Currently, there are no commonly present issues solely for the Native iOS development platform. For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

Currently, there are no commonly present issues solely for the Capacitor development platform. For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

The general flow of the integration can be decomposed into the following steps:

1. Conforming to the prerequisites, e.g. setting up Android minSdkVersion.

2. Adding the dependency.

3. Setting up the configuration for the application, e.g. package name or whether it is production or not (see Dev vs. Release version).

4. Handling the detected threats (callbacks).

5. Starting the SDK.

6. Enabling the source code obfuscation.

7. Registering in to see the data from your apps and compare it to global statistics.

8. Become familiar with and .

9. Looking at , to provide an additional layer of protection by detecting malware or suspicious applications.

10. Looking at if you are interested in more advanced solutions to protect your application and business.

11. Reading through and , if you are interested in more detailed information about internal workings.

Dev vs. Release version

The Dev version is intended for development purposes. It allows you to work on your app without interference from security features that could disrupt the process, e.g. if you would implement killing of the application on the debugger callback.

The Release version is meant for production and must always be used for your published app. It enables all security protections provided by freeRASP.

To configure this, set the isProd flag in freeRASP:

• Release: isProd = true

• Dev: isProd = false

⚠️Dev version disables some detections which won't be triggered during the development process:

• Emulator/Simulator

• Debugging

• Tampering/Repackaging

• Unofficial store/source

Choose the Appropriate Version to Continue Integration

Choose the relevant section based on your app development platform:

Step 1: Convert to Base64

To convert the hash to Base64 form, use an online tool like :

After conversion, you'll receive a final Base64 string like this:

The most frequent issues occurring during integration:

Talsec is an academic-based and community-driven mobile security company. We deliver in-App Protection and a User Safety suite for Fintechs. We aim to bridge the gaps between the user's perception of app safety and the strong security requirements of the financial industry.

Talsec offers a wide range of security solutions, such as App and API protection SDK, monitoring services, and the User Safety suite. You can check out the offered products on .

Links

• Give us a ⭐:

Currently, there are no commonly present issues solely for the Capacitor development platform. For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

This project is provided as freemium software, i.e. there is a fair usage policy that imposes some limitations on the free usage. The SDK software consists of open-source and binary parts, which is the property of Talsec. The open-source part is licensed under the MIT License - see the LICENSE file on GitHub for details.

ADB (Android Debug Bridge) Enabled is a power-user feature activated through the "USB Installation" option in the Developer settings. This state can signal potential security risks, such as apps being installed via USB, the device being connected to a man-in-the-middle (MiTM) proxy, or the device running as an emulator. When ADB is enabled, it allows extensive access to the device, including pulling and pushing files, issuing shell commands, working with the activity manager (e.g., starting activities, broadcasting intents, modifying hidden Android settings, attaching a profiler to a process, or making an app debuggable), and managing packages. Additionally, it enables capturing screenshots, recording the screen, and other actions that can compromise app security and user privacy. FreeRASP detects whether the USB debugging is enabled.

Below are code snippets demonstrating ADB enabled detection across various platforms:

// Android ADB enabled detection
override fun onADBEnabledDetected() {
    TODO("Not yet implemented")
}

// Flutter ADB enabled detection
onADBEnabled: () => print("Developer mode detected")

// Cordova ADB enabled detection
adbEnabled: () => {
    // Place your reaction here
}

// React Native ADB enabled detection
adbEnabled: () => {
    // Place your reaction here
}

// Capacitor ADB enabled detection
adbEnabled: () => {
    // Place your reaction here
}

Every application can be easily modified and then resigned by an attacker. This process is known as application repackaging. There may be many reasons for application repackaging, whether it's adding new code, removing app protections, or bypassing app licensing. A modified/tampered application is often distributed using third-party stores or other side channels.

Talsec uses various checks to detect whether the application was tampered (e.g., changed package name, signing hash).

Below are code snippets demonstrating app tampering detection across various platforms:

// Android tampering
override fun onTamperDetected() {
    TODO("Not yet implemented")
}

// iOS signature
case signature

// Flutter tampering and signature detection
onAppIntegrity: () => print("App integrity")

// Cordova tampering and signature detection
appIntegrity: () => {
    // Place your reaction here
}

// React Native tampering and signature detection
appIntegrity: () => {
    // Place your reaction here
}

// Capacitor tampering and signature detection
appIntegrity: () => {
    // Place your reaction here
}

Running an application inside an emulator/simulator allows an attacker to hook or trace program execution. For applications running inside an emulator, it is easy to inspect the system's state, reset it to a saved image, or monitor how the app operates. Keep in mind that not every emulator/simulator usage means an ongoing potential threat for the application.

Below are code snippets demonstrating emulator detection across various platforms:

// Android emulator check
override fun onEmulatorDetected() {
    TODO("Not yet implemented")
}

// iOS simulator detection
case simulator

// Flutter emulator and simulator detection
onSimulator: () => print("Simulator")

// Cordova emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

// React Native emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

// Capacitor emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

Detecting a running VPN service on mobile devices is critical for security-sensitive applications, as it can indicate potential privacy and security risks. VPNs can obscure the user’s actual IP address and route data through servers potentially under external control, which might interfere with geographical restrictions and bypass network security settings intended to protect data integrity and confidentiality. Such anonymising features could be exploited to mask illicit activities, evade compliance controls, or access services from unauthorised regions. FreeRASP checks whether the system VPN is enabled.

Below are code snippets demonstrating system VPN detection across various platforms:

// Android system VPN detection
override fun onSystemVPNDetected() {
    TODO("Not yet implemented")
}

// iOS system VPN detection
case systemVPN

// Flutter system VPN detection
onSystemVPN: () => print("System VPN detected")

// Cordova system VPN detection
systemVPN: () => {
    // Place your reaction here
}

// React Native system VPN detection
systemVPN: () => {
    // Place your reaction here
}

// Capacitor system VPN detection
systemVPN: () => {
    // Place your reaction here
}

The freeRASP SDK contains public API, so the integration process is as simple as possible. Unfortunately, this public API also creates opportunities for the attacker to interrupt freeRASP SDK operations or modify the custom code in threat callbacks. All internal freeRASP classes are already obfuscated, so it is simple to distinguish freeRASP sources from the rest of the application code during the static analysis. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also to make it partially randomized for each application so it cannot be automatically abused by generic hooking scripts.

Please follow the integration guide of your platform for more information about how to obfuscate the app.

Below are code snippets demonstrating missing obfuscation detection across various platforms:

// Android
override fun onObfuscationIssuesDetected() {
    TODO("Not yet implemented")
}

// Flutter
onObfuscationIssues: () => print("Obfuscation issues")

// Cordova
obfuscationIssues: () => {
    // Place your reaction here
},

// React Native
obfuscationIssues: () => {
    // Place your reaction here
},

// Capacitor
obfuscationIssues: () => {
    // Place your reaction here
},

Device binding is attaching an application instance to a particular mobile device. This method detects a transfer of an application instance to another device. A new install of the application (e.g. in case of buying a new device and transfer the apps) is not detected.

The deviceID detects, whether the device identifier has been changed. It is triggered after reinstallation of the application if there are no other applications from the same vendor installed. The value can also change when installing test builds using Xcode or when installing an app on a device using ad-hoc distribution.

Below are code snippets demonstrating device binding detection across various platforms:

// Android device binding check
override fun onDeviceBindingDetected() {
    TODO("Not yet implemented")
}

// iOS device binding methods
case deviceChange
case deviceID

// Flutter 
// device binding and device change detection
onDeviceBinding: () => print("Device binding")

// device ID 
onDeviceID: () => print("Device ID")  // iOS only

// Cordova 
// device binding and device change detection
deviceBinding: () => {
    // Place your reaction here
}

// device ID 
deviceID: () => {  // iOS only
    // Place your reaction here 
}

// React Native 
// device binding and device change detection
deviceBinding: () => {
    // Place your reaction here
}

// deviceID
deviceID: () => {  // iOS only
    // Place your reaction here 
}

// Capacitor 
// device binding and device change detection
deviceBinding: () => {
    // Place your reaction here
}

// deviceID
deviceID: () => {  // iOS only
    // Place your reaction here 
}

freeRASP is a lightweight and easy-to-integrate mobile security library designed to detect potential threats during the application's runtime. It contains multiple security checks, each aimed to cover possible attack vectors to ensure a high level of application security.

What does freeRASP do?

freeRASP provides detection of potentially dangerous behaviour, including the following:

• Using rooted or jailbroken devices (e.g., su, Magisk, unc0ver, check1rain, Dopamine).

• Reverse engineering attempts.

• Running hooking frameworks (e.g., Frida, Xposed or Shadow).

• Tampering or repackaging the application.

• Installing the app through untrusted methods/unofficial stores.

• Running the app in various emulators.

• Detect fake clones and multiinstancing (Parallel Space)

• Screenshot and screen recording attempts.

Advantages

• Reactions to various attacks and detected security threats via an API (callback mechanism).

• Simple integration.

• VPN detection.

Limitations

• Limits of (free up to 100k devices).

• Data collection from your app to Talsec DB.

• Security protections:

  • basic protection against root/jailbreak (including Magisk, Dopamine),

Talsec Portal

Access real-time security insights, global benchmarks, and detailed analytics!

• 📊 Real-Time Threat Monitoring: Gain insights into threat counts, types, and occurrences over time.

• 📈 Global Benchmarking: Benchmark your app's security against global statistics.

• 📚 Stay informed: Read the latest articles and documentation on app security best practices.

Workflow scheme

Supported platforms

freeRASP is currently supported for:

freeRASP is currently tested and compatible with

• 🤖 Android smartphones, tablets, emulators, Android TVs

• 🍎 iPhones, iPads, simulators

Discover freeRASP

The most frequent issues occurring during integration:

General

Android Devices

iOS Devices

For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.

Rooting/jailbreaking is a technique of acquiring privileged control over the operating system of an Android/iOS device. While most users root their devices to overcome the limitations put on the devices by the manufacturers, it also enables those with malicious intent to abuse privileged access and steal sensitive information. Many different attack vectors require privileged access to be performed. Tools such as Magisk, Shamiko, Shad0w or Dopamine can hide privileged access and are often used by attackers.

Learn more about the root detection and jailbreak detection.

freeRASP uses various checks to detect whether the device is rooted or jailbroken. It detects not only rooted/jailbroken devices but also looks for the presence of their hiders (e.g., Magisk Hide, Shamiko, Shad0w, Dopamine).

From our data, around 0.5% - 1% of devices have traces of rooting and jailbreaking. Keep that in mind when choosing the appropriate reaction type.

Below are code snippets demonstrating root and jailbreak detection across various platforms:

Welcome to the freeRASP wiki page!

This page provides additional information about the product. The main goal is to present clear and easily accessible content that will help you better understand freeRASP. We hope you find it helpful and informative.

What will you find on this Wiki page?

• How to Get the Signing Certificate Hash.

• Details on .

• Information about .

• Overview of .

We encourage you to explore the different sections of this wiki to gain a more comprehensive understanding of the freeRASP product and its features. If you have any questions or need further assistance, please feel free to reach out to our support team at [email protected].

Watch the video walkthrough or continue with the step-by-step guide below:

Step 1: Find SHA-256 Hash in Google Play Console

To retrieve the SHA-256 hash in Google Play Console, follow these steps:

Open your app and navigate to Test and release > App integrity > Play app signing. Click on "Settings":

Under App signing key certificate, locate the "SHA-256 certificate fingerprint" (fingerprint = hash):

An example SHA-256 hash looks like this:

You'll need this value for the next step.

Step 2: Convert the SHA-256 Hash to Base64 Format

Convert the hash to Base64 format, as the SDK requires it in this format. Follow the steps in ➡️

Multi-instance refers to the ability to launch multiple instances of the same application—either intentionally (such as through app cloning or multi-user modes) or unintentionally (due to a malicious attack or system bug). Each instance may run in a separate process, which can lead to security, privacy, or data consistency issues—especially in sensitive applications like finance, messaging, or enterprise tools.

Currently, detection of multi-instance using Parallel Space is supported.

Below are code snippets demonstrating passcode detection across various platforms:

// Android multi instance check
override fun onMultiInstanceDetected() {
    TODO("Not yet implemented")
}

// Flutter multi instance detection
onMultiInstance: () => print("Multi instance detected")

// Cordova multi instance detection
multiInstance: () => {
    // Place your reaction here
}

// React Native multi instance detection
multiInstance: () => {
    // Place your reaction here
}

// Capacitor multi instance detection
multiInstance: () => {
    // Place your reaction here
}

Read More

What is multi-instacing, why is it an issue and how to detect it?

The freeRASP contains public API so that the integration process is as simple as possible. Unfortunately, this public API also creates opportunities for the attacker to use publicly available information to interrupt freeRASP operations or modify your custom reaction implementation in threat callbacks. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also partially randomized for each application so it cannot be automatically abused by generic hooking scripts.

The majority of Android projects support code shrinking and obfuscation without any additional need for setup. The owner of the project can define the set of rules that are usually automatically used when the application is built in the release mode. For detailed guidance, explore the official documentation through these links: and .

What is Signing Certificate Hash?

All Android apps must be signed with a digital certificate before installation. The signing certificate SHA-256 hash in Base64 form - which we'll refer to as the hash for short, also known as a fingerprint -is the certificate's unique identifier, crucial for security and integrity. The Talsec SDK uses this hash for .

The most frequent issues occurring during integration:

& Fair Usage Policy

Version Number: 1.1

Effective Date: October 13, 2025

1. Introduction

1. This Fair Usage Policy (“Policy”) is incorporated by reference into the Agreement and governs the permitted use of Talsec’s freeRASP (the “Service”) provided by Lynx SFT s.r.o. (“Talsec”, “Provider”, “we”, “us”, or “our”). By utilizing the Service, the Customer (“you”, “your”) agrees to abide by this Policy.

Step 1: Use Your Release Keystore to Get the SHA-256 Hash

A common mistake is using the wrong signing key, which will cause the Talsec SDK to flag your app as a security risk. To avoid this, you must use the keystore that signs your app for public release.

Here’s the difference:

• Debug Keystore: Created automatically by Android Studio.

The application can be analysed or modified even though its source code has not been changed, applying a technique known as hooking. This technique can be used to intercept system or application calls and then modify them. An attacker can exploit this by inserting new (often malicious) code or by altering existing one to obtain personal client data. The most well-known hooking frameworks are , , or .

Below are code snippets demonstrating hook detection across various platforms:

Unsecure Wi‑Fi describes a situation where a device is connected to an open or poorly protected wireless network (for example an open hotspot, weak WPA, or a rogue access point), allowing an attacker to observe, intercept, or alter the device’s traffic and network behavior so the OS and apps communicate over an untrusted link.

Attackers can use unsecured Wi‑Fi to perform man‑in‑the‑middle attacks such as:

• Eavesdrop on unencrypted traffic to harvest credentials and session cookies

• Hijack or replay active sessions to gain unauthorized access

Time spoofing attack is when an attacker (or malicious app) manipulates the device's clock or its time source (e.g. network, GPS, or NTP) to cause system apps to behave incorrectly.

Time spoofing in mobile apps is often used to extend or reuse expired tokens, OTPs, or sessions, bypass trial periods and usage quotas, and skip waiting or cooldown times for time‑restricted features, giving attackers or unauthorised users continued access or unfair advantages.

Below are code snippets demonstrating debugger detection across various platforms:

Android developer mode allows deeper system access and debugging capabilities that can bypass app security measures. Developer mode can enable settings that facilitate the installation of uncertified applications and the execution of potentially harmful code, posing significant risks to data integrity and app functionality. FreeRASP detects whether the developer mode is enabled.

Warning: This vulnerability is particularly critical on Android 12 and 13 devices with Developer Mode enabled. A local attacker with ADB shell access can execute arbitrary code within the context of any non-system app, granting them full access to the app’s private data files, AccountManager-stored credentials, and other privileged resources. This bypasses the Application Sandbox’s intended protections, which are designed to isolate app data even from device owners.

Below are code snippets demonstrating developer mode detection across various platforms:

While most developers use debuggers to trace the flow of their program during its execution same tool can be attached to an application in an attempt to reverse engineer, check memory values, and steal confidential information. This method looks for specific flags to determine whether the debugger is active and offers the option to disable it.

Below are code snippets demonstrating debugger detection across various platforms:

The Secure Enclave and the Android Keystore system make it very difficult to decrypt sensitive data without physical access to the device. In that order, these keys need to be stored securely. freeRASP checks if the keys reside inside secure hardware.

Below are code snippets demonstrating missing hardware detection across various platforms:

Location spoofing is when an attacker (or malicious app) falsifies the device’s reported location or the location signals it trusts (e.g., GNSS/GPS, Wi‑Fi positioning, cellular location, or IP‑based geolocation), causing the OS and apps to receive incorrect location data.

Location spoofing in mobile apps is commonly used to bypass geofences and region locks, fake presence (e.g., on dating apps or games), create alibis (e.g., on social or parental control apps), or commit location‑based fraud (offers, check‑ins).

Below are code snippets demonstrating debugger detection across various platforms:

Saving any sensitive data on a device without a lock / passcode makes them more prone to theft. With no user authentification device can be accessed and modified with minimal effort. freeRASP checks if the device is secured with any type of lock.

Below are code snippets demonstrating passcode detection across various platforms:

// Android lock check
override fun onUnlockedDeviceDetected() {
    TODO("Not yet implemented")
}

// iOS lock check
case passcode

// Flutter unlocked device and passcode detection
onPasscode: () => print("Passcode not set")

// Cordova unlocked device and passcode detection
passcode: () => {
    // Place your reaction here
}

// React Native unlocked device and passcode detection
passcode: () => {
    // Place your reaction here
}

// Capacitor unlocked device and passcode detection
passcode: () => {
    // Place your reaction here
}

Variables

TalsecConfig

Specifies configuration for your app. See the table below for detailed description of the attributes.

Classes

public class Talsec

Methods

public static func start(config: TalsecRuntime.TalsecConfig)

• The method used to start freeRASP's audit.

public static func blockScreenCapture(enable: Bool, window: UIWindow)

• The method blocks the screen capture in specific UIWindow.

public static func isScreenCaptureBlocked(in window: UIWindow) -> Bool

• The method returns whether the screen capture is blocked in specific UIWindow.

public static func storeExternalId(externalId: String)

• The method stores an externalId into the logs for data collection.

Protocols

public protocol SecurityThreatHandler

Methods

func threatDetected(_ securityThreat: TalsecRuntime.SecurityThreat)

• Notifier about detected threats.

public protocol TalsecRuntume.RaspExecutionState

Methods

func onAllChecksFinished()

• Notifier about finished threats

Enums

public enum SecurityThreat : String, Codable, CaseIterable, Equatable

Provides all types of threats detected by freeRASP. Read more about the meaning of the threats in the .

Cases

• signature

• jailbreak

• debugger

• runtimeManipulation

At Talsec, our commitment goes beyond just providing strong security solutions. We believe in continuously evolving our offerings by actively listening to community feedback and responding to the unique needs of developers. Our goal is not only to protect your applications but also to ensure that your insights and experiences shape our products.

We value your input because we understand that secure and effective development tooling is built through collaboration. Your voice, as a developer, is crucial to making our solutions more robust, dev-friendly, and aligned with real-world challenges.

Issues

We strive to deliver a flawless experience with our software. However, despite our best efforts, occasional bugs or issues may still arise. If you encounter any problems or notice anything that seems out of place, we encourage you to let us know.

Enhancements

If you have ideas that could enhance freeRASP or improve your developer experience, we want to hear from you. We value suggestions from the community, as they reflect real needs and practical experiences.

To share your idea, please open an enhancement issue on our GitHub repository. Your input helps us prioritize features and improvements that matter most to our users.

Enhancements Tracking

We recognize that some ideas are already on our radar and are actively under consideration. To keep track of proposed enhancements and their progress, we use GitHub Projects.

Before submitting a new idea, we recommend reviewing our GitHub Projects board. This will help you see if your suggestion is already being worked on or if similar ideas have been proposed.

💬 Join the Talsec Community!

Are you looking for upcoming events, ways to engage on social media, or a quick overview of our key programs? This is the hub of our community! Visit the main go-to resource for staying connected with Talsec.

There are two possible values for this flag:

• true

  • Indicates the Release version.

  • This is the default value when undefined.

• false

  • Indicates the Dev version.

The Dev version of freeRASP is intended for usage during the development phase. It serves the purpose of segregating development and production data, as well as disabling certain checks that are not applicable during the development process. These checks include:

• Emulator usage (onSimulator),

• Debugging (onDebug),

• Signing (onAppIntegrity),

freeRASP performs several security checks to detect potential threats during runtime, each targeting specific attack vectors. Developers and business owners can determine the appropriate response to these incidents, whether by terminating the application, alerting the user, logging the incident details, or choosing to ignore it.

For a detailed explanation of each security check and guidance on selecting an appropriate response, please refer to the individual threat descriptions in the subsections. Remember, the ideal response will depend on your application's specific security needs and use cases.

Sections

• [Android devices only]

• (Keystore/Keychain secure storage check)

• [Android devices only]

• [Android devices only]

• (Screenshot and screen recording detection, block screenshot capture)

• [Android devices only]

We need to ensure that critical security information reaches the right person—or team—responsible for your app.

• Invite Your Team: The business email you provide serves as the foundation for your Organization within the . Once established, you can invite other developers, security analysts, and managers to a centralized dashboard.

• Prevent Missed Threats: Imagine a new, widespread attack targeting apps like yours. A throwaway email address means you will miss the security alert, leaving your application and users vulnerable.

• Secure Authentication: A valid email is our primary method for verifying your identity & app ownership to ensure that only authorized personnel can access your app's sensitive security data on the .

• It’s Your Professional Identity: We treat you as a professional partner. A business email helps us to establish a proper communication channel with you.

freeRASP for React Native is a bare React Native plugin. When installing freeRASP into a project that uses Expo SDK, there may be extra configuration needed.

To integrate freeRASP into the Expo projects, follow the instructions for React Native. After that, continue on this page.

We provide a plugin config that sets up the dependencies of freeRASP without the need to eject the Expo project. It is recommended to use the plugin config. However, manual setup is also possible.

Plugin config setup

Add the plugin config to your app.json and specify the minSdkVersion (use at least 23). Additionally, if you are using Expo 50, increase the version of R8 above 8.2 with the R8Version property .

Manual setup

1. Increase minSdkVersion

   This can be done in two ways:

   • update the minSdkVersion property directly in android/build.gradle, or

   • use expo-build-properties plugin, which updates the property in the prebuild phase.

Variables

TalsecConfig

Specifies configuration for your app. See the table below for a detailed description of the attributes.

How to use this

This curated AI prompt is designed to get the freeRASP into your app to save you time. The AI cannot make security decisions for you.

🖥️ Talsec Portal - Learn Your Security Posture, Detect Threats, and Benchmark Your App

Access real-time security insights, global benchmarks, and detailed analytics!

Talsec Portal is a centralized dashboard that visualizes the security data collected by freeRASP from your app, giving you real-time insights into threats, incidents, and benchmarks—so if you're using freeRASP, this is where your app's security intelligence lives.

We would like to reflect on a few performance and telemetry-related topics that emerge occasionally.

Common Questions:

• Why does it take too long to finish all the checks?

• How to know when all checks are finished?

• When are telemetry data transmitted?

freeRASP collects anonymized security diagnostics data from apps. These data contain:

• Application state and security.

• Device state and security.

• Anonymous app instance ID and device ID.

This information allows Talsec to provide a , improve the freeRASP product and even the , or prepare mobile security reports and articles.

If you want to learn about the differences between freeRASP and BusinessRASP+, you’re in the right place. On this page, we’ll explore the key features and benefits of each option, compare their functionalities, and highlight how the BusinessRASP+ subscription can offer enhanced capabilities and support compared to the freeRASP plan. By the end, you’ll have a clear understanding of which solution best meets your needs and how to make the most of it.

What are the advantages of the commercial Talsec SDK subscription plans compared to freeRASP?

freeRASP is a freemium product, which means there are Fair Usage Policy conditions. For using freeRASP, please refer to the Integration Manual.

and are premium products with a subscription model (which includes SW licenses, SLA, maintenance updates, and more) for SDKs. It is not SaaS, which means we don't introduce any dependency on third-party web services for your mobile solution.

Talsec doesn't collect any customer data within RASP+, while freeRASP SDK sends the diagnostical information to Talsec servers to provide clients with regular security reports and improve the product. You should consider adding Talsec to the list of Data Processors in case of freeRASP usage.

Top 10 Advantages of Talsec RASP+ Business Subscription Over freeRASP

Here are the top 10 benefits of choosing a Talsec RASP+ Business subscription, which includes an SDK license, SLA, and additional services, compared to the freeRASP option.

For any questions, please refer to our or schedule a call with us by choosing a time slot on .

The most frequent issues occurring during integration:

General

Android Devices

iOS Devices

For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.

Users can share a copy of the application on unofficial stores or various pirate forums. While some users download these copies to avoid paying for the product, they can include unknown and possibly dangerous modifications. Verifying an official installation consequently protects both the users and the owner. This reaction is also triggered, if you install the application through alternative ways like unofficial store or Xcode build.

Below are code snippets demonstrating detection of unofficial installation across various platforms:

Define alternative supported stores

If you want to define which applications can install the application, insert its package name in the supportedAlternativeStores (or supportedStores on Flutter) parameter. If you publish on Google Play, Huawei AppGallery, App Store (iOS), and TestFlight (iOS), you don't need to assign anything, as they are already supported out of the box.

The application can also be installed by "cloning" apps, which users employ to transfer apps between devices. The following list comprises popular examples of such apps. By default, freeRASP categorizes them as installations from an unofficial store .

Finally, it's very common application gets installed through browser, file manager, cloud storage or various messaging apps. By default, freeRASP categorizes them as installations from unofficial store.

Screenshot Detection

Screenshot detection identifies when a screenshot is taken on a device. Screenshots can expose sensitive app data, such as user credentials, personal content, or confidential information, leading to privacy and security risks. By detecting screenshots, apps can take preventive measures, such as:

• Obscuring sensitive content before the screenshot is captured.

• Notifying users that a screenshot has been taken.

• Logging events for security monitoring and analysis.

Platform-Specific Implementations

Screen Recording Detection

Screen recording detection helps identify when a device's screen is being recorded. Screen recordings can capture sensitive data, such as user interactions and proprietary app content. By detecting screen recordings, apps can:

• Mask sensitive information during recording.

• Alert users that their screen is being recorded.

• Log events for further security analysis.

Platform-Specific Implementations

Screen Capture Protection

Screen capture protection prevents your app’s content from appearing in screenshots and screen recordings. When enabled, captured images and recordings display a black screen, protecting sensitive information.

To enable or disable protection dynamically, pass true or false.

Check Screen Capture State

To check whether screen capture is currently blocked in the application, use the following method:

Read More

In our article we explain how to block screenshots, screen recording, and remote access tools in mobile apps to protect user data. It discusses security threats such as built-in screenshot tools, remote desktop apps like TeamViewer, screen mirroring software, third-party recording apps, and ADB-based access.

Watch on YouTube

This page provides you with all the necessary information about for . Please read it carefully. If you have a question, don't hesitate to .

📦 Install the plugin

In this section, you will implement the imported freeRASP Action.

1. On your app's initial page, navigate to the UI Builder.

Types

FreeraspConfig

Specifies configuration for your app. See the table below for detailed description of the attributes.

AndroidConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

IOSConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

NativeEventEmitterActions

Specifies a set of callbacks that are used to notify the application when certain security threat is detected.

Actions

Methods

const startFreeRASP = async (config: FreeraspConfig, reactions: NativeEventEmitterActions): Promise<bool>

Method is used to start freeRASP's audit and set up listeners for threats. Returns true when successful.

const removeThreatListeners = (): void

Unregisters threat listeners. Should be called only when the app is being terminated.

const blockScreenCapture = async (enable: boolean): Promise<boolean>

const isScreenCaptureBlocked = async (): Promise<boolean>

📦 Add the dependency

1. From GitHub, Copy into your Application folder.

2. Drag & drop the Talsec folder to your .xcworkspace.

3. Add TalsecRuntime framework to Target > Build Phases > Link Binary With Libraries.

4. In the General > Frameworks, Libraries, and Embedded Content choose Embed & Sign.

Note: In case you are using Carthage, the zipped version of the framework is included in the .

⚙️ Setup the Configuration for your App

To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided .

In the AppDelegate import TalsecRuntime and add the following code (e.g., in the didFinishLaunchingWithOptions method.:

👷 Handle detected threats

You can handle the detected events using handlers. For example, you can log the event, show a window to the user or kill the application. See the to learn more details about the performed checks and their importance for app security.

1. Anywhere in your project (e.g. in AppDelegate), add the following code as an extension:

2. Use the code above for handling these types of events:

📱(Optionally) Add screenshot and screen capture blocking

To utilize active screen shot and screen capture (e.g. mirroring, screen recording) protection, you can use Talsec.blockScreenCapture(enable: Bool, window: UIWindow) with specific UIWindow on which it should be blocked. To receive whether the screen capture is blocked in the specific UIWindow, you can use the Talsec.isScreenCaptureBlocked(in window: UIWindow). For more details about all these screen capture methods, see .

👷(Optionally) Get information about state of check execution

You can use RaspExecutionState to get callback when are initial checks are finished:

🛡️ Start freeRASP

Invoke the following method right after setting up the TalsecConfig in previous steps.

Types

TalsecConfig

Specifies configuration for your app. See the table below for detailed description of the attributes.

AndroidConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

IOSConfig

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

NativeEventEmitterActions

Specifies a set of callbacks that are used to notify the application when certain security threat is detected.

Actions

Methods

const start = async (config: FreeraspConfig, eventListenerConfig: NativeEventEmitterActions): Promise<void>

Method is used to start freeRASP's audit and set up listeners for threats.

const blockScreenCapture = async (enable: boolean): Promise<string>

const isScreenCaptureBlocked = async (): Promise<boolean>

Types

TalsecConfig

Specifies configuration for your app. See the table below for detailed description of the attributes.