production Environment Bias
Remember the phrase "It is darkest before the dawn"? The integration and testing of freeRASP are inherently accompanied by unintentional threat callbacks invoked by incorrect provisioning of the app's signature (appIntegrity callback), using a simulator for development, an unofficial store (because you haven't published it yet), and others. We've all been there.
It may also seem disconcerting to see that it takes too long until the last expected threat callback invokes. Yet, keep in mind that in production, these incidents won't happen for the genuine unaltered apps run in normal conditions. The performance impact will be negligible. On the contrary, the comfort of a potential attacker and performance degradation in adverse conditions is acceptable.
If you're getting the appIntegrity incident in the production app, send us your packageName/bundleId and watcherMail at [email protected], and we will look into it.
Cold Boot Telemetry & Best Effort Service
freeRASP collects security diagnostics data (read more in ) in accordance with the . Every detected threat is immediately synchronously logged to a common freeRASP backend. Latencies inflicted by the overload of the endpoint are unfortunate, but we continuously improve and scale as much as possible.
freeRASP is designed to provide continuous, real-time mobile application security by operating asynchronously in the background. Unlike traditional security scans that might perform a one-time check and deliver all results synchronously, freeRASP constantly monitors for potential threats. When you call Talsec.start(...), it does not execute an immediate, comprehensive scan that finishes and returns a full snapshot of your app's security status. Instead, this function simply initiates the monitoring service, allowing freeRASP to begin its ongoing vigilance.
Due to this asynchronous nature, any immediate attempt to retrieve the security status after Talsec.start(...) is called will likely yield an outdated result. Threat detections happen over time, in the background, and freeRASP communicates these detections through callbacks. These callbacks are functions you define that get triggered when a specific threat (such as a debugger being attached or a screenshot detected) is identified. It is these callbacks that are responsible for updating your application's understanding of the current security state.
It takes some time for freeRASP to actually detect threats and trigger its corresponding callbacks to report them, the callback solution provided for all freeRASP flavors ensures an accurate reflection of freeRASP's ongoing, dynamic threat detections.
The Key Differences: freeRASP vs. RASP+
If you want to learn about the differences between freeRASP and BusinessRASP+, you’re in the right place. On this page, we’ll explore the key features and benefits of each option, compare their functionalities, and highlight how the BusinessRASP+ subscription can offer enhanced capabilities and support compared to the freeRASP plan. By the end, you’ll have a clear understanding of which solution best meets your needs and how to make the most of it.
What are the advantages of the commercial Talsec SDK subscription plans compared to freeRASP?
freeRASP is a freemium product, which means there are . For using freeRASP, please refer to the .
class FreeRaspApplication : Application() {
override fun onCreate() {
...
registerActivityLifecycleCallbacks(object : ActivityLifecycleCallbacks {
override fun onActivityCreated(activity: Activity, bundle: Bundle?) {
Talsec.blockScreenCapture(activity, false)
}
override fun onActivityStarted(activity: Activity) {}
override fun onActivityResumed(activity: Activity) {
ScreenProtector.registerScreenCallbacks(activity)
}
override fun onActivityPaused(activity: Activity) {
ScreenProtector.unregisterScreenCallbacks(activity)
}
override fun onActivityStopped(activity: Activity) {}
override fun onActivitySaveInstanceState(activity: Activity, bundle: Bundle) {}
override fun onActivityDestroyed(activity: Activity) {}
})
}
}
FreeRaspApplication.kt
override fun onCreate() {
...
Talsec.start(this, config, TalsecMode.BACKGROUND)
}
// pass your custom data (as @NonNull String)
val yourCustomData = "user_123-456"
val result = Talsec.storeExternalId(this, yourCustomData)
when(result) {
is ExternalIdResult.Success -> {
println("External ID successfully set.")
}
is ExternalIdResult.Error -> {
println("Failed to set External ID: ${result.errorMsg}")
}
if (result is ExternalIdResult.Error) {
println("Failed to set External ID: ${result.errorMsg}")
}
// Android
override fun onUntrustedInstallationSourceDetected() {...}
// iOS
case unofficialStore
// Flutter
onUnofficialStore: () => print("Unofficial store")
// Cordova
unofficialStore: () => {
// Place your reaction here
}
// React Native
unofficialStore: () => {
// Place your reaction here
}
// Capacitor
unofficialStore: () => {
// Place your reaction here
}
Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.
Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.
true
killOnBypass
bool?
Defaults to false .
Determines whether the app should be killed within the SDK, if the callbacks are hooked or modified by an attacker.
Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.
true
killOnBypass
boolean?
Defaults to false. If set to true, the application will be terminated when the threat callbacks are suppressed or hooked.
true
appIntegrity
() => any
unofficialStore
() => any
hooks
() => any
deviceBinding
() => any
deviceID
() => any
passcode
() => any
secureHardwareNotAvailable
() => any
obfuscationIssues
() => any
devMode
() => any
adbEnabled
() => any
systemVPN
() => any
malware
`(apps: SuspiciousAppInfo[]) => any
screenshot
() => any
screenRecording
() => any
multiInstance
() => any
timeSpoofing
() => any
locationSpoofing
() => any
unsecureWifi
() => any
automation
() => any
androidConfig
AndroidConfig?
Configuration for Android apps
anyAndroidConfig instance
iosConfig
IOSConfig?
Configuration for iOS apps
anyIOSConfig instance
watcherMail
string
The value is automatically used for Security Reports, Product Updates, and Talsec Portal updates, learn more.
Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the Detecting Unofficial Installation wiki page.
Prerequisites: Detection features require Android 14+ (Screenshots) or Android 15+ (Recordings) and specific permissions. Please ensure you have added them as described in the Add permissions section.
Implementation: We recommend integrating these methods at the Application level using ActivityLifecycleCallbacks to ensure they cover the entire app lifecycle:
private companion object {
private const val EXPECTED_PACKAGE_NAME = "com.aheaditec.talsec.demoapp" // Don't use Context.getPackageName!
private val EXPECTED_SIGNING_CERTIFICATE_HASH_BASE64 = arrayOf(
"mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k="
) // Replace with your release (!) signing certificate hashes
private const val WATCHER_MAIL = "[email protected]"
private val SUPPORTED_ALTERNATIVE_STORES = arrayOf(
"com.sec.android.app.samsungapps"
// add other stores, such as the Samsung Galaxy Store
)
private val IS_PROD = true
private val KILL_ON_BYPASS = true
}
FreeRaspApplication.kt
override fun onCreate() {
...
val config = TalsecConfig.Builder(
EXPECTED_PACKAGE_NAME,
EXPECTED_SIGNING_CERTIFICATE_HASH_BASE64)
.watcherMail(WATCHER_MAIL)
.supportedAlternativeStores(SUPPORTED_ALTERNATIVE_STORES)
.prod(IS_PROD)
.killOnBypass(KILL_ON_BYPASS)
.build()
}
FreeRaspApplication.kt
val deviceStateListener = object : ThreatListener.DeviceState() {
override fun onUnlockedDeviceDetected() {
println("onUnclockedDeviceDetected")
}
override fun onHardwareBackedKeystoreNotAvailableDetected() {
println("onHardwareBackedKeystoreNotAvailableDetected")
}
override fun onDeveloperModeDetected() {
println("onDeveloperModeDetected")
}
override fun onADBEnabledDetected() {
println("onADBEnabledDetected")
}
override fun onSystemVPNDetected() {
println("onSystemVPNDetected")
}
}
FreeRaspApplication.kt
val raspExecutionListener = object : ThreatListener.RaspExecutionState() {
override fun onAllChecksFinished() {
println("onAllChecksFinished")
}
}
FreeRaspApplication.kt
override fun onCreate() {
...
// Register the listeners
// You can choose which listeners to register based on your needs:
// Option A: Listens only for threats detected
// ThreatListener(threatDetectedListener).registerListener(this)
// Option B: Listens for threats detected and device state
// ThreatListener(threatDetectedListener, deviceStateListener).registerListener(this)
// Option C: Listens for threats detected and execution state
// ThreatListener(threatDetectedListener, raspExecutionListener).registerListener(this)
// Option D: Listens for all threats, device state, and execution state
ThreatListener(threatDetectedListener, deviceStateListener, raspExecutionListener).registerListener(this)
}
and are premium products with a subscription model (which includes SW licenses, SLA, maintenance updates, and more) for SDKs. It is not SaaS, which means we don't introduce any dependency on third-party web services for your mobile solution.
Talsec doesn't collect any customer data within RASP+, while freeRASP SDK sends the diagnostical information to Talsec servers to provide clients with regular security reports and improve the product. You should consider adding Talsec to the list of Data Processors in case of freeRASP usage.
Top 10 Advantages of Talsec RASP+ Business Subscription Over freeRASP
Here are the top 10 benefits of choosing a Talsec RASP+ Business subscription, which includes an SDK license, SLA, and additional services, compared to the freeRASP option.
Bypass Protection
The RASP+ binary SDK is built individually with bindings to app-specific data (such as signing certificate hash, package name, team ID, etc.), making it unique to each application. In contrast, the freeRASP SDK is a generic binary used by all users, which can be more easily recognized by attackers.
As a result, an app protected by freeRASP is less likely to pass a professional penetration test, as an experienced pentester would be able to bypass it more easily.
Device data collection by Talsec
Premium customers benefit from full control over telemetry and logging endpoints. I.e., Customers can use in-house or managed services like Elastic Cloud to collect mobile threat logs and set up Monitoring events for severe threats.
freeRASP SDK sends data to a Talsec-managed cloud DB (AWS in the USA) for product improvements, anomaly detection, freeRASP client reporting, and aggregated data analytics.
Better Resilience of API Callbacks
The RASP+ binary SDK is built individually with bindings to app-specific data (such as signing certificate hash, package name, team ID, etc.), making it unique to each application. In contrast, the freeRASP SDK is a generic binary used by all users, which can be more easily recognized by attackers. As a result, an app protected by freeRASP is less likely to pass a professional penetration test, as an experienced pentester could bypass it more easily.
AppiCrypt
AppiCrypt is our innovation and extremely powerful RASP hardening from the back-end that implements the concept of zero-trust for the apps world (app/device integrity control at the API gateway level). It is somewhat similar to a JWT verification for user authentication but AppiCrypt verifies that the request is generated by the legit and non-compromised app.
For more information, click here. The detailed whitepaper is available here.
Additional controls
In RASP+, there are additional controls compared to freeRASP, including:
UI Overlay attack protection.
Accessibility service misuse protection.
Google Play Services or Huawei Services control.
: Strings obfuscation and encryption, aka vaulting within RASP SDK (good for hiding API keys, endpoints, URLs).
Dynamic TLS pinning
Business subscription includes SDK, which helps avoid the need to republish the app in case of certificate expiration or root certificate updates.
Self-care tools
Self-Care Tools for Remote SDK Configuration enable users to handle SDK configuration and management on their own, remotely. This functionality allows for seamless adjustments and updates, giving users greater control over their SDK settings.
New upcoming features
Stay tuned for the addition of new features:
In the mid-term plan, we will be introducing several new features to further enhance security:
App Enrollment for Mutual TLS SDK.
Voluntary Data Encryption/Decryption: Protect locally stored user data and app assets, such as ML models, with optional encryption and decryption.
Simple Application Layer E2E Encryption: Implement end-to-end encryption at the application layer to protect against Man-in-the-Middle (MiTM) attacks and unauthorized access by malicious administrators. This feature combats traffic data sniffing on the server side, especially behind a TLS API gateway or in server logs.
Advanced E2E Encryption and App Enrollment SDK + Google AppCheck: Strengthen your app's security with advanced end-to-end encryption, enhanced app enrollment SDK, and Google AppCheck, which binds secrets to the client app instance.
Automated App pentesting
Typically, our subscription package includes a free, one-time automated app scanning or pentesting. This service is useful for generic validation of OWASP compliance and preparing your app for external pentesting.
Service Level Agreement
With the BusinessRASP+ subscription, you receive an SLA that covers support and maintenance updates.
For any questions, please refer to our discussion or schedule a call with us by choosing a time slot on Calendly.
Method is used to start freeRASP's audit and set up listeners for threats. Returns { started: true } when successful.
const removeThreatListener
Unregisters threat listeners. Should be called only when the app is being terminated.
const blockScreenCapture
Enables or disables screen capture blocking (Android only).
const isScreenCaptureBlocked
Checks if screen capture is currently blocked (Android only).
const storeExternalId
Stores an external ID (e.g., User ID) to be sent with reports to the Talsec Dashboard.
const removeExternalId
Removes the stored external ID.
FAQ
This page is intended to provide quick answers to common questions.
Is freeRASP right for your app?
freeRASP is our community-driven security solution, ideal for early-stage development and low-risk applications. It is primarily designed to detect dangerous threats and does not provide comprehensive mobile app protection. It is best suited for environments where regulatory compliance and advanced protections are not critical.
Please take into account that:
freeRASP includes experimental capabilities and contributes to our continuous research, product improvement, and data insights.
It offers effective baseline protection for low-risk environments.
For applications requiring enhanced protection, compliance assurance, or long-term support, RASP+ offers extended capabilities and SLA-backed support.
To learn more about acceptable use and limitations, please refer to our .
How to determine the correct value for the supportedStores parameter?
The name of a wanted supported alternative store is in the form of its package name. You need to find out the package name of the application, which installs your application. For example, these are some package names of known alternative stores:
com.xiaomi.mipicks
How does the watcherMail parameter work?
When you put a mail address into the watcherMail parameter in TalsecConfig. Talsec registers this mail address for security reports describing the application's security state and the characteristics of the devices it runs on, e.g. how many devices are rooted or if your application has been tampered with. The email ensures you get the access, security reports, and important product announcements.
See the andpages for more details.
What is the difference between the Dev and Release versions?
The Dev version is used to simplify the development process of the application, e.g. if you would implement killing of the application on the debugger callback. It disables some checks which won't be triggered during the development process:
Emulator
How do I test callbacks to verify their functionality?
The easiest way how to produce an incident (trigger local check and create a record in the security report) is to install a release build on an emulator (e.g., Android Emulator, that comes with Android Studio). Both the app and freeRASP must be in release mode. You can also use a rooted Android device/emulator, in which case you create an incident event in debug mode.
NB: Debugging detection is disabled in debug mode to prevent false positives.
Are there different types of checks performed by freeRASP?
Internally, there are two types of checks:
one-time checks,
periodic
Can the order of threat detection be configured in freeRASP?
Currently, there is no way to set the order of threat detection for freeRASP. The checks are performed asynchronously on Android and synchronously on iOS. If a check fails, the corresponding callback is executed.
What steps should I take when I'm upgrading from a previous version (<5.0.0) of freeRASP on Flutter?
There are a few steps to take when you want to do this. You need to remove the old TalsecRuntime.xcframework and integration script from your project:
Go to your project's ios folder.
What happens if I use the free version of freeRASP and my application is downloaded more than 100k times?
If you use the free version of freeRASP and your application is downloaded on more than 100,000 unique devices, you will have exceeded the allowed usage limit under the . This means you are required to switch to a . Continued use beyond this limit without transitioning to a paid plan may result in suspension or termination of your freeRASP license and discontinuation of related services.
How does integrating freeRASP affect the size of the APK?
In our experience, integrating freeRASP typically results in a more modest increase of around 13 MB in the APK size, as seen in the example app in the freeRASP project.
Does it cause performance issues if I put callbacks in multiple classes?
Putting callbacks into multiple classes shouldn't cause any performance issues, but while the general idea of dissolving checks all over the codebase is valid, you won't get many advantages, as an attacker can still circumvent duplicate sections.
Why the callbacks are not received immediately when coming from background?
Due to inevitable performance impact, freeRASP cannot perform security scans all the time, which means it can take some time to detect specific threats.
On the other hand, freeRASP performs specific checks like adbEnabled periodically. This periodicity interval is randomized, but no longer than four minutes and as of now it is not configurable. This approach helps keep your app responsive while still ensuring threat detection, though with a slight delay.
The only moment you are guaranteed all the detection will be triggered is just after the app launch. If, for example, ADB gets enabled after the app has started, you’ll need to wait for the next scan cycle to complete. Once that happens, the check will run again, and the callback will be triggered.
With Talsec, we offer additional solutions to help overcome this limitation:
The Fatal Exception: java.lang.UnsatisfiedLinkError: dlopen failedextremely rarely(!) occurs when the Android system fails to load native libraries. Talsec cannot resolve this as it stems from Android's loader or improper app distribution—ensure official app was installed with correct ABIs.
Root Causes1) [user error] Broken APK Installation
Crashes happen with stripped APKs from unofficial mirrors (ApkMirror, APKPure, Uptodown, ...) that lack proper architecture variants (e.g., wrong ABI like x86_64 instead of arm64). Learn more:
2) [system error] Android System Behavior
Native libraries may not be properly loaded during installation. Learn more:
Why am I getting Unresolved reference SCREEN_RECORDING_STATE_VISIBLE?
If your app fails to build due to unresolved symbols in ScreenProtector.kt related to screen recording protection, the issue may be caused by compileSdkVersion, even if you’ve explicitly set it to 34 or higher in your build.gradle file.
This can happen when a script, typically inside an afterEvaluate
Thank you for reading the freeRASP FAQ. If you didn't find the answer to your question, please do not hesitate to on the respective repository (preferably) or email [email protected].
Cordova
Example:
📝 Prerequisites
The freeRASP has the following prerequisites that must be met before starting.
Unreal Engine
🚨 freeRASP for Unreal Engine – Early Release [10/2025]
We’re excited to introduce freeRASP for Unreal Engine as a new flavor of our runtime protection library. As it’s still fresh, you may encounter some integration issues that need to be ironed out.
We’d love to hear about your experience—good or bad. Please
com.vivo.appstore
com.heytap.market
There are also some services, which use package installer for distribution of the application, e.g. the App Center uses com.google.android.packageinstaller or com.android.packageinstaller.
If you want to use the Dev version to disable checks, you need to set isProd parameter to false in TalsecConfig object instance. By default, the isProd parameter is set to true.
checks.
One-time checks are executed only once when the app is launched and wasn't running in the background.
Periodic checks are performed regularly, at defined intervals (e.g. every X seconds or minutes).
Open Runner.xcworkspace in Xcode.
On the top bar select Product -> Scheme -> Edit Scheme....
On the left side select Build -> Pre-actions.
Find the integration script and click the trash icon on the right side to remove it.
Open the .flutter-plugins (in the root folder of the app), and get the address where the freeRASP is installed.
Go to the given folder, and remove the freerasp folder file.
Delete .symlinks folder from project.
Run pub get.
Run pod install to test it.
RASP+
RASP+ allows you to customize the detection interval in your own SDK build to better match your requirements. We’re also working on a dynamic interval management feature, which will give you even more control over how frequently each check runs. Additionally, RASP+ includes built-in threat responses, so you won’t have to wait for callbacks to react to detections.
For more details on the differences between freeRASP and RASP+, check out our GitBook: https://docs.talsec.app/freerasp/features-and-pricing-plans/the-key-differences-freerasp-vs.-rasp+
AppiCrypt
AppiCrypt secures communication between your app and backend. It includes the results of the Talsec security audit, which you can verify server-side. This way, you can confirm that the device sending the request has passed the security checks before proceeding with further communication. Learn more about AppiCrypt here: https://docs.talsec.app/premium-products/product/appicrypt.
block, modifies or overrides your SDK version during the build process. For example, you intended setting of 35 might be replaced with 33.
To fix this, check your build.gradle files for any afterEvaluate blocks and look for lines that change the compileSdkVersion. Remove or update them to ensure your project uses the correct SDK version required for the screen recording protection feature to compile successfully.
You can also refer to the discussion and solution in this GitHub issue.
Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.
true
killOnBypass
boolean?
Defaults to false .
Determines whether the app should be killed within the SDK, if the callbacks are hooked or modified by an attacker.
true
appIntegrity
() => any
unofficialStore
() => any
hooks
() => any
deviceBinding
() => any
deviceID
() => any
passcode
() => any
secureHardwareNotAvailable
() => any
obfuscationIssues
() => any
devMode
() => any
adbEnabled
() => any
systemVPN
() => any
malware
(apps: SuspiciousAppInfo[]) => any
screenshot
() => any
screenRecording
() => any
multiInstance
() => any
timeSpoofing
() => any
locationSpoofing
() => any
unsecureWifi
() => any
automation
() => any
androidConfig
AndroidConfig?
Configuration for Android apps
anyAndroidConfig instance
iosConfig
IOSConfig?
Configuration for iOS apps
anyIOSConfig instance
watcherMail
string
The value is automatically used for Security Reports, Product Updates, and Talsec Portal updates, learn more.
Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the Detecting Unofficial Installation wiki page.
Screenshot Detection is supported on Android 14 (API level 34) and higher.
Screen Recording Detection is supported on Android 15 (API level 35) and higher.
To utilize active protection, you can use
To receive whether the screen capture is blocked, you can use
For more details about all these screen capture methods, see Screen Capture.
iOS
Skip this step if you are using "cordova-ios": "^8.0.0" or newer
freeRASP plugin uses Swift. Install the following plugin to support Swift in your project.
📦 Install the plugin
Install the plugin using Cordova CLI
⚙️ Setup the Configuration for your App
To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.
For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through this manual to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
In the the entry point to your app, import freeRASP and add the code below.
Configuration Parameters
isProd - a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.
killOnBypass - a boolean flag that enables the freeRASP in-SDK reaction to kill the application if it detects any unwanted manipulation with the callback mechanisms.
watcherMail - By providing your watcherMail, you consent to receive security reports, product updates, and other essential communications from Talsec. about the role of watcherMail.
👷 Handle detected threats
freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the Threat detection in the wiki to learn more details about the performed checks and their importance for app security.
Threat reactions can be specified inside a JavaScript object, which is then passed into the initialization function:
👷 RASP Execution State Listener
freeRASP can also notify apps when initial checks are done using the raspExecutionStateActions callback:
🛡️ Start freeRASP
freeRASP can be started after the Cordova initialization is completed, for example, inside the onDeviceReady function in the index.js.
For the version you’re integrating, you can find the specific dSYMs for debugging in Releases.
🌁 Enable source code obfuscation
The easiest way to obfuscate your app is via code minification, a technique that reduces the size of the compiled code by removing unnecessary characters, whitespace, and renaming variables and functions to shorter names. It can be configured for Android devices in android/app/build.gradle like so:
Additionally, create or extend proguard-rules.pro in android/app folder and exclude Cordova’s specific classes that rely on package names from being obfuscated:
Please note that some other modules in your app may rely on reflection, therefore it may be necessary to add corresponding keep rules into proguard-rules.pro file.
If there is a problem with the obfuscation, freeRASP will notify you about it via obfuscationIssues callback.
Read more about why this is important in the wiki.
🆔 (Optionally) Set External ID
The externalId allows you to send a custom identifier (such as a User ID) to the Talsec Portal. This identifier will be visible in the Dashboard, enabling you to correlate security incidents with specific users in your system.
Requirements
Allowed characters: Only alphanumeric characters (a-z, A-Z, 0-9) and the following special characters: +, _, -, /, :, =.
If the ID contains any other characters, the method returns false and the value is not stored.
☢️ (Optionally) Integrate freeMalwareDetection
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Visit the freeMalwareDetection repository to learn more about this feature! For the integration, refer to the integration guide for the Cordova platform.
🖥️ Check Talsec Portal
Check out Data Visualisation Portal and register using your watcherMail to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.
You have to use the same email for the Portal as you used for the watcherMail parameter.
or write us directly at [email protected]. Your feedback helps us make it better!
📝 Prerequisites
The freeRASP has the following prerequisites that must be met before starting:
Supported Unreal Engine Versions: 5.1 or higher
Minimum Android Target SDK: API Level 23
Minimum iOS Deployment Target: 15.0
🚀 Integration Steps
1
📦 Install Plugin
To install the plugin, download the latest release from the Releases page on GitHub.
Navigate to the on the GitHub repository.
Under the latest release (e.g., 0.1.0), find the Assets section.
Download the .zip or .tar.gz file, for example, Free-RASP-UnrealEngine-POC-0.1.0.zip.
Extract the archive. Inside you will find the FreeRASPPlugin folder.
Copy the entire FreeRASPPlugin directory into your project's Plugins folder. If a Plugins folder doesn't exist at the root of your project, you will need to create it first.
The correct final directory structure should look like this:
To complete the installation, please restart the Unreal Editor to allow it to detect the new plugin.
2
⚙️ Enabling the Plugin
Enabling the plugin involves two steps: enabling it in the editor and verifying the dependency in the C++ build file.
3
🧠 Handle Detected Threats
With the plugin installed and enabled, it's time to write the code to initialize freeRASP and handle its threat notifications. This process involves preparing a C++ class, initializing the plugin at startup, and implementing a function to handle threats.
🖥️ Check Talsec Portal
Check out Data Visualisation Portal and register using your watcherMail to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.
You have to use the same email for the Portal as you used for the watcherMail parameter.
The freeRASP has the following prerequisites that must be met before starting:
Minimum SDK level: 23 or higher
Gradle version: 8.12.1 or higher
Compile SDK version: 36
Did you know Talsec is a big fan of Flutter? 🥳 Check out the great Flutter-first we've prepared together with the community!
Android
Some versions of Flutter projects, by default, support lower levels of minimum SDK or Gradle version.
Update minimum SDK and compile SDK level :
From the root of your project, go to android > app > build.gradle
In defaultConfig, update minSdkVersion property to at least 23 (Android 6.0) or higher.
Update Gradle and Kotlin version:
From the root of your project, go to android > settings.gradle
In plugins
In older projects using imperative approach, the paths may be different:
From the root of your project, go to android > build.gradle
In dependencies , update version of com.android.tools.build:gradle dependecy to 8.8.1
Then you also need to update gradle wrapper:
From the root of your project, go to android > gradle> wrapper> gradle-wrapper.properties
In distributionUrl update version to 8.12.1
Add permissions for checks
Some checks require additional permissions in order to work properly. If your app already has these permissions, you don't need to add them again.
Screenshot and Screen Recording Detection
To and screen recordings , add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:
Screenshot Detection is supported on Android 14 (API level 34) and higher.
Screen Recording Detection is supported on Android 15 (API level 35) and higher.
Location Spoofing Detection
To detect location spoofing, add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:
Unsecure WiFi Detection
To detect unsecure WiFi, add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:
Utilize active protection
To utilize active protection, you can use
To check whether the screen capture is blocked, you can use:
For more details about all these screen capture methods, see .
iOS
Xcode 15 is required to be able to build the application
📦 Install the plugin
Run the following command inside the project directory to add the freeRASP dependency:
⚙️ Setup the Configuration for your App
To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Detailed descriptions of the configuration options are provided.
For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
In the entry point to your app, import freeRASP and add the following code:
It is necessary that Flutter Bindings are initialized. This can be satisfied by calling WidgetsFlutterBinding.ensureInitialized(), as shown in the code snippet above.
Configuration Parameters
isProd - a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this .
👷 Handle detected threats
freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the in the wiki to learn more details about the performed checks and their importance for app security.
freeRASP reacts to threats using ThreatCallback. Internally, each threat has its own callback (of VoidCallback type), which is called when a threat is detected.
Optionally, you can implement RaspExecutionStateCallback to listen whether initial checks were done or not:
🛡️ Start freeRASP
Start freeRASP to detect threats just by adding this line below the created config and the callback handler:
For the version you’re integrating, you can find the specific dSYMs for debugging in .
🌁 Enable source code obfuscation
In order to provide as much protection as possible, freeRASP enhances security measures by implementing ProGuard consumer rules, which obfuscate specific sections of the SDK. However, these rules are applied to your Android app code as well due to inheritance.
In certain cases, you may prefer to exclude this rule.
To remove the rule, you need to find freerasp in your cache folder. More about where to find the cache folder . Then navigate to the freerasp-X.Y.Z/android/build.gradle file and delete the line:
Read more about why obfuscation is important in the.
🆔 (Optionally) Set External ID
The externalId allows you to send a custom identifier (such as a User ID) to the . This identifier will be visible in the Dashboard, enabling you to correlate security incidents with specific users in your system.
Requirements
Allowed characters: Only alphanumeric characters (a-z, A-Z, 0-9) and the following special characters: +, _, -, /, :, =.
If the ID contains any other characters, the method throws an ExternalIdFailureException, and the value is not stored.
☢️ (Optionally) Integrate freeMalwareDetection
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Visit the repository to learn more about this feature! For the integration, refer to the for the Flutter platform.
🖥️ Check Talsec Portal
Check out and register using your to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.
You have to use the same email for the Portal as you used for the watcherMail parameter.
Unity
🚨 freeRASP for Unity – Early Release [6/2025]
We’re excited to introduce freeRASP for Unity as a new flavor of our runtime protection library. As it’s still fresh, you may encounter some integration issues that need to be ironed out.
We’d love to hear about your experience—good or bad. Please or write us directly at [email protected]. Your feedback helps us make it better!
Example:
📝 Prerequisites
The freeRASP has the following prerequisites that must be met before starting:
Unity Editor level: 6 or higher
Minimum SDK level: 23 or higher
📦 Install Plugin
First, you'll need to install freeRASP for Unity. Head over to [] and download the latest plugin. The plugin file should have a .unitypackage extension.
Next, import the plugin into your Unity project: right-click on Assets → Import Package → Custom Package.
Android (freeRASP for Android v15.1.0)
⚙️ Set Up the Configuration for Your App
To ensure freeRASP works properly, you need to configure and initialize it with the required settings. All necessary values must be provided for the plugin to function correctly. Detailed explanations of each configuration option are available on the .
The first step involves obtaining your app's signing certificate hashes in Base64 format. Refer to the provided for comprehensive guidance on app signing, which covers both manual signing methods and Google Play's app signing service.
In this guide, we'll create the Game.cs script (see our ) attached to a GameObject to initialize freeRASP and configure reactions. You can use any other scripts in your business logic that are initiated when the app starts.
To make your Game.cs script run, you need to attach it to a GameObject in your Scene (drag'n'drop the Game.cs onto some object):
Create an empty GameObject in your scene (or select an existing one).
In the Game.cs (or your app’s entry point), import freeRASP and add the following code:
👷 Handle detected threats
To receive threat notifications, implement the AndroidThreatDetectedCallback interface. It contains multiple methods that are triggered when freeRASP periodically scans the device for security threats. Implement these methods within your game logic or main application class.
Add freeRASP Maven Repository
iOS (freeRASP for iOS v6.11.0)
⚙️ Set Up the Configuration for Your App
To ensure freeRASP works properly, you need to configure and initialize it with the required settings. All necessary values must be provided for the plugin to function correctly. Detailed explanations of each configuration option are available on the .
To make your Game.cs script run, you need to attach it to a GameObject in your Scene (drag'n'drop the Game.cs onto some object):
Create an empty GameObject in your scene (or select an existing one).
In your app’s entry point, import freeRASP and add the following code:
👷 Handle detected threats
To receive threat notifications, implement the IOSThreatDetectedCallback interface. It contains multiple methods that are triggered when freeRASP periodically scans the device for security threats. Implement these methods within your game logic or main application class.
Add freeRASP
Once you are done with your game in Unity Hub; proceed to export the project. Once exported, open up the project in Xcode and add freeRASP dependency:
From GitHub, Copy Talsec folder into your Application folder.
(select v6.11.0: )
Drag & drop the Talsec folder to your .xcworkspace.
Add TalsecRuntime framework to Target > Build Phases > Link Binary With Libraries.
Note: In case you are using Carthage, the zipped version of the framework is included in the GitHub Releases ().
🖥️ Check Talsec Portal
Check out and register using your to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.
You have to use the same email for the Portal as you used for the watcherMail parameter.
-keep class org.apache.cordova.** {*;}
-keep public class * extends org.apache.cordova.CordovaPlugin
-flattenpackagehierarchy
import { Talsec } from 'cordova-talsec-plugin-freerasp';
declare var talsec: Talsec;
const yourCustomData = "user_123-456";
const result = await talsec.storeExternalId(yourCustomData);
if (result) {
console.log("External ID successfully set.");
} else {
console.log("Failed to set External ID. Check if it contains allowed characters.");
}
Update version of com.android.application plugin to 8.8.1
Update version of org.jetbrains.kotlin.android plugin to 2.1.0
killOnBypass - a boolean flag that enables the freeRASP in-SDK reaction to kill the application if it detects any unwanted manipulation with the callback mechanisms.
watcherMail - By providing your watcherMail, you consent to receive security reports, product updates, and other essential communications from Talsec. Learn more about the role of watcherMail.
android {
compileSdk 35
// ... some other declarations ...
defaultConfig {
minSdkVersion 23
// ... some other declarations ...
}
}
android/settings.gradle
plugins {
id "dev.flutter.flutter-plugin-loader" version "1.0.0"
id "com.android.application" version "8.8.1" apply false
id "org.jetbrains.kotlin.android" version "2.1.0" apply false
}
// pass your custom data (as String)
final yourCustomData = "user_123-456";
try {
await Talsec.instance.storeExternalId(yourCustomData);
print("External ID successfully set.");
} on ExternalIdFailureException catch(e) {
print("Failed to set External ID: ${e.message}");
}
In the main Unreal Engine menu, navigate to Edit -> Plugins.
In the left panel, find the Project -> Security category.
Locate the FreeRASP plugin and ensure the Enabled checkbox is checked.
Open your project's build configuration file, named <project_name>.Build.cs. Verify that the module name FreeRASPPlugin is added to the PublicDependencyModuleNames list.
It should look similar to this example:
C++ Class Preparation (.h)
First you need to prepare a class to receive threat notifications. The recommended place for this is your APlayerController class, as it persists for the entire game session.
In your class's header file (.h), include the plugin's header and define the function that will act as the callback.
Example AFreeRASPPlayerController.h:
Plugin Initialization (.cpp)
Initialization should occur as early as possible when the game starts. The BeginPlay() method is the ideal place for this. Here, you will connect your HandleSecurityThreat function and set the configuration parameters for freeRASP.
Detailed explanations of each configuration option are available on the Android API and iOS API pages.
Configuration Options: AppBundleIds, AppTeamId, PackageName, SigningCertificates, AlternativeStores, WatcherEmail and IsProduction
Example MyPlayerController.cpp:
Handler Implementation (.cpp)
Finally, implement the logic for the HandleSecurityThreat function itself. This part of the code decides what happens when a specific threat is detected.
freeRASP requires a minimum SDK level of 23. React Native projects, by default, support even lower levels of minimum SDK. This creates an inconsistency we must solve by updating the minimum SDK level of the application:
From the root of your project, go to android > build.gradle.
In buildscript, update minSdkVersion to at least 23 (Android 6.0) or higher.
Raise Kotlin version
Since freeRASP 4.0.0, it is necessary to raise version of Kotlin in your project. This applies for projects running on RN < 0.77.
From the root of your project, go to android > build.gradle (or equivalent).
In buildscript.ext, update kotlinVersion to at least 2.0.0 or higher.
In buildscript.dependencies, specify the same version forkotlin-gradle-plugin .
Screenshot Detection is supported on Android 14 (API level 34) and higher.
Screen Recording Detection is supported on Android 15 (API level 35) and higher.
To utilize active protection, you can use
To receive whether the screen capture is blocked, you can use
For more details about all these screen capture methods, see Screen Capture.
iOS
freeRASP React Native plugin uses Pods. Navigate to the ios folder and run:
📦 Install the plugin
Install the plugin using your preferred package manager
Navigate to the ios folder and run:
⚙️ Setup the Configuration for your App
To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.
In the the entry point to your app, import freeRASP and add the code below.
For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through this manual to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
FreeRASP provides a React Custom Hook that handles all required logic as registration of freeRASP, mounting and unmounting of listeners for you.
Configuration Parameters
isProd - a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.
killOnBypass - a boolean flag that enables the freeRASP in-SDK reaction to kill the application if it detects any unwanted manipulation with the callback mechanisms.
watcherMail - By providing your watcherMail, you consent to receive security reports, product updates, and other essential communications from Talsec. about the role of watcherMail.
👷 Handle detected threats
freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the Threat detection in the wiki to learn more details about the performed checks and their importance for app security.
Threat reactions should be specified inside a JavaScript object.
👷 RASP Execution State Listener
freeRASP can also notify apps when initial checks are done using the raspExecutionStateActions callback:
🛡️ Start freeRASP
Start freeRASP to detect threats by calling the useFreeRasp hook, below the created config and the callback handler:
Please note that useFreeRasp Hook should be called outsideuseEffect.
When freeRASP initializes correctly, you should see freeRASP initialized message in the logs. Otherwise, you'll see a warning with a description of what went wrong.
You can override this default behaviour by extending the actions object with started key (to change action after successful initialization), and initializationError key (to set up action after unsuccessful initialization)
For the version you’re integrating, you can find the specific dSYMs for debugging in Releases.
Alternative: Initialize freeRASP in a Class component
Import methods from the freeRASP plugin:
Override componentDidMount() method in the entry point to your app set listeners to threats and start freeRASP:
In this code snippet, actions is object with your reactions to threats and config is a freeRASP configuration object from previous parts of the readme.
Override componentWillUnmount() method where you clean up the listeners:
🌁 Enable source code obfuscation
The easiest way to obfuscate your app is via code minification, a technique that reduces the size of the compiled code by removing unnecessary characters, whitespace, and renaming variables and functions to shorter names. It can be configured for Android devices in android/app/build.gradle like:
Please note that some other modules in your app may rely on reflection, therefore it may be necessary to add corresponding keep rules into proguard-rules.pro file.
If there is a problem with the obfuscation, freeRASP will notify you about it via obfuscationIssues callback.
Read more about why this is important in the wiki.
🆔 (Optionally) Set External ID
The externalId allows you to send a custom identifier (such as a User ID) to the Talsec Portal. This identifier will be visible in the Dashboard, enabling you to correlate security incidents with specific users in your system.
Requirements
Allowed characters: Only alphanumeric characters (a-z, A-Z, 0-9) and the following special characters: +, _, -, /, :, =.
If the ID contains any other characters, the promise will be rejected with an error message and the value will not be stored.
☢️ (Optionally) Integrate freeMalwareDetection
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Visit the freeMalwareDetection repository to learn more about this feature! For the integration, refer to the integration guide for the React Native platform.
🖥️ Check Talsec Portal
Check out Data Visualisation Portal and register using your watcherMail to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.
You have to use the same email for the Portal as you used for the watcherMail parameter.
The following structure outlines the critical directories and files you will interact with during the integration. The project is divided into the shared module (logic) and platform-specific modules (configuration).
Pay attention to the highlighted files, as these are the exact locations where you will apply changes in the upcoming steps.
📝 Prerequisites
The freeRASP has the following prerequisites that must be met before starting:
Kotlin version: 2.2.0
Minimum Android Target SDK: API Level 23
Minimum iOS Deployment Target: 13.0
🚀 Integration Steps
1
📦 Dependency Setup
To enable the SDK, you must configure your project to access the required repositories and native binaries across all target platforms.
Update the settings.gradle.kts file to include the necessary URLs within the dependencyResolutionManagement block.
Ensure that the XCFramework dependencies are correctly linked and available to the iOS target of your Kotlin Multiplatform project.
Navigate to the Assets section of GitHub Releases and download the Frameworks.zip archive. This package contains the required binaries:
TalsecRuntime.xcframework
TalsecBridge.xcframework
Once downloaded, unzip (extract) the archive.
For better project organization, we suggest creating a dedicated Frameworks folder within your iosApp directory (at the same level as iosApp.xcodeproj) to store these files.
Expected structure:
Navigate to the iosApp directory via terminal and launch the project in Xcode using the following commands:
In Xcode, navigate to the Project Navigator (left sidebar) and select your project root.
Select your application Target (usually named iosApp).
Scroll down to the Frameworks, Libraries, and Embedded Content section and click the + button at the bottom of the list.
Declare the dependencies in the build.gradle.kts file of your :composeApp or :shared module (typically inside the commonMain source set):
2
🔐Add Permissions to AndroidManifest.xml
Some checks require additional permissions in order to work properly. Add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag. If your app already has these permissions, you don't need to add them again.
3
⚙️ Application Configuration Setup
To ensure freeRASP functions correctly in a Kotlin Multiplatform environment, you need to provide the necessary configuration within the shared module. All required values must be filled in for the plugin to operate properly.
Create a Security Manager
It is recommended to encapsulate the configuration and initialization logic into a separate singleton object (e.g.
4
🧠 Handle Detected Threats
Once the configuration is ready, you need to start the monitoring service and listen for incoming threats.
Implement Monitoring Logic
Update your SecurityManager
🌁 How to Enable Source Code Obfuscation
Code obfuscation (minification) is a critical security step that reduces the size of the compiled code and renames classes and variables to make reverse engineering significantly more difficult.
To enable obfuscation for the Android target, update the build.gradle.kts file in your shared module (usually :composeApp or :androidApp):
Important Notes
Reflection - Some other modules in your project may rely on reflection. If the app crashes after enabling obfuscation, you may need to add specific keep rules to your proguard-rules.pro file.
Obfuscation Callback - If there is an issue with the obfuscation configuration regarding freeRASP, the plugin will notify you via the obfuscationIssues callback.
👉 Read more about the importance of obfuscation in the wiki. 👈
☢️ Optional Module: freeMalwareDetection
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application. It quickly and efficiently scans for malicious or suspicious applications (e.g., Android malware) based on various blacklists and security policies.
This feature helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
This feature is available only for the Android platform.
To learn more about this feature and its integration, please refer to the official documentation.
Check out Data Visualisation Portal and register using your watcherMail to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.
You have to use the same email for the Portal as you used for the watcherMail parameter.
using UnrealBuildTool;
public class freeRASP4 : ModuleRules
{
public freeRASP4 (ReadOnlyTargetRules Target) : base(Target)
{
PCHUsage = PCHUsageMode.UseExplicitOrSharedPCHs;
PublicDependencyModuleNames.AddRange(new string[] {
"Core",
"CoreUObject",
"Engine",
"InputCore",
"EnhancedInput",
"AIModule",
"StateTreeModule",
"GameplayStateTreeModule",
"UMG",
"FreeRASPPlugin" // <-- check if this line is added
});
}
}
#pragma once
#include "CoreMinimal.h"
#include "GameFramework/PlayerController.h"
#include "FreeRASPPluginLibrary.h" // <-- 1. Include the header file
#include "FreeRASPPlayerController.generated.h"
/**
* Basic PlayerController class for a game
*/
UCLASS(abstract)
class AFreeRASPPlayerController : public APlayerController
{
GENERATED_BODY()
protected:
/** Input Mapping Contexts */
UPROPERTY(EditAnywhere, BlueprintReadOnly, Category = "Input", meta = (AllowPrivateAccess = "true"))
TArray<UInputMappingContext*> DefaultMappingContexts;
/** Input mapping context setup */
virtual void SetupInputComponent() override;
virtual void BeginPlay() override; // initialize FreeRASP here
UFUNCTION()
void HandleSecurityThreat(ThreatType ThreatType); // define this method to receive threat callbacks
};
#include "AFreeRASPPlayerController.h" // Include your header file
#include "FreeRASPPluginLibrary.h" // Include the plugin header
void AFreeRASPPlayerController::BeginPlay()
{
Super::BeginPlay();
// Get the FreeRASP plugin library instance
if (UFreeRASPPluginLibrary* FreeRASPLib = GetGame->GetSubsystem<UFreeRASPPluginLibrary>())
{
// 1. Bind your function to the threat detection event
// The class name here MUST match the class you are in (e.g., AMyPlayerController)
FreeRASPLib->OnSecurityThreatDetected.AddDynamic(this, &AFreeRASPPlayerController::HandleSecurityThreat);
// 2. Prepare the configuration
// Important: These values are placeholders. Replace them with your actual data.
// iOS Configuration
TArray<FString> AppBundleIds;
AppBundleIds.Add(TEXT("com.game.bundle.id"));
FString AppTeamId = TEXT("1AB2C3");
// Android Configuration
FString PackageName = TEXT("com.talsec.free.rasp.game");
TArray<FString> SigningCertificates;
SigningCertificates.Add(TEXT("ilx/AtYu7TpAu5cma4JdDXio5bayFSi89axnyOCjfFo="));
TArray<FString> AlternativeStores;
AlternativeStores.Add(TEXT("com.samsung.android.apps.galaxyapp"));
// General Configuration
FString WatcherEmail = TEXT("[email protected]");
bool IsProduction = true; // Set to false for development builds
// 3. Initialize freeRASP
FreeRASPLib->InitializeTalsec(
AppBundleIds,
AppTeamId,
PackageName,
SigningCertificates,
AlternativeStores,
WatcherEmail,
IsProduction
);
}
}
void AFreeRASPPlayerController::HandleSecurityThreat(ThreatType ThreatType)
{
UE_LOG(LogTemp, Warning, TEXT("Security threat detected: %d"), ThreatType);
switch (ThreatType) {
case ThreatType::OnPrivilegedAccess:
UE_LOG(LogTemp, Warning, TEXT("Privileged access threat detected"));
break;
case ThreatType::OnAppIntegrity:
UE_LOG(LogTemp, Warning, TEXT("App integrity threat detected"));
break;
case ThreatType::OnDebug:
UE_LOG(LogTemp, Warning, TEXT("Debug threat detected"));
break;
case ThreatType::OnSimulator:
UE_LOG(LogTemp, Warning, TEXT("Simulator threat detected"));
break;
case ThreatType::OnUnofficialStore:
UE_LOG(LogTemp, Warning, TEXT("Unofficial store threat detected"));
break;
case ThreatType::OnHookDetected:
UE_LOG(LogTemp, Warning, TEXT("Hook threat detected"));
break;
case ThreatType::OnDeviceBinding:
UE_LOG(LogTemp, Warning, TEXT("Device binding threat detected"));
break;
case ThreatType::OnDeviceID:
UE_LOG(LogTemp, Warning, TEXT("Device ID threat detected"));
break;
case ThreatType::OnObfuscationIssues:
UE_LOG(LogTemp, Warning, TEXT("Obfuscation issues threat detected"));
break;
case ThreatType::OnScreenshot:
UE_LOG(LogTemp, Warning, TEXT("Screenshot threat detected"));
break;
case ThreatType::OnScreenRecording:
UE_LOG(LogTemp, Warning, TEXT("Screen recording threat detected"));
break;
case ThreatType::OnPasscode:
UE_LOG(LogTemp, Warning, TEXT("Passcode threat detected"));
break;
case ThreatType::OnPasscodeChange:
UE_LOG(LogTemp, Warning, TEXT("Passcode change threat detected"));
break;
case ThreatType::OnSecureHardwareNotAvailable:
UE_LOG(LogTemp, Warning, TEXT("Secure hardware not available threat detected"));
break;
case ThreatType::OnDevMode:
UE_LOG(LogTemp, Warning, TEXT("Dev mode threat detected"));
break;
case ThreatType::OnADBEnabled:
UE_LOG(LogTemp, Warning, TEXT("ADB enabled threat detected"));
break;
case ThreatType::OnSystemVPN:
UE_log(LogTemp, Warning, TEXT("System VPN threat detected"));
break;
case ThreatType::Unknown:
UE_LOG(LogTemp, Warning, TEXT("Unknown threat detected"));
break
}
}
using UnityEngine;
public class Game : MonoBehaviour
{
// Start is called once before the first execution of Update after the MonoBehaviour is created
void Start()
{
bool isProd = true;
string watcherMailAddress = "[email protected]";
// Android related configs
string expectedPackageName = "com.unity.rasp.game";
string[] expectedSigningCertificateHashBase64 = new string[] { "Tmac/QIomCqEGS1jYqy9cMMrqaitVoZLpjXzCMnt55Q=" };
string[] supportedAlternativeStores = new string[] { "com.sec.android.app.samsungapps" };
// initialize talsec
TalsecPlugin.Instance.initAndroidTalsec(expectedPackageName, expectedSigningCertificateHashBase64,
supportedAlternativeStores, watcherMailAddress, isProd);
TalsecPlugin.Instance.setAndroidCallback(this); // set Android callback
}
// Update is called once per frame
void Update()
{
}
}
// Implementation of AndroidThreatDetectedCallback interface
public void onRootDetected()
{
Debug.Log("Unity - Root detected");
}
public void onTamperDetected()
{
Debug.Log("Unity - Tamper detected");
}
public void onDebuggerDetected()
{
Debug.Log("Unity - Debugger detected");
}
public void onEmulatorDetected()
{
Debug.Log("Unity - Emulator detected");
}
public void onObfuscationIssuesDetected()
{
Debug.Log("Unity - Obfuscation issues detected");
}
public void onScreenshotDetected()
{
Debug.Log("Unity - Screenshot detected");
}
public void onScreenRecordingDetected()
{
Debug.Log("Unity - Screen recording detected");
}
public void onUntrustedInstallationSourceDetected() {
Debug.Log("Unity - Untrusted installation source detected");
}
public void onHookDetected() {
Debug.Log("Unity - Hook detected");
}
public void onDeviceBindingDetected() {
Debug.Log("Unity - Device binding detected");
}
public void onUnlockedDeviceDetected() {
Debug.Log("Unity - Unlocked device detected");
}
public void onHardwareBackedKeystoreNotAvailableDetected() {
Debug.Log("Unity - Hardware backed keystore not available detected");
}
public void onDeveloperModeDetected() {
Debug.Log("Unity - Developer mode detected");
}
public void onADBEnabledDetected() {
Debug.Log("Unity - ADB enabled detected");
}
public void onSystemVPNDetected() {
Debug.Log("Unity - System VPN detected");
}
using System;
using UnityEngine;
using System.Collections;
using System.Collections.Generic;
public class Game : MonoBehaviour
{
// Start is called once before the first execution of Update after the MonoBehaviour is created
void Start()
{
// common configs
bool isProd = true;
string watcherMailAddress = "[email protected]";
// iOS related configs
string[] appBundleIds = new string[] { "com.unity.freeRASP" };
string teamId = "TEAM ID";
// initialize talsec
TalsecPlugin.Instance.initiOSTalsec(appBundleIds, teamId, watcherMailAddress, isProd);
TalsecPlugin.Instance.setiOSCallback(this); // set callback
}
}
// Implementation of IOSThreatDetectedCallback interface
public void signatureDetected() {
Debug.Log("Signature detected");
}
public void jailbreakDetected() {
Debug.Log("Jailbreak detected");
}
public void debuggerDetected() {
Debug.Log("Debugger detected");
}
public void runtimeManipulationDetected() {
Debug.Log("Runtime manipulation detected");
}
public void passcodeDetected() {
Debug.Log("Passcode detected");
}
public void passcodeChangeDetected() {
Debug.Log("Passcode change detected");
}
public void simulatorDetected() {
Debug.Log("Simulator detected");
}
public void missingSecureEnclaveDetected() {
Debug.Log("Unity - Missing secure enclave detected");
}
public void deviceBindingDetected() {
Debug.Log("Device binding detected");
}
public void unofficialStoreDetected() {
Debug.Log("Unofficial store detected");
}
public void systemVPNDetected() {
Debug.Log("System VPN detected");
}
public void screenshotDetected() {
Debug.Log("Screenshot detected");
}
public void screenRecordingDetected() {
Debug.Log("Screen recording detected");
}
public void deviceIDDetected() {
Debug.Log("Device ID detected");
}
To enable detection for screenshots and screen recordings, include these required permissions:
Support Limitations
Screenshot Detection is supported on Android 14 (API level 34) and higher.
Screen Recording Detection is supported on Android 15 (API level 35) and higher.
Location Spoofing Detection
To enable detection for location spoofing, include these required permissions:
Unsecure WiFi Detection
To enable detection for unsecure WiFi, include these required permissions:
Quick Copy
SecurityManager
). This keeps your UI code clean and makes the security logic reusable.
Create a new file in your common source set and define the configuration:
Configuration Parameters
isProd - a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.
killOnBypass - a boolean flag that enables the freeRASP in-SDK reaction to kill the application if it detects any unwanted manipulation with the callback mechanisms.
watcherMail - By providing your watcherMail, you consent to receive security reports, product updates, and other essential communications from Talsec. about the role of watcherMail.
to start the freeRASP engine and handle the
threatEvents
flow.
Initialize in Entry Point
Finally, call the start method from your main UI entry point (e.g., App.kt) using a LaunchedEffect. This ensures monitoring begins as soon as the app launches.
freeRASP for Android requires a minSdkVersion level of >=23 and a targetSdkVersion level of >=36. Some Capacitor projects, by default, support even lower levels of minimum and target SDKs. This creates an inconsistency we must solve by updating the SDK levels of the application:
From the root of your project, go to android > variables.gradle (or equivalent).
In ext, update minSdkVersion to at least 23 (Android 6.0) or higher.
Raise Kotlin version
Since freeRASP 2.0.0, it is necessary to raise version of Kotlin in your project.
From the root of your project, go to android > build.gradle (or equivalent).
In buildscript.ext, update kotlin_version to at least 2.0.0 or higher.
Screenshot Detection is supported on Android 14 (API level 34) and higher.
Screen Recording Detection is supported on Android 15 (API level 35) and higher.
To utilize active protection, you can use
To receive whether the screen capture is blocked, you can use
For more details about all these screen capture methods, see Screen Capture.
📦 Install the plugin
Install the plugin using your preferred package manager
Synchronize the project files across native platforms
⚙️ Setup the Configuration for your App
To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.
For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through this manual to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
In the the entry point to your app, import freeRASP and add the code below.
Configuration Parameters
isProd - a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this wiki section.
killOnBypass - a boolean flag that enables the freeRASP in-SDK reaction to kill the application if it detects any unwanted manipulation with the callback mechanisms.
watcherMail - By providing your watcherMail, you consent to receive security reports, product updates, and other essential communications from Talsec. about the role of watcherMail.
👷 Handle detected threats
freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the Threat detection in the wiki to learn more details about the performed checks and their importance for app security.
Threat reactions can be specified inside a JavaScript object, which is then passed into the initialization function:
👷 RASP Execution State Listener
freeRASP can also notify apps when initial checks are done using the raspExecutionStateActions callback:
🛡️ Start freeRASP
Pass the configuration and reactions you set up in previous steps into startFreeRASP function.
Based on your framework, we recommend:
In React: Wrap this function in useEffect with an empty dependency array
In Vue: Call the method inside the mounted property
In Angular: Call the method inside the ngOnInit method
For the version you’re integrating, you can find the specific dSYMs for debugging in Releases.
🌁 Enable source code obfuscation
The easiest way to obfuscate your app is via code minification, a technique that reduces the size of the compiled code by removing unnecessary characters, whitespace, and renaming variables and functions to shorter names. It can be configured for Android devices in android/app/build.gradle like so:
Please note that some other modules in your app may rely on reflection, therefore it may be necessary to add corresponding keep rules into proguard-rules.pro file.
If there is a problem with the obfuscation, freeRASP will notify you about it via obfuscationIssues callback.
Read more about why this is important in the wiki.
🆔 (Optionally) Set External ID
The externalId allows you to send a custom identifier (such as a User ID) to the Talsec Portal. This identifier will be visible in the Dashboard, enabling you to correlate security incidents with specific users in your system.
Requirements
Allowed characters: Only alphanumeric characters (a-z, A-Z, 0-9) and the following special characters: +, _, -, /, :, =.
If the ID contains any other characters, the method returns false and the value is not stored.
☢️ (Optionally) Integrate freeMalwareDetection
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Visit the freeMalwareDetection repository to learn more about this feature! For the integration, refer to the integration guide for the Capacitor platform.
🖥️ Check Talsec Portal
Check out Data Visualisation Portal and register using your watcherMail to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.
You have to use the same email for the Portal as you used for the watcherMail parameter.
// returns `true` if freeRASP starts successfully; you can ignore this value
const started = await startFreeRASP(config, actions, raspExecutionStateActions);
import { storeExternalId } from 'capacitor-freerasp';
const yourCustomData = "user_123-456";
const result = await storeExternalId(yourCustomData);
if (result) {
console.log("External ID successfully set.");
} else {
console.log("Failed to set External ID. Check if it contains allowed characters.");
}
suspend fun start(config: freeraspConfig)
suspend fun addToWhiteList(packageName: String)
suspend fun blockScreenCapture(enable: Boolean)
suspend fun isScreenCaptureBlocked(): Boolean
suspend fun getAppIcon(packageName: String): String
suspend fun storeExternalId(data: String)
Required. The email address where security reports will be sent.
isProd
Boolean
true
If true, the SDK runs in production mode. If false, strict checks are disabled for development. See Wiki↗
killOnBypass
Boolean
true
If true, the app will terminate automatically when a critical threat (e.g., Hooking, Debugging) is detected.
A list of allowed alternative app stores .
malwareConfig
MalwareConfig?
null
Optional configuration for the Malware Detection module.
A list of suspicious permission combinations.
whitelistedInstallationSources
List<String>
[]
A list of trusted installation sources (stores).
UnofficialStore
🤖 🍎
Detects if the app was installed from an unrecognized source.
Hooks
🤖 🍎
Detects hooking frameworks (e.g., Frida, Xposed) injected into the process.
DeviceBinding
🤖 🍎
Detects if the device identity or cryptographic keys have changed.
Screenshot
🤖 🍎
Notification that a screenshot was taken.
ScreenRecording
🤖 🍎
Notification that screen recording is active.
Passcode
🤖 🍎
Detects if the device is not protected by a lock screen.
SecureHardwareNotAvailable
🤖 🍎
Detects if the hardware-backed keystore is unavailable.
SystemVPN
🤖 🍎
Detects if a system-wide VPN is active.
AllChecksFinished
🤖 🍎
Confirms that the initialization is complete and all active security checks have been executed.
DeviceID
🍎
Indicates that the unique device identifier has changed or is inconsistent.
ObfuscationIssues
🤖
Detects if the code is not properly obfuscated (missing ProGuard/R8).
DevMode
🤖
Detects if Developer Options are enabled in settings.
AdbEnabled
🤖
Detects if USB Debugging (ADB) is active.
MultiInstance
🤖
Detects App Cloning (multiple instances running).
UnsecureWifi
🤖
Detects connection to an unencrypted Wi-Fi network.
TimeSpoofing
🤖
Detects manual manipulation of system time.
LocationSpoofing
🤖
Detects attempts to falsify the device’s location to bypass geofences or fake presence.
Compare freeRASP and RASP+ features, pricing plans, and use cases, and discover how Talsec’s multi-layered app and API protection helps secure mobile apps, APIs, and users against modern threats.
Talsec's Multi-Layered App and API Protection Model
L0 - Detect Attacks: Check app security state with freeRASP & Talsec Portal insights
L1 - Protect App: Pass pentests, combat reverse engineering, and comply with regulations with and
L2 - Protect Transactions: Combat API abuse, bots, web-scraping and MiTM with
L3 - Protect Users: Combat social engineering, phishing, malware with and
Talsec offers enhanced features and benefits with our RASP+ plans, building on top of our freeRASP offering. Here’s what you can expect:
No limitations of freeRASP's : Have an unrestricted number of app downloads* (beyond the 100k cap of freeRASP).
No Data Collection to Talsec Database: Your app's data is sent to your data collection services. You can even disable data collection.
FinTech Grade Security: Experience advanced security features and service-level agreements (SLAs) tailored for the financial technology sector.
For further details, please refer to the .
AppiCrypt®
One of the most valued commercial features is - App Integrity Cryptogram.
It allows easy-to-implement API protection and App Integrity verification on the backend to prevent API abuse:
Bruteforce attacks
Botnets
API abuse by App impersonation
Session-hijacking
It is a unified solution that works across all mobile platforms without dependency on external web services (i.e., without extra latency, an additional point of failure, and maintenance costs).
Learn more about commercial features at .
You can try freeRASP and then upgrade easily to an enterprise service.
Plans Comparison
freeRASP is freemium software, i.e. there is a that imposes some limitations on free usage.
for premium products.
freeRASP
RASP+ Starter
Full App Safety Suite Starter
Full App Safety Suite Business
For additional comparison details and information on planned features, please see the .
Bypass Protection: RASP+ offers enhanced security with app-specific SDK customisation, while freeRASP uses a universal binary that is more susceptible to bypass.
Enhanced API Protection: Safeguard your APIs and benefit from risk scoring with our proprietary technology, AppiCrypt®.
DDoS
App Shielding SDK
freeRASP SDK is a free, easy-to-integrate runtime threat detection solution for small businesses and projects, supporting up to 100,000 device downloads. It helps you quickly grasp the main features, experiment, and try integrating Talsec SDKs.
While it is a good threat detection tool, freeRASP’s limited resilience against bypasses and limited telemetry data collection make it unsuitable for commercial use in production, especially in regulated or privacy-sensitive domains.
RASP+ SDK delivers banking-grade security designed for professional, regulated, or high-risk apps needing maximum hardening.
RASP+ is built to pass rigorous penetration tests, ensuring real-time detection and mitigation of attacks.
It guarantees compliance and robust defense.
RASP+ SDK delivers banking-grade security designed for professional, regulated, or high-risk apps needing maximum hardening.
Its customizable SDKs include advanced threat prevention like AppiCrypt for API and Transaction Integrity protection. ✅
RASP+ is built to pass rigorous penetration tests, ensuring real-time detection and mitigation of attacks.
It guarantees compliance and robust defense.
RASP+ SDK delivers banking-grade security designed for professional, regulated, or high-risk apps needing maximum hardening.
Its customizable SDKs include advanced threat prevention like AppiCrypt for API and Transaction Integrity protection.
RASP+ is built to pass rigorous penetration tests, ensuring real-time detection and mitigation of attacks.
With strict privacy (no data sent to Talsec) ✅, it guarantees compliance and robust defense.
Resilience to Reverse Engineering and bypass
limited
advanced ✅
advanced ✅
advanced ✅
SDK obfuscation
limited
(same for all users)
advanced (individual per build) ✅
advanced (individual per build) ✅
advanced (individual per build) ✅
Root & jailbreak protections
su, Magisk, Dopamine, KernelSU, HideMyApplist, Shamiko
basic
advanced ✅
advanced ✅
advanced ✅
Runtime reverse engineering controls
Debugger
Emulator / Simulator
Hooking and reversing frameworks (e.g. Frida, Magisk, XPosed, Cydia Substrate and more)
basic
advanced ✅
advanced ✅
advanced ✅
Runtime integrity controls
Tampering protection
Repackaging / Cloning protection
Device binding protection
basic
advanced ✅
advanced ✅
advanced ✅
Device OS security status check
HW security module
Screen lock
Google Play Services availability
yes
yes
yes
yes
Anti-Spoofing & Misuse detection
Unsecure WiFi Detection
yes
yes
yes
yes
Screen Capture protection
Block Screen Capture, Mirroring, Sharing
Detect Screenshot, Screen Recording
yes
yes
yes
yes
UI protection
Overlay protection
Accessibility services misuse protection
no
yes ✅
yes ✅
yes ✅
Penetration Test Ready
can be bypassed by professional
designed to sustain pentesting ✅
designed to sustain pentesting ✅
designed to sustain pentesting ✅
App Hardening Suite
for Strings Protection
Protect secrets in your code, third-party API keys, tokens, encryption keys, config files
On-the-fly key provisioning and rotation
no
no
yes ✅
yes ✅
Strong MitM and DNS spoofing protection
Decoupled certificate and app lifecycle
Pins never stored in app
no
no
yes ✅
yes ✅
AppiCrypt® - App Integrity Cryptogram
API protection and anti-API abuse
Transactions authenticity and integrity verification
Device Risk Scoring
no
no
yes ✅
yes ✅
API protection and anti-API abuse
Transactions authenticity and integrity verification
Browser-based Apps protection using WebAssembly
no
no
no
yes ✅
Malware Detection
Detection of apps installed from untrusted stores or side-loaded
Detection of apps with suspicious permissions granted
Detection of risky apps
basic ()
no
advanced ✅
advanced ✅
App Security Monitoring and Logging
Threat events data collection
mandatory collection to Talsec services
mandatory collection to Talsec services
mandatory collection to Talsec services
optional and customizable logs destination ✅
App and threats data monitoring portal and Dashboard
limited functionality, no raw data access
full functionality with access to raw data search ✅
full functionality with access to raw data search ✅
full functionality with access to raw data search ✅
Self-care portal for the SDK configuration
no
yes ✅
yes ✅
yes ✅
Support and Maintenance
SLA and maintenance updates
not committed
yes ✅
yes ✅
yes (advanced variants) 🏆✅
- up to 100K Devices
Total apps downloads limit
up to 100K Devices (premium upgrade required for more)
up to 10K
up to 10K
100K+ Devices 🚀
End-users' threats data collection and processing by Talsec
Introducing Multi-Instancing Detection for freeRASP
Obfuscation of Mobile Apps
What's New and Changelog
Browse the latest freeRASP release notes, breaking changes, and new security features across Android, iOS, and cross‑platform SDKs to keep your mobile app protection up to date.
Stay up-to-date with the latest features, improvements and bug fixes for freeRASP. Here you'll find detailed information about each update we've rolled out, organized by platform. Whether you're using the Android, iOS, Flutter, React Native, Capacitor, or Cordova version, all platforms are supported.
Explore the tabs below to see what's new and how the experience has been improved for you. If you're looking for specific changes or features, each update is documented for your convenience.
Latest from Articles
Learn more:
Changelog
Github Changelog:
Latest version 18.0.2
Fixed
Fixed method storeExternalId to return ExternalIdResult for error handling
Version 18.0.1
Fixed
Fixed ScreenProtector crash during activity start and permissions request
Fixed screen recording detection callback
Version 18.0.0
Breaking Change
❗️Breaking: Changed ThreatListener API interfaces (ThreatDetected, DeviceState) to abstract classes
❗️Breaking: Added onAutomationDetected() callback to ThreatDetected interface
We are introducing a new capability, detecting whether the device is being automated using tools like Appium
❗️Breaking: Added value restrictions to externalId
Method storeExternalId() now returns ExternalIdResult, which indicates Success or Error when externalId violates restrictions
Changed
Improved HMA detection to the existing root detection capability
Updated compile and target API to 36
Improved root detection capabilities
Detection of wireless ADB added to ADB detections
Fixed
Fixed bug related to key storing in keystore type detection (hw-backed keystore check)
Fixed manifest queries merge
Version 17.0.0
Breaking Change
❗️Breaking: Added killOnBypass method to the TalsecConfig.Builder that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker Issue 65
❗️Breaking: Added onTimeSpoofingDetected() callback to ThreatDetected interface
We are introducing a new capability, detecting whether the device time has been tampered with
❗️Breaking: Added onLocationSpoofing() callback
We are introducing a new capability, detecting whether the location is being spoofed on the device.
❗️Breaking: Added onUnsecureWifi() callback to ThreatDetected interface
❗️Breaking: Changed onMalwareDetected() method parameter packageInfo to non-nullable
❗️Breaking: Updated dispatchKeyEvent() parameter nullability from @Nullable to @NonNull
❗️Breaking: Changed parameter type of Activity instead of Context in the blockScreenCapture() method
❗️Breaking: Removed deprecated functionality Pbkdf2Native and both related native libraries (libpbkdf2_native.so and libpolarssl.so)
Added
Added ScreenProtector feature wrapper object that helps with registration/unregistration of screen protection features
A new constructor parameter of type RaspExecutionState in class ThreatListenerrepresenting changes in state in our library. RaspExecutionState contains onAllChecksFinished() method, which is triggered after all checks are completed.
Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission
New option to start Talsec, Talsec.start() takes new parameter TalsecMode that determines the dispatcher thread of initialization and sync checks
Capability to check if another app has an option REQUEST_INSTALL_PACKAGES enabled in the system settings to malware detection
Fixed
ANR issue caused by registerScreenCaptureCallback() method on the main thread
NullPointerException when checking key alias in Keystore on Android 7
JaCoCo issue causing MethodTooLargeException during instrumentation
DeadApplicationException when calling Settings.Global.getInt or Settings.Secure.getInt on invalid context
AndroidKeyStore crashes causing java.util.concurrent.TimeoutException when calling finalize() method on Cipher (GC issues)
Changed
Shortened the value of threat detection interval
Refactoring of internal architecture of SDK that newly uses Coroutines to manage threading
Update of internal dependencies and security libraries
Version 16.0.1
Breaking Change, new feature
❗️Added onMultiInstanceDetected() callback - detection whether the application is installed/running in various multi-instancing environments (e.g. Parallel Space).
Improvement
Added support for 16 KB memory page sizes.
The ADB service running as "root" is a signal for root detection.
Improved emulator detection.
Internal security improvements.
Fixed
Removed malware report duplicates.
Version 15.1.0
Improvement
Added new root detection checks.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
Added externalId to put an integrator-specified custom identifier into the logs. This feature will be presented later.
Fixed
Resolved SecurityException caused by getNetworkCapabilities() - Android 11 specific bug (GH Android issue #56).
Version 15.0.0
Changed
Compile API increased to 35, dependencies updated
Internal library obfuscation reworked
Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
Added blockScreenCapture(Activity activity, boolean enable) for FLAG_SECURE control, an active protection against screen capturing.
isScreenCaptureBlocked() - to receive whether the screen capture is blocked
Rate limiting for both screenshot and screenRecording incidents
Improved root detection capabilities
Bug Fix
Updated proguard rules to fix warnings from okhttp dependency.
Version 13.2.0
Improvement
Added request integrity information to data collection headers.
Enhanced and accelerated the data collection logic.
Version 13.0.0
New features
BREAKING CHANGE: Added onADBEnabledDetected detection feature, which allows you to detect USB debugging option enabled in the developer settings on the device. App needs to implement this new callback.
Version 12.0.0
Improvement
Refactored Magisk checks in the root detection
Internal refactoring of Malware detection feature
Bug Fix
Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver
Version 11.1.3
Bug Fix
Reported ANR issues present on some devices were resolved (GH issue #138).
Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter #140).
Reported crashes caused by the UnsupportedOperationException were resolved.
Version 11.1.1
Bug Fix
False positives in Hook detection (runtimeManipulation).
Version 11.1.0
New Feature
Added onMalwareDetected to ThreatListener.ThreatDetected interface, this is a breaking change and the onMalwareDetected has to be implemented by the integrating application.
Important Information
Further details for this feature will be provided shortly with the new repositories.
For now, do not react to the callback, you can implement it simply by just using println().
Added the auditing of the internal execution for the future check optimization and overall security improvements.
Improvement
Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
Added time spoofing detection, detecting an inaccurate device clock. It is a new threat timeSpoofing.
Improvement
Improved jailbreak detection methods.
Version 6.13.0
New Feature
A new extension of SecurityThreatCenter: RaspExecutionState contains onAllChecksFinished() method, which is triggered after all checks are completed.
Improvement
Updated internal dependencies.
Version 6.12.1
Improvement
Added palera1n jailbreak detection.
Improved Dopamine jailbreak detection.
Fixed
Resolved memory-related stability issues.
Version 6.11.0
New Feature
Screen capture protection obscuring app content in screenshots and screen recordings preventing unauthorized content capture. Refer to the .
Improvement
Added externalId to put an integrator-specified custom identifier into the logs. This feature will be presented later.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
Bug Fix
Resolved an issue that prevented Xcode tests from running correctly.
Resolved an issue with the screen recording detection.
Version 6.9.0
Improvement
Improvement of the obfuscation of the SDK
Changed
Deep signing of the OpenSSL binaries
Version 6.8.0
New feature
Enhanced security with our new Screen Capture Threat Detection, now capable of identifying screen recording, AirPlay mirroring, and screenshots to guard against unauthorized viewing. Check out the new screenshot and screenRecording callbacks.
Version 6.6.3
Maintenance
Updated SDK code signing; it will now be signed with:
Team ID: PBDDS45LQS
Team Name: Lynx SFT s.r.o.
Version 6.6.2
New feature
Added jailbreak detection.
Version 6.6.1
Improvement
Renewed the signing certificate.
Version 6.6.0
New feature
jailbreak detection.
Version 6.5.3
Improvement
Updated OpenSSL to version 3.0.14and CURL to version 8.8.0. ()
Version 6.5.0
New Feature
Added request integrity information to data collection.
Significantly improved the response time from data collection service.
Version 6.4.0
New Feature
Added new threat callback systemVPN for System VPN detection.
Improvement
Passcode check is now performed periodically.
Updated the CA bundle to enhance security for secure connections.
Bug Fix
Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.
Version 6.1.2
New Feature
Added Privacy Manifest.
Added codesigning for the SDK, it is signed by:
Team ID: ASQC376HCN,
Improvement
Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.
Improved obfuscation of Swift and C strings.
Bug Fix
Fixed memory leak ().
Curious about more in-depth changes for iOS? Head over to our for the complete history of updates!
Added killOnBypass to TalsecConfig that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker (Android only) ()
Added onTimeSpoofing callback to ThreatCallback for handling Threat.timeSpoofing threat (Android only)
We are introducing a new capability, detecting whether the device time has been tampered with
Added onLocationSpoofing callback to ThreatCallback for handling Threat.locationSpoofing threat (Android only)
We are introducing a new capability, detecting whether the location is being spoofed on the device.
Added onUnsecureWifi callback to ThreatCallback for handling Threat.unsecureWifi threat (Android only)
We are introducing a new capability, detecting whether the device is connected to an unsecured Wi-Fi network.
Added onAllChecksDone callback to new RaspExecutionStateCallback
We are introducing a new callback that notifies when all security checks have been completed.
Removed
Removed deprecated functionality Pbkdf2Native and both related native libraries (libpbkdf2_native.so and libpolarssl.so)
Changed
Updated internal dependencies
Version 7.2.2
Fixed
[Android] Fixed an issue with crashing screen protector
Version 7.2.1
Fixed
[iOS] Fixed an issue with native framework
Version: 7.2.0
New Feature
Added interface for multi-instance detection
Improvement
[iOS] Added palera1n jailbreak detection
[iOS] Improved Dopamine jailbreak detection
[Android] Improved emulator detection
Fixed
[iOS] Resolved memory-related stability issues
[Android] Removed malware report duplicates
Version: 7.1.0
New feature
Added interface for screenshot / screen recording blocking on iOS.
Improvements
Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.
Fixed
Issue that caused compilation errors due to unknown references.
[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.
Version 7.0.0
Added
fvm support for Flutter version management
Changed
Updated versions for example app
[Android] Breaking: Raised Kotlin version to 2.1.0
[Android] Compile API increased to 35, dependencies updated
Fixed
[Android] ANR issues bug-fixing
Version 6.12.0
New feature
Added screenshot - detection of screenshots, refer to the .
Added screenRecording - detection of screen recording, refer to the .
Added
Changed
[Android] Raised Android CompileSDK level to 35
[Android] Monitoring is now disabled by default
Improvement
[Android] Improved root detection
Bug Fix
[Android] Proguard rules to address warnings from okhttp dependency
Version 6.11.0
Improvement
[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.
Version 6.10.0
Improvement
App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method
[Android] Malware data is now parsed on background thread to improve responsiveness.
Version 6.9.0
New features
[Android] onADBEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.
Version 6.8.0
New features and improvements
[Android] Malware detection as a new callback for enhanced app security.
[Android] Internal refactoring of Malware detection feature.
[Android] Refactoring Magisk checks in the root detection.
Maintenance
[iOS] Updated SDK code signing; it will now be signed with:
Team ID: PBDDS45LQS
Team Name: Lynx SFT s.r.o.
Bug Fix
[Android] Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver
Version 6.7.3
Improvement
[iOS] Renewed the signing certificate.
Version 6.7.2
Bug Fix
[Android] Reported ANR issues present on some devices were resolved ().
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved ().
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.
Version 6.7.1
Bug Fix
[Android] False positives for hook detection.
Version 6.7.0
New Feature
[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] jailbreak detection.
Improvement
Migration to .
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 ().
Bug Fix
[Android] Native crashes (SEGFAULT) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path ().
Version 6.6.0
New Feature
Added new threat Threat.systemVPN for VPN detection.
Added new callback onSystemVPN in ThreatCallback for handling Threat.systemVPN threat.
Improvement
Increased minimal Dart SDK version to 2.18.0 and minimal Flutter version to 3.3.0
Updated the CA bundle to enhance security for secure connections.
[Android] Increased the version of the GMS dependency
Bug Fix
Resolved a problem in logging caused by the device’s default system locale
Version 6.5.1
Improvement
[Android] New Talsec SDK artifact hosting - better stability and availibility.
Version 6.5.0
New Feature
[iOS] Added Privacy Manifest.
[iOS] Added codesigning for the SDK, it is signed by:
Team ID: ASQC376HCN,
Improvement
Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.
[Android] Improved appIntegrity check and its logging.
Bug Fix
[Android] Fixed issue with disappearing threats when the app is quickly put into the background and then back to the foreground (resolves ).
[Android] Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).
Version 6.4.0
Improvement
Improved reaction obfuscation.
[iOS] Improved obfuscation of the iOS SDK.
[iOS] Raised supported Xcode version to 14.3.1 .
Bug Fix
[Android] Fixed ProviderException.
Fixed typo in namespace which caused incompatibility with AGP 8.0 .
Curious about more in-depth changes for Flutter? Head over to our for the complete history of updates!
Latest Version: 4.3.2
React Native
Fixed
Resolved potential NullPointerException when execution state events are being sent
Version: 4.3.1
React Native
Fixed
Resolved duplicate classes error on iOS
Version: 4.3.0
React Native
Added
Added killOnBypass to TalsecConfig that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker (Android only) ()
Added API for timeSpoofing callback into ThreatEventActions (Android only)
Fixed
Resolved potential collision in threat identifiers
Android
Added
Added killOnBypass method to the TalsecConfig.Builder that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker
We are introducing a new capability, detecting whether the device time has been tampered with (timeSpoofing)
Fixed
ANR issue caused by registerScreenCaptureCallback() method on the main thread
NullPointerException when checking key alias in Keystore on Android 7
JaCoCo issue causing
Changed
Shortened the value of threat detection interval
Refactoring of internal architecture of SDK that newly uses Coroutines to manage threading
Update of internal dependencies and security libraries
iOS
Changed
Updated internal dependencies
Version: 4.2.4
React Native
Fixed
iOS dependencies are now installed via install_modules_dependencies by default
Version: 4.2.3
Android
Fixed
Root detection related bugs causing false positives
Changed
Deprecated Nexus repository removed (GCP artifact registry is the main supported distribution repository)
Version: 4.2.2
Changed
Replaced deprecated getCurrentActivity() call on Android (compatibility with RN 0.81+)
Version: 4.2.1
Fixed
Possible conflict with other packages during proguard code minification
Android
Fixed
Issue with empty SharedPreferences files
Changed
Decreased version of Kotlin to 2.0.0
Version: 4.2.0
New Feature
Added interface for multi-instance detection
Improvement
[iOS] Added palera1n jailbreak detection
[iOS] Improved Dopamine jailbreak detection
[Android] Improved emulator detection
Fixed
[iOS] Resolved memory-related stability issues
[Android] Removed malware report duplicates
Version: 4.1.0
New feature
Added interface for screenshot / screen recording blocking on iOS.
Improvements
Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.
Fixed
[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.
Version 4.0.0
Changed
Android SDK requires kotlin_version >= 2.0.0
Set Java version to 17
[Android] Compile API increased to 35, dependencies updated
Fixed
[Android] ANR issues bug-fixing
Version 3.14.0
New feature
Added screenshot - detection of screenshots, refer to the .
Added screenRecording - detection of screen recording, refer to the .
Added
Changed
[Android] Raised Android compileSDK level to 35
Improvement
[Android] Improved root detection
Fixed
Compatibility issues with RN New Architecture
[Android] Added proguard rules for malware data serialization in release mode on Android
[Android] Proguard rules to address warnings from okhttp dependency
Version 3.13.0
Improvement
[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.
Version 3.12.0
Improvement
App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.
Parsing of malware data is now async.
[Android] Malware data is now parsed on background thread to improve responsiveness.
Version 3.11.0
New features
[Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.
Version 3.10.0
New features and improvements
Added configuration fields for malware detection.
[Android] Malware detection as a new callback for enhanced app security.
[Android] Refactoring Magisk checks in the root detection.
Maintenance
[iOS] Updated SDK code signing; it will now be signed with:
Team ID: PBDDS45LQS
Team Name: Lynx SFT s.r.o.
Version 3.9.3
Improvement
[iOS] Renewed the signing certificate.
Version 3.9.2
Bug Fix
[Android] Reported ANR issues present on some devices were resolved ().
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved ().
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.
Version 3.9.1
Bug Fix
[Android] False positives for hook detection.
Version 3.9.0
New Feature
[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] jailbreak detection.
Improvement
Improved error messages when validation of the freeRASP configuration fails.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 ().
Bug Fix
Fixed incorrect path to types in package.json.
[Android] Fixed native crashes (SEGFAULT errors) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path ().
Version 3.8.2
Improvement
Updated proguard rules to resolve build issues in RN 0.75.x.
Version 3.8.0
New Feature
Added a new threat systemVPN for VPN detection.
[Android] Added a new threat devMode for Developer mode detection.
Improvement
Updated the CA bundle to enhance security for secure connections.
[Android] Updated the GMS dependency to a newer version for improved performance and compatibility.
[iOS] Enhanced and accelerated the data collection logic.
Bug Fix
Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.
[Android] Fixed proguard warning in specific versions of RN.
Version 3.7.2
Improvement
Updated expo config plugin to fix release build issue in RN 0.73.
Added interface for screenshot / screen recording blocking on iOS.
Changed
Plugin now requires kotlin version >= 2.0.0.
Improvements
Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.
Fixed
[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.
Version 7.4.1
Changed
[Android] Compile API increased to 35, dependencies updated
[Android] Internal library obfuscation reworked
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
Fixed
[Android] ANR issues bug-fixing
Version 7.4.0
New feature
Added screenshot - detection of screenshots, refer to the .
Added screenRecording - detection of screen recording, refer to the .
Added
Changed
[Android] Set following required SDK versions for Android plugin:
minSdkVersion 23
targetSdkVersion to 35
Improvement
[Android] Improved root detection
Fixed
[Android] Proguard rules to address warnings from okhttp dependency
Version 7.3.0
Improvement
[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.
Version 7.2.0
Improvement
App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.
Parsing of malware data is now async.
[Android] Malware data is now parsed on background thread to improve responsiveness.
Version 7.1.0
New features
[Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.
Version 7.0.0
New features and improvements
Added configuration fields for malware detection.
[Android] Malware detection as a new callback for enhanced app security.
[Android] Refactoring Magisk checks in the root detection.
Maintenance
BREAKING CHANGE:New dependency is required to run freeRASP; add following plugin to android/build.gradle:
[iOS] Updated SDK code signing; it will now be signed with:
Team ID: PBDDS45LQS
Team Name: Lynx SFT s.r.o.
Bug Fix
[Android] Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver
Version 6.3.3
Improvement
[iOS] Renewed the signing certificate.
Version 6.3.2
Bug Fix
[Android] Reported ANR issues present on some devices were resolved ().
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved ().
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.
Version 6.3.1
Bug Fix
[Android] False positives for hook detection.
Version 6.3.0
New Feature
[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] jailbreak detection.
Improvement
Improved error messages when validation of the freeRASP configuration fails.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 ().
Bug Fix
[Android] Fixed native crashes (SEGFAULT errors) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path ().
Version 6.2.0
New Feature
Added a new threat systemVPN for VPN detection.
[Android] Added a new threat devMode for Developer mode detection.
Improvement
Updated the CA bundle to enhance security for secure connections.
[Android] Updated the GMS dependency to a newer version for improved performance and compatibility.
[iOS] Passcode check is now performed periodically.
Bug Fix
Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.
Version 6.1.3
Bug Fix
Fixed BAD_ACCESS error occurring in specific versions of cordova-ios plugin ().
Version 6.1.2
Bug Fix
[Android] Removed the talsec namespace that caused change of namespaces for whole app.
[iOS] Fixed issue causing app crash with lower versions of cordova-ios plugin.
[Android] Added killOnBypass to TalsecConfig that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker (Android only) ()
Added API for timeSpoofing callback into ThreatEventActions (Android only)
Added API for unsecureWifi callback into ThreatEventActions (Android only)
Added API for allChecksFinished callback into new RaspExecutionStateEventActions object
[Android] Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission
Improvement
[Android] Added killOnBypass method to the TalsecConfig.Builder that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker
We are introducing a new capability, detecting whether the device time has been tampered with (timeSpoofing)
Changed
[Android] Deprecated Nexus repository removed (GCP artifact registry is the main supported distribution repository)
[Android] Shortened the value of threat detection interval
[Android] Refactoring of internal architecture of SDK that newly uses Coroutines to manage threading
Fixed
[Android] Resolved potential collision in threat identifiers
[Android] Root detection related bugs causing false positives
[Android] ANR issue caused by registerScreenCaptureCallback() method on the main thread
Version: 2.2.2
New Feature
[Android] Added killOnBypass to TalsecConfig that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker (Android only) ()
Added API for timeSpoofing callback into ThreatEventActions (Android only)
Improvement
[Android] Added killOnBypass method to the TalsecConfig.Builder that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker
We are introducing a new capability, detecting whether the device time has been tampered with (timeSpoofing)
Changed
[Android] Deprecated Nexus repository removed (GCP artifact registry is the main supported distribution repository)
[Android] Shortened the value of threat detection interval
[Android] Refactoring of internal architecture of SDK that newly uses Coroutines to manage threading
Fixed
[Android] Resolved potential collision in threat identifiers
[Android] Root detection related bugs causing false positives
[Android] ANR issue caused by registerScreenCaptureCallback() method on the main thread
Version: 2.2.1
Changed
[Android] Issue with empty SharedPreferences files
Fixed
[Android] Decreased version of Kotlin to 2.0.0
Version: 2.2.0
New Feature
Added interface for multi-instance detection
Improvement
[iOS] Added palera1n jailbreak detection
[iOS] Improved Dopamine jailbreak detection
[Android] Improved emulator detection
Fixed
[iOS] Resolved memory-related stability issues
[Android] Removed malware report duplicates
Version: 2.1.0
New feature
Added interface for screenshot / screen recording blocking on iOS.
Improvements
Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.
Fixed
[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.
Version 2.0.0
Changed
Android SDK requires kotlin_version >= 2.0.0
[Android] Compile API increased to 35, dependencies updated
[Android] Internal library obfuscation reworked
Fixed
[Android] ANR issues bug-fixing
Version 1.10.0
New feature
Added screenshot - detection of screenshots, refer to the .
Added screenRecording - detection of screen recording, refer to the .
Added
Changed
[Android] Raised Android compileSDK level to 35
[Android] Set minifyEnabled in plugin to true implicitly
Improvement
[Android] Improved root detection
Fixed
[Android] Proguard rules to address warnings from okhttp dependency
Version 1.9.0
Improvement
[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.
Version 1.8.0
Improvement
App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.
Parsing of malware data is now async.
[Android] Malware data is now parsed on background thread to improve responsiveness.
Version 1.7.0
New features
[Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.
Version 1.6.0
New features
Added configuration fields for malware detection.
[Android] Malware detection as a new callback for enhanced app security.
[Android] Refactoring Magisk checks in the root detection.
Maintenance
[iOS] Updated SDK code signing; it will now be signed with:
Team ID: PBDDS45LQS
Team Name: Lynx SFT s.r.o.
Bug Fix
Resolved compatibilty issues with JDK 21
Version 1.5.3
Improvement
[iOS] Renewed the signing certificate.
Version 1.5.2
Bug Fix
[Android] Reported ANR issues present on some devices were resolved ().
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved ().
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.
Version 1.5.1
Bug Fix
[Android] False positives for hook detection.
Version 1.5.0
New Feature
[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] jailbreak detection.
Improvement
Improved error messages when validation of the freeRASP configuration fails.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 ().
Bug Fix
[Android] Fixed native crashes (SEGFAULT errors) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path ().
Version 1.4.0
New Feature
Added a new threat systemVPN for VPN detection.
[Android] Added a new threat devMode for Developer mode detection.
Improvement
Updated the CA bundle to enhance security for secure connections.
[Android] Updated the GMS dependency to a newer version for improved performance and compatibility.
[iOS] Passcode check is now performed periodically.
Bug Fix
Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries
blockScreenCapture
for
FLAG_SECURE
control, an
active protection against screen capturing.
AddedisScreenCaptureBlocked - to receive whether the screen capture is blocked
[iOS] Enhanced security with Detection to identify compromised devices.
[Android] TalsecConfig creation was migrated to a Builder pattern.
[Android] Refactored fetching the list of installed applications for root and hook detection.
[iOS] Enhanced and accelerated the data collection logic.
[Android] Added a new threat detection feature, Threat.devMode, to identify Developer mode.
[Android] Added a new callback onDevMode in ThreatCallback for handling Threat.devMode threat.
[iOS] Passcode check is now performed periodically.
Team Name: AHEAD iTec, s.r.o..
[iOS] Improved obfuscation of Swift and C strings.
Added API for unsecureWifi callback into ThreatEventActions (Android only)
Added API for allChecksFinished callback into new RaspExecutionStateEventActions object
Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission
We are introducing a new capability, detecting whether the location is being spoofed on the device (locationSpoofing)
We are introducing a new capability, detection of unsecure WiFi (unecureWifi)
Removed deprecated functionality Pbkdf2Native and both related native libraries (libpbkdf2_native.so and libpolarssl.so)
Added new RaspExecutionState which contains onAllChecksFinished() method, which is triggered after all checks are completed.
Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission
New option to start Talsec, Talsec.start() takes new parameter TalsecMode that determines the dispatcher thread of initialization and sync checks (uses background thread by default)
Capability to check if another app has an option REQUEST_INSTALL_PACKAGES enabled in the system settings to malware detection
MethodTooLargeException
during instrumentation
DeadApplicationException when calling Settings.Global.getInt or Settings.Secure.getInt on invalid context
AndroidKeyStore crashes causing java.util.concurrent.TimeoutException when calling finalize() method on Cipher (GC issues)
Fixed issue with late initializers and TalsecMode coroutines scopes
[Android] Added support for 16 KB pages
[Android] Internal library obfuscation reworked
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries
blockScreenCapture
for
FLAG_SECURE
control, an
active protection against screen capturing.
AddedisScreenCaptureBlocked - to receive whether the screen capture is blocked
[iOS] Enhanced security with Detection to identify compromised devices.
[Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
[Android] Refactored fetching the list of installed applications for root and hook detection.
[iOS] Passcode check is now performed periodically.
Team ID: ASQC376HCN,
Team Name: AHEAD iTec, s.r.o..
[Android] Improved appIntegrity check and its logging.
[iOS] Improved obfuscation of Swift and C strings.
[Android] Added support for 16 KB pages
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries
blockScreenCapture
for
FLAG_SECURE
control, an
active protection against screen capturing.
AddedisScreenCaptureBlocked - to receive whether the screen capture is blocked
compileSdkVersion to 35
[iOS] Enhanced security with Detection to identify compromised devices.
[Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
[Android] Refactored fetching the list of installed applications for root and hook detection.
[iOS] Enhanced and accelerated the data collection logic.
We are introducing a new capability, detecting whether the location is being spoofed on the device (locationSpoofing)
We are introducing a new capability, detection of unsecure WiFi (unecureWifi)
Removed deprecated functionality Pbkdf2Native and both related native libraries (libpbkdf2_native.so and libpolarssl.so)
Added new RaspExecutionState which contains onAllChecksFinished() method, which is triggered after all checks are completed.
[Android] Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission
[Android] New option to start Talsec, Talsec.start() takes new parameter TalsecMode that determines the dispatcher thread of initialization and sync checks (uses background thread by default)
[Android] Capability to check if another app has an option REQUEST_INSTALL_PACKAGES enabled in the system settings to malware detection
[Android] Update of internal dependencies and security libraries
[iOS] Updated internal dependencies
[Android] NullPointerException when checking key alias in Keystore on Android 7
[Android] JaCoCo issue causing MethodTooLargeException during instrumentation
[Android] DeadApplicationException when calling Settings.Global.getInt or Settings.Secure.getInt on invalid context
[Android] AndroidKeyStore crashes causing java.util.concurrent.TimeoutException when calling finalize() method on Cipher (GC issues)
[Android] Fixed issue with late initializers and TalsecMode coroutines scopes
Added API for unsecureWifi callback into ThreatEventActions (Android only)
Added API for allChecksFinished callback into new RaspExecutionStateEventActions object
[Android] Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission
We are introducing a new capability, detecting whether the location is being spoofed on the device (locationSpoofing)
We are introducing a new capability, detection of unsecure WiFi (unecureWifi)
Removed deprecated functionality Pbkdf2Native and both related native libraries (libpbkdf2_native.so and libpolarssl.so)
Added new RaspExecutionState which contains onAllChecksFinished() method, which is triggered after all checks are completed.
[Android] Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission
[Android] New option to start Talsec, Talsec.start() takes new parameter TalsecMode that determines the dispatcher thread of initialization and sync checks (uses background thread by default)
[Android] Capability to check if another app has an option REQUEST_INSTALL_PACKAGES enabled in the system settings to malware detection
[Android] Update of internal dependencies and security libraries
[iOS] Updated internal dependencies
[Android] NullPointerException when checking key alias in Keystore on Android 7
[Android] JaCoCo issue causing MethodTooLargeException during instrumentation
[Android] DeadApplicationException when calling Settings.Global.getInt or Settings.Secure.getInt on invalid context
[Android] AndroidKeyStore crashes causing java.util.concurrent.TimeoutException when calling finalize() method on Cipher (GC issues)
[Android] Fixed issue with late initializers and TalsecMode coroutines scopes
[Android] Added support for 16 KB pages
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries
blockScreenCapture
for
FLAG_SECURE
control, an
active protection against screen capturing.
AddedisScreenCaptureBlocked - to receive whether the screen capture is blocked
[iOS] Enhanced security with Detection to identify compromised devices.
[Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
[Android] Refactored fetching the list of installed applications for root and hook detection.
[iOS] Enhanced and accelerated the data collection logic.
Team Name: AHEAD iTec, s.r.o..
[Android] Improved appIntegrity check and its logging.
[iOS] Improved obfuscation of Swift and C strings.
