1 of 53

freeRASP

Introduction

Let's learn the basics about freeRASP protection.

freeRASP is a lightweight and easy-to-integrate mobile security library designed to protect apps from potential threats during the application's runtime. It contains multiple security checks, each aimed to cover possible attack vectors to ensure a high level of application security.

What does freeRASP do?

freeRASP provides protection against potentially dangerous behaviour, including the following:

Using rooted or jailbroken devices (e.g., su, Magisk, unc0ver, check1rain, Dopamine).
Reverse engineering attempts.
Running hooking frameworks (e.g., Frida, Xposed or Shadow).
Tampering or repackaging the application.
Installing the app through untrusted methods/unofficial stores.
Running the app in various emulators.
Screenshot and screen recording attempts.

You can read more about the concept of RASP (Runtime application self-protection) here.

Advantages

Reactions to various attacks and detected security threats via an API (callback mechanism).
Simple integration.
VPN and Developer Mode (Android) detection.
ADB, Developer Mode, USB debugging detections.
No significant effect on the app performance.
Weekly security report via email indicating the security status of devices and app integrity.
Fulfills OWASP MASVS-RESILIENCE requirements.

Top apps rely on Talsec SDKs—see them here.

Limitations

Limits of Fair Usage Policy (free up to 100k app downloads; additional conditions after).
Data collection from your app to Talsec DB.
Security protections:
- basic protection against root/jailbreak (including Magisk, Dopamine),
- basic runtime reverse engineering controls,
- basic runtime integrity controls.
No overlay and accessibility services misuse protection.

Learn more about the limitations of freeRASP here.

Workflow scheme

Supported platforms

freeRASP is currently supported for:

Android
iOS
Flutter
React Native
Cordova
Capacitor
Unity

freeRASP is currently tested and compatible with:

🤖 Android smartphones, tablets, emulators, Android TVs
🍎 iPhones, iPads, simulators

Discover freeRASP

Integration

The general flow of the integration can be decomposed into the following steps:

Conforming to the prerequisites, e.g. setting up Android minSdkVersion.
Adding the dependency.
Setting up the configuration for the application, e.g. package name or whether it is production or not (see Dev vs. Release version).
Handling the detected threats (callbacks).
Starting the SDK.
Enabling the source code obfuscation.
Become familiar with Security Report, User Data Policies and License.
Looking at , to provide an additional layer of protection by detecting malware or suspicious applications.
Looking at Features and Pricing plans if you are interested in more advanced solutions to protect your application and business.
Reading through Wiki and FAQ, if you are interested in more detailed information about internal workings.

Dev vs. Release version

The Dev version is intended for development purposes. It allows you to work on your app without interference from security features that could disrupt the process, e.g. if you would implement killing of the application on the debugger callback.

The Release version is meant for production and must always be used for your published app. It enables all security protections provided by freeRASP.

To configure this, set the isProd flag in freeRASP:

Release: isProd = true
Dev: isProd = false

⚠️Dev version disables some detections which won't be triggered during the development process:

Emulator/Simulator
Debugging
Tampering/Repackaging
Unofficial store/source
Obfuscation issues
Developer mode
ADB Enabled

Make sure that you use the Release version for the production.

Choose the Appropriate Version to Continue Integration

Choose the relevant section based on your app development platform:

Android

Example:

📝 Prerequisites

freeRASP requires a minimum SDK level of 23. To update the minimum SDK level of the application, follow these steps:

From the root of your project (or module level), go to the build.gradle.
Update minSdkVersion to at least 23 (Android 6.0) or higher.

Enable Screenshot and Screen Recording Detection

To and , add the following permissions to your AndroidManifest.xml file inside the <manifest> root tag:

Screenshot Detection is supported on Android 14 (API level 34) and higher. Screen Recording Detection is supported on Android 15 (API level 35) and higher.

📦 Add the dependency

Set Talsec's Artifact Registry in your project's settings.gradle (or build.gradle). You should comment out the relevant section in settings.gradle, if you want to use build.gradle, as settings.gradle is preferred:

Config via settings.gradle:

Config via build.gradle:

Make sure that Talsec's maven dependency is at the last position.

Set dependencies in your :app module's build.gradle:

⚙️ Setup the Configuration for your App

To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided .

Create an arbitrary subclass of Application(), override its onCreate()method and implement ThreatListener.ThreatDetected interface. You can, of course, use your Application subclass if you already have one in your project. If you encounter issues importing ThreatListener.ThreatDetected, please use 'Sync Project with Gradle Files' to resolve them.“
Add a new subclass to AndroidManifest.xml, inside <application> tag:
Set up the Configuration for your app with your values, which are explained in more detail in .

👷 Handle detected threats

You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the to learn more details about the performed checks and their importance for app security.

Implement methods of ThreatListener.ThreatDetected interface:
For the onMalwareDetected(p0: MutableList<SuspiciousAppInfo>?) callback, make sure you visit , a powerful feature designed to scan for malicious or suspicious apps.
Optionally, you can use a device state listener to get additional information about the device state, like passcode lock and HW-backed Keystore state:
Modify initialization of ThreatListener:
(Optional) You can integrate the screen capture methods to detect threats like screenshots - onScreenshotDetected() or screen recording - onScreenRecordingDetected(). If you do not implement the steps below, these detections will not work, in that case, you can just leave the implementations empty.
To use onScreenshotDetected() you have to be on Android 14+ (API 34+). Also, the application needs the following permission:
To use onScreenRecordingDetected() you have to be on Android 15+ (API 35+). Also, the application needs the following permission:
To utilize active protection, you can use Talsec.blockScreenCapture(activity, true). To receive whether the screen capture is blocked, you can use the Talsec.isScreenCaptureBlocked(). For more details about all these screen capture methods, see . Integration of all these methods should be performed at the Application level to best address the Android lifecycle:

🛡️ Start freeRASP

🌁 Enable source code obfuscation

You can make sure that the obfuscation is enabled by checking the value of minifyEnabled property in your module's build.gradle file.

Read more about why this is important in the.

☢️ (Optionally) Integrate freeMalwareDetection

freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.

It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.

Visit the repository to learn more about this feature! For the integration, refer to the for the Android platform.

API

Description of the freeRASP API

Variables

`TalsecConfig`

Specifies configuration for your app. See the table below for a detailed description of the attributes.

field

type

description

sample value

expectedPackageName

String

Package name of the app.

"com.talsec.freerasp.demoapp"

expectedSigningCertificateHashBase64

Array<String>

Certificate hashes of your app. You must get your expected signing certificate hashes in Base64 form. You can go through to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.

arrayOf( "mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=")

watcherMail

String?

The value is automatically used as the target address for your security reports. Mail has a strict form '[email protected]'.

"[email protected]"

supportedAlternativeStores

Array<String>

Package names of the alternative stores on which you are publishing the application. The Google Play Store and Huawei AppGallery, are included internally. (You can assign just emptyArray()). For more information, visit the wiki page.

arrayOf( "com.sec.android.app.samsungapps")

isProd

Boolean?

Defaults to true when undefined. If you want to use the Dev version to make the development process viable, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.

true

Classes

`public class ThreatListener`

Constructor

public ThreatListener(@NonNull ThreatDetected threatsCallback, @Nullable DeviceState deviceStateCallback)

Listener for the threats detected by freeRASP

Methods

public void registerListener(Context context)

Registers your reactions to detected threats with freeRASP.

public void unregisterListener(Context context)

Unregisters the reactions to detected threats.

public final class Talsec

Methods

public static void start(Context context, TalsecConfig config)

The method used to start freeRASP's functionality.

public static void blockScreenCapture(Activity activity, boolean enable)

The method used to Block / Unblock screen Capture.

public static void isScreenCaptureBlocked()

The method used to Know the state of screen capture blocking whether blocked or not.

Interfaces

`public interface ThreatDetected`

Sends callbacks to your app when a threat is detected. Read more about the meaning of the callbacks in the .

Methods:

void onRootDetected()
void onDebuggerDetected()
void onEmulatorDetected()
void onTamperDetected()
void onUntrustedInstallationSourceDetected()
void onHookDetected()
void onDeviceBindingDetected()
void onObfuscationIssuesDetected()
void onScreenshotDetected()
void onScreenRecordingDetected()

`public interface DeviceState`

Provides device state listener to get additional information about device state. Read more about the meaning of the device state listeners in the .

Methods:

void onUnlockedDeviceDetected()
void onHardwareBackedKeystoreNotAvailableDetected()
void onDeveloperModeDetected()
void onADBEnabledDetected()
void onSystemVPNDetected()

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007aa9f06888: Failure in SSL library, usually a protocol error

Reason:

Conflicts between one of our device binding detection controls and TLS/SSL, using AndroidKeyStore

Solution:

We've created a special version in which the device binding is disabled. Please, use the following dependency:

For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.

API

Description of the freeRASP API

Variables

`TalsecConfig`

Specifies configuration for your app. See the table below for detailed description of the attributes.

field

type

description

sample value

appBundleIds

[String]

List of Bundle IDs for the app

["com.talsec.freerasp.demoapp"]

appTeamId

String

Apple Team ID for the signing of the app

"M8AK35..."

watcherMailAddress

String?

The value is automatically used as the target address for your security reports. Mail has a strict form '[email protected]'.

"[email protected]"

isProd

Bool?

Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!

true

Classes

`public class Talsec`

Methods

public static func start(config: TalsecRuntime.TalsecConfig)

The method used to start freeRASP's audit.

public static func blockScreenCapture(enable: Bool, window: UIWindow)

The method blocks the screen capture in specific UIWindow.

public static func isScreenCaptureBlocked(in window: UIWindow) -> Bool

The method returns whether the screen capture is blocked in specific UIWindow.

public static func storeExternalId(externalId: String)

The method stores an externalId into the logs for data collection.

Protocols

`public protocol SecurityThreatHandler`

Methods

func threatDetected(_ securityThreat: TalsecRuntime.SecurityThreat)

Notifier about detected threats.

Enums

`public enum SecurityThreat : String, Codable, CaseIterable, Equatable`

Provides all types of threats detected by freeRASP. Read more about the meaning of the threats in the .

Cases

signature
jailbreak
debugger
runtimeManipulation
passcode
simulator
missingSecureEnclave
systemVPN
deviceChange
deviceID
unofficialStore
screenshot
screenRecording

Troubleshooting

See the most frequent issues occurring during integration.

Currently, there are no commonly present issues solely for the Native iOS development platform. For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

FlutterFlow

This page provides you with all the necessary information about for . Please read it carefully. If you have a question, don't hesitate to .

📦 Install the plugin

In this section, you will implement the imported freeRASP Action.

On your app's initial page, navigate to the UI Builder.
On the right panel, click on Actions.
In the Action Flow Editor box, click Open.
In the newly opened window, click on On Page Load at the top.
Click Add Action (or + and then Add Action, if you already have an Action).
On the right panel, search for the runRASP Custom Action.
Select the runRASP Action.

In the Set Function Arguments section, you will find the configuration-related arguments and several "onX" arguments. More about reactions in the .

⚙️ Setup the Configuration for your App

The freeRASP Action requires several arguments to be filled to function. Some data are related to specific platforms.

If you are developing the application exclusively for one platform, you can omit the configuration part related to the other platform. If you don't want to provide configuration to an unrelated platform, provide an empty string:

Click the orange variable icon next to the Value label
Scroll down to Constants
Click Constant to expand the dropdown menu
Select Empty String

Configuration parameters

watcherMail

watcherMail is an email address designated for receiving security reports. Ensure that the email address follows the strict [email protected] format.

isProd

isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this .

[Android] packageName

packageName is a unique identifier for your Android application.

You can find the packageName value for your application in FlutterFlow settings:

Navigate to Settings and Integrations.
Locate and select App Details.
In the textbox labelled Package Name, you will find the package name associated with your application.

Do NOT use solutions such as to provide the value of the package name! The package name has to be hardcoded.

[Android] signingCertHash

signingCertHash is a hash of the certificate of the key which was used to sign the application. The value of the hash must be encoded in Base64 form.

More about signing hash and how to obtain it in .

[Android] supportedStore (optional)

supportedStore is a third-party app store to which your application is uploaded. By including this store, freeRASP considers it as trusted source.

To add a store, add the package name of the store to the supportedStore list.

Google Play store and Huawei AppGallery are supported out of the box. You don't need to add them.

[iOS] bundleId

bundleId is a unique identifier for your iOS application.

More about bundle ID and how to obtain one: .

[iOS] teamId

teamId is a unique identifier assigned to a development team enrolled in the Apple Developer Program.

You can find your teamId on the Apple Developer portal:

Go to the website: .
Log in using the account that is used to sign and release your app.
Scroll down to the Membership details section.
Look for the line labelled "Team ID" - the value of your team will be displayed there.

👷 Handle detected threats

The freeRASP Action offers multiple callbacks for handling threats. A callback is an that gets triggered when a threat is detected.

To implement callback:

Open Action Flow Editor with runRASP action.
Open one of the dropdown menus labelled "onX" on the right panel (X for a given type of reaction, for example, onAppIntegrity)
In the Action Flow Editor box, click on Open.
Implement your reaction.

Visit to learn more details about the performed checks and their importance for app security.

Limitations

Limited configuration

freeRASP for Flutter allows you to define multiple values for:

Signing certificate hash
Supported app store
Bundle ID

Due to FlutterFlow's limitations, the current implementation of freeRASP for FlutterFlow only allows you to specify a single value for each of these attributes. If want to provide more values, you can download the code and adjust those parameters manually (see )

Mobile support only

Currently, freeRASP supports only Android and iOS. When running the application in the FlutterFlow web client, freeRASP will not be initialized.

[Android] Minimal SDK level

The minimum required Android SDK level for freeRASP is 23. FlutterFlow applications have a minimum SDK level of 21 by default.

This creates some restrictions:

Deploying the application from the FlutterFlow web client is not possible.
Downloading the APK from the FlutterFlow web client is not supported.

To overcome these limitations, we recommend following these steps:

Download the code.
Manually raise the SDK level in the build.gradle file to 23.
Deploy the application using Google Play Console.

Raising SDK version

From the root of your project, go to android > app > build.gradle
In defaultConfig update minSdkVersion to at least 23 (Android 6.0) or higher

API

Description of the freeRASP API

Variables

`TalsecConfig`

Specifies configuration for your app. See the table below for detailed description of the attributes.

field

type

description

sample value

`AndroidConfig`

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field

type

description

sample value

`IOSConfig`

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field

type

description

sample value

Methods

`Future<void> start(TalsecConfig config)`

Starts freeRASP with configuration provided in config.

`void attachListener(ThreatCallback callback)`

Attaches instance of ThreatCallback to freeRASP. If ThreatCallback is already attached, current one will be detached and replaced with callback. When threat is detected, respective callback of ThreatCallback is invoked.

Classes

`ThreatCallback`

A class which represents a set of callbacks that are used to notify the application when certain security threat is detected. Read more about the meaning of the callbacks in the .

Methods

method name

return type

Android

iOS

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

General

Upgrading from freeRASP 4.x.x or earlier

Please remove the old TalsecRuntime.xcframework and integration script from your project:

Go to your project's ios folder
Open Runner.xcworkspace in Xcode
On the top bar, select Product -> Scheme -> Edit Scheme...
On the left side, select Build -> Pre-actions
Find the integration script and click the trash icon on the right side to remove it
Open the .flutter-plugins (in the root folder of the app), and get the address where the freerasp is installed.
Go to the given folder, and remove the freerasp folder file.
Delete the .symlinks folder from the project.
Run pub get
Run pod install to test it

Otherwise, no further setup is required.

Note: You need Xcode 15 to be able to build the application.

Android Devices

Could not find ... dependency issue

Solution: Add dependency manually (see issue).

In android -> app -> build.gradle add these dependencies

dependencies {
    ...
    // Talsec dependency
    implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Flutter:<version>'
}

Code throws java.lang.UnsatisfiedLinkError: No implementation found for... exception when building APK

Solution: The Android version of freeRASP is already obfuscated.

Add this rule to your proguard-rules.pro file:

-keepclasseswithmembernames,includedescriptorclasses class * {
native ;
}

APK size increased a lot after implementation of freeRASP

Solution: In android/app/src/AndroidManifest.xml add attribute into application tag:

The updated tag might look like this:

As pointed out in this issue comment, setting extractNativeLibs to true removes native libraries from the final APK, resulting in a smaller size. Conversely, setting it to false keeps the libraries uncompressed and stored within the APK, which increases the APK size but might allow the application to load faster because the libraries are loaded directly at runtime.

iOS Devices

Unable to build release for simulator in Xcode (errors)

Solution: The simulator does not support the release build of Flutter - more about it here. Use a real device in order to build the app in release mode.

MissingPluginException occurs on hot restart

Solution: Technical limitation of Flutter - more about it here. Use command flutter run to launch the app (i.e. run the app from scratch).

For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

Expo

freeRASP for React Native is a bare React Native plugin. When installing freeRASP into a project that uses Expo SDK, there may be extra configuration needed.

To integrate freeRASP into the Expo projects, follow the instructions for React Native. After that, continue on this page.

We provide a plugin config that sets up the dependencies of freeRASP without the need to eject the Expo project. It is recommended to use the plugin config. However, manual setup is also possible.

Plugin config setup

Add the plugin config to your app.json and specify the minSdkVersion (use at least 23). Additionally, if you are using Expo 50, increase the version of R8 above 8.2 with the R8Version property (to support sealed classes on Android).

"plugins":[
    [
        "freerasp-react-native/app.plugin.js",
        {
            "android":{
                "minSdkVersion":"23",
                "R8Version":"8.3.37" // optional for Expo 50
            }
        }
    ]
]

Manual setup

Increase minSdkVersion
This can be done in two ways:
- update the minSdkVersion property directly in android/build.gradle, or
- use expo-build-properties plugin, which updates the property in the prebuild phase. Read more in the Expo docs.
Add maven dependency
1. open android/build.gradle (if you don't see the android folder, run npx expo prebuild -p android in terminal to create it)
2. add the following dependency under allprojects > repositories:
  maven { url "https://europe-west3-maven.pkg.dev/talsec-artifact-repository/freerasp" }
3. if not already configured, add also:
  maven { url 'https://www.jitpack.io' }

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

General

Could not determine the dependencies of task ':freerasp-react-native:compileDebugAidl'

Solution:

In package.json, update react-native to a higher patch version and run npm install (or yarn install).

See to find out which patch version is relevant for you.

Invalid hook call. Hooks can only be called inside of the body of a function component.

Reason: The useFreeRasp Hook cannot be called inside useEffect.

Solution:

If you want to initialize freeRASP inside useEffect, you have to handle the initialization on your own. Such inititialization would look like this:

Where actions, config are objects described in the integration guide.

Android Devices

Execution failed for task ':freerasp-react-native:minifyReleaseWithR8'.

Sealed classes are not supported as program classes when generating class files.

Reason: Kotlin sealed classes are not supported in AGP 8.1 used by some versions of RN (currently 0.73.x)

Solution: Follow , which also contains additional information about the issue.

iOS Devices

Unsupported Swift architecture

Reason: The arm64 macro is not set under Rosetta.

Solution: Go to <your_project>/node_modules/freerasp-react-native/ios/TalsecRuntime.xcframework/ios-arm64/TalsecRuntime.framework/Headers/TalsecRuntime-Swift.h and move the following code (lines 4 and 5 in the file) to the top of the file:

For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.

API

Description of the freeRASP API

Types

`TalsecConfig`

Specifies configuration for your app. See the table below for detailed description of the attributes.

field

type

description

sample value

`AndroidConfig`

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field

type

description

sample value

`IOSConfig`

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field

type

description

sample value

`NativeEventEmitterActions`

Specifies a set of callbacks that are used to notify the application when certain security threat is detected.

Actions

threat

type

Android

iOS

Methods

`const start = async (config: FreeraspConfig,` eventListenerConfig: NativeEventEmitterActions`): Promise<void>`

Method is used to start freeRASP's audit and set up listeners for threats.

`const blockScreenCapture = async (enable: boolean): Promise`<string>

`const isScreenCaptureBlocked = async (): Promise`<boolean>

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

ReferenceError: TalsecPlugin is not defined

Reason:

Cordova Angular cannot find the talsec object.

Solution:

Add the following line below imports: declare var talsec: any;

For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.

API

Description of the freeRASP API

Types

`FreeraspConfig`

Specifies configuration for your app. See the table below for detailed description of the attributes.

field

type

description

sample value

`AndroidConfig`

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field

type

description

sample value

`IOSConfig`

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field

type

description

sample value

`NativeEventEmitterActions`

Specifies a set of callbacks that are used to notify the application when certain security threat is detected.

Actions

threat

type

Android

iOS

Methods

`const startFreeRASP = async (config: FreeraspConfig, reactions:` NativeEventEmitterActions`): Promise<bool>`

Method is used to start freeRASP's audit and set up listeners for threats. Returns true when successful.

`const removeThreatListeners = (): void`

Unregisters threat listeners. Should be called only when the app is being terminated.

`const blockScreenCapture = async (enable: boolean): Promise`<boolean>

`const isScreenCaptureBlocked = async (): Promise`<boolean>

Troubleshooting

See the most frequent issues occurring during integration.

Currently, there are no commonly present issues solely for the Capacitor development platform. For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

The Key Differences: freeRASP vs. RASP+

If you want to learn about the differences between freeRASP and BusinessRASP+, you’re in the right place. On this page, we’ll explore the key features and benefits of each option, compare their functionalities, and highlight how the BusinessRASP+ subscription can offer enhanced capabilities and support compared to the freeRASP plan. By the end, you’ll have a clear understanding of which solution best meets your needs and how to make the most of it.

What are the advantages of the commercial Talsec SDK subscription plans compared to freeRASP?

freeRASP is a freemium product, which means there are Fair Usage Policy conditions (over 100k downloads) for using it. This means that we count the total number of downloads, where multiple downloads or updates from a single device are considered as one download. For using freeRASP, please refer to the .

and are premium products with a subscription model (which includes SW licenses, SLA, maintenance updates, and more) for SDKs. It is not SaaS, which means we don't introduce any dependency on third-party web services for your mobile solution.

Talsec doesn't collect any customer data within RASP+, while freeRASP SDK sends the diagnostical information to Talsec servers to provide clients with regular security reports and improve the product. You should consider adding Talsec to the list of Data Processors in case of freeRASP usage.

Top 10 Advantages of Talsec RASP+ Business Subscription Over freeRASP

Here are the top 10 benefits of choosing a Talsec RASP+ Business subscription, which includes an SDK license, SLA, and additional services, compared to the freeRASP option.

Bypass Protection

As a result, an app protected by freeRASP is less likely to pass a professional penetration test, as an experienced pentester would be able to bypass it more easily.

Device data collection by Talsec

Premium customers benefit from full control over telemetry and logging endpoints. I.e., Customers can use in-house or managed services like Elastic Cloud to collect mobile threat logs and set up Monitoring events for severe threats.

freeRASP SDK sends data to a Talsec-managed cloud DB (AWS in the USA) for product improvements, anomaly detection, freeRASP client reporting, and aggregated data analytics.

Better Resilience of API Callbacks

The RASP+ binary SDK is built individually with bindings to app-specific data (such as signing certificate hash, package name, team ID, etc.), making it unique to each application. In contrast, the freeRASP SDK is a generic binary used by all users, which can be more easily recognized by attackers. As a result, an app protected by freeRASP is less likely to pass a professional penetration test, as an experienced pentester could bypass it more easily.

AppiCrypt

AppiCrypt is our innovation and extremely powerful RASP hardening from the back-end that implements the concept of zero-trust for the apps world (app/device integrity control at the API gateway level). It is somewhat similar to a JWT verification for user authentication but AppiCrypt verifies that the request is generated by the legit and non-compromised app.

For more information, click . The detailed whitepaper is available .

Additional controls

In RASP+, there are additional controls compared to freeRASP, including:

UI Overlay attack protection.
Accessibility service misuse protection.
Google Play Services or Huawei Services control.
: Strings obfuscation and encryption, aka vaulting within RASP SDK (good for hiding API keys, endpoints, URLs).
VPN detection/prevention.

Dynamic TLS pinning

Business subscription includes SDK, which helps avoid the need to republish the app in case of certificate expiration or root certificate updates.

Self-care tools

Self-Care Tools for Remote SDK Configuration enable users to handle SDK configuration and management on their own, remotely. This functionality allows for seamless adjustments and updates, giving users greater control over their SDK settings.

New upcoming features

Stay tuned for the addition of new features, such as Remote Screen Control, Screen-cast detection, and Screen Mirroring detection.

In the mid-term plan, we will be introducing several new features to further enhance security:

App Enrollment for Mutual TLS SDK.
Voluntary Data Encryption/Decryption: Protect locally stored user data and app assets, such as ML models, with optional encryption and decryption.
Simple Application Layer E2E Encryption: Implement end-to-end encryption at the application layer to protect against Man-in-the-Middle (MiTM) attacks and unauthorized access by malicious administrators. This feature combats traffic data sniffing on the server side, especially behind a TLS API gateway or in server logs.
Advanced E2E Encryption and App Enrollment SDK + Google AppCheck: Strengthen your app's security with advanced end-to-end encryption, enhanced app enrollment SDK, and Google AppCheck, which binds secrets to the client app instance.

Automated App pentesting

Typically, our subscription package includes a free, one-time automated app scanning or pentesting. This service is useful for generic validation of OWASP compliance and preparing your app for external pentesting.

Service Level Agreement

With the BusinessRASP+ subscription, you receive an SLA that covers support and maintenance updates.

For any questions, please refer to our or schedule a call with us by choosing a time slot on .

Security Report

Weekly security status check of your application

The Security Report is a weekly summary describing the application's security state and characteristics of the devices it runs on in a practical and easy-to-understand way.

The report provides a quick overview about

Security incidents and their dynamics
App Integrity
Reverse engineering attempts

It also contains information about devices such as

OS version
Ratio of devices with lock screens
Ratio of devices with biometrics

Each visualization also comes with a concise explanation. To receive Security Reports, you need to fill out the watcherMail correctly. There can be only one mail value set up.

Haven't received your security report? You may have surpassed our limit.

User Data Policies

Information about collected data

freeRASP collects anonymized security diagnostics data from apps. These data contain:

Application state and security.
Device state and security.
Anonymous app instance ID and device ID.

This information allows Talsec to provide a , improve the freeRASP product and even the , or prepare mobile security reports and articles.

Data collection can be disabled or configured to a custom customer-owned logging service in

All the data collected by the freeRASP is technical diagnostics information and anonymous, but depending on the regulations applied, it could be considered sensitive and/or personal data.

Talsec recommends adding the statement below to the dedicated privacy policy page of your app. You can also use the text below while filling in the or publishing.

For the purpose of Fraud prevention, user safety, and compliance the dedicated App safety SDK needs to send the following anonymous diagnostic data off the device for detection of security issues. Thus the application collects the following data:

Category: App info and performance
- Data Type: Diagnostics
- Information about the integrity of the app and the operating system. For example, rooting, running in an emulator, hooking framework usage, etc...
Category: Device or other identifiers
- Data Type: Device or other identifiers
- Information that relates to an individual device. For example, a device model and anonymous identifier to control that app instance executed on the original device that it was initially installed on. It is needed to combat threats like bots and API abuse.

Google Play's Data Safety Policy

Google Play requires all app publishers to declare how they collect and handle user data for the apps they publish on Google Play. They should inform users properly of the data collected by the apps and how the data is shared and processed. Google will reject the apps which do not comply with the policy.

More about Google Play's Data safety .

The checks for the Google Play and details about data are specified above in .

App Store User Data Policy

Apple requires that all app developers disclose their data collection and handling practices for apps published on the App Store. Developers must clearly inform users about the data their apps collect, as well as how this data is shared and processed. Apps that do not adhere to Apple's data privacy guidelines will be rejected.

More about Apple App privacy .

To comply with the policy, in the App Privacy section, it is important to check the following:

Identifiers -> Device ID -> App Functionality
- It is an anonymous device identifier for the App vendor as per:
- Talsec Security SDK can not link the device identifier to the user
Diagnostics -> Performance Data -> App Functionality, Other Purposes, No for linking to the user
Diagnostics -> Other diagnostics data -> App Functionality, Other Purposes, No for linking to the user
Other data -> App Functionality, No for linking to the user
- Security diagnostics data (such as jailbreak)

Disclosure Screen

Google Play’s User Data policy indicates that a prominent disclosure should be presented to the users in case of an app collecting personal or sensitive data.

Although freeRASP collects diagnostical data (anonymous and not user-related), you (as the app publisher) should consider adding a disclosure screen, describing why the security diagnostic data is needed, what data, and how the data is used.

More about Google's best practices for prominent disclosure and consent .

License

This project is provided as freemium software, i.e. there is a fair usage policy that imposes some limitations on the free usage. The SDK software consists of open-source and binary parts, which is the property of Talsec. The open-source part is licensed under the MIT License - see the LICENSE file on GitHub for details.

Fair Usage Policy (FUP)

freeRASP & Fair Usage Policy

For all apps, regardless of the number of downloads:

Threat Intelligence Collection: Threat signal data will be collected and processed in Talsec’s database for security insights and product enhancement.

For apps exceeding 100k downloads (= 100 000), the following conditions apply:

Marketing Attribution: Talsec may feature the app name and logo in marketing materials (e.g., the "Trusted by" section on the website).
Brand Acknowledgment: Apps with over 100k downloads must display the "Protected by freeRASP" message with the freeRASP logo on relevant app screens.

Fair Usage Policy counts total downloads, with multiple downloads or updates from the same device counted as a single download.

Wiki

Welcome to the freeRASP wiki page!

This page provides additional information about the product. The main goal is to present clear and easily accessible content that will help you better understand freeRASP. We hope you find it helpful and informative.

What will you find on this Wiki page?

How to Get the Signing Certificate Hash.
Details on Callback Delay, Telemetry Impact, and Threat Scanning.
Information about Threat detection.
Overview of Code Obfuscation.

We encourage you to explore the different sections of this wiki to gain a more comprehensive understanding of the freeRASP product and its features. If you have any questions or need further assistance, please feel free to reach out to our support team at [email protected].

Getting Signing Certificate Hash

Before an Android application can be installed or updated, it must be digitally signed with a certificate. The signing certificate hash is a unique identifier of this certificate, playing a critical role in application security and integrity.

This hash ensures that:

The app's origin is verified, preventing malicious actors from distributing fake or modified versions.
Only the original developer can provide updates, ensuring a secure upgrade path.
Third-party services and APIs can authenticate the app before granting access.

Understanding the signing certificate hash is essential, especially when dealing with Google Play App Signing, where the upload key and distribution key may differ. Proper management of this concept helps maintain trust, prevent security breaches, and ensure a seamless app lifecycle.

Application Signing

Developers can sign the application using one of the following methods:

Manual App Signing.
- Development Certificate
- Production Certificate
Play App Signing.

Manual App Signing

Manual App Signing is a process where the developer signs an Android application (APK) using a private key stored in a keystore.

Development Certificate

The Development Certificate is used primarily during the development and testing phases. This certificate is automatically generated by Android build tools. It is used for signing the app during development to test features and debug without releasing the app to the public.

The SHA-256 digest from this certificate should not be used in a production environment, as the SDK may detect it as a potential security threat.

Production Certificate

The Production Certificate is used when preparing the app for public release. Developers create a and generate a private key for signing the application. This certificate must be kept secure as it ties the app to the developer for all future updates.

How to Retrieve Certificate Details in Manual App Signing?

In manual app signing, the developer owns a keystore used to sign the application. You can use tools like keytool or apksigner to retrieve certificate details, including the SHA-256 digest.

Using keytool:

Using apksigner:

Do not forget to convert the SHA-256 digest to Base64 format, as the SDK requires it in this format. You can find the conversion steps in .

Play App Signing

With Play App Signing, Google securely manages your app’s signing key and uses it to sign your application before distribution. This ensures that your app remains protected throughout its lifecycle while also enabling features like automatic key rotation.

How to find the SHA-256 fingerprint in Google Play Console?

To retrieve the SHA-256 digest of your signing certificate, follow these steps:

Go to View App.
Navigate to Setup > App Signing.
Under App Signing Key Certificate, locate the SHA-256 fingerprint.

An example SHA-256 fingerprint looks like this:

Do not forget to convert the SHA-256 digest to Base64 format, as the SDK requires it in this format. You can find the conversion steps in .

Converting the SHA-256 Hash to Base64

To convert hex string to Base64 form, use an online like . After conversion, you'll receive a string like this:

The resulting string is used in the Talsec configuration as a signing certificate hash.

Callback Delay, Telemetry Impact, and Threat Scanning Completion Status

We would like to reflect on a few performance and telemetry-related topics that emerge occasionally.

Common Questions:

Why does it take too long to finish all the checks?
How to know when all checks are finished?
When are telemetry data transmitted?

Key Notes:

Incidents that are triggered during the development (integration & testing) won't happen to a majority of users in the production.
Callbacks can be invoked slower if the freeRASP backend endpoint is overloaded. Data collection takes precedence. However, do not worry; the application will function as intended, and only callbacks might be a little delayed.

The Performance

freeRASP works smoothly in production, but it may be tricky to understand all the freeRASP concepts during development. During the integration and testing of the freeRASP, you may have observed that it took longer than expected to get results for all threats (callbacks). You want to get results quickly, respond to threats effectively, and ensure there is no noticeable jankiness in the UI interactions.

freeRASP has to do a lot of work once started. The cold boot is a really intensive moment when all detections must be performed, telemetry data transmitted, and callbacks to your app must be delivered (in this order).

Talsec team efforts and community contributions allow freeRASP to improve the performance and security trade-offs continually by tuning the asynchronous processes, network activity, and internal business logic. Like that time when the internal detector ordering was reworked to significantly speed evaluation based on and the telemetry insights about the speed of detectors 👌.

Beware Development vs. Production Environment Bias

Remember the phrase "It is darkest before the dawn"? The integration and testing of freeRASP are inherently accompanied by unintentional threat callbacks invoked by incorrect provisioning of the app's signature (appIntegrity callback), using a simulator for development, an unofficial store (because you haven't published it yet), and others. We've all been there.

It may also seem disconcerting to see that it takes too long until the last expected threat callback invokes. Yet, keep in mind that in production, these incidents won't happen for the genuine unaltered apps run in normal conditions. The performance impact will be negligible. On the contrary, the comfort of a potential attacker and performance degradation in adverse conditions is acceptable.

If you're getting the appIntegrity incident in the production app, send us your packageName/bundleId and watcherMail at [email protected], and we will look into it.

Cold Boot Telemetry & Best Effort Service

freeRASP collects security diagnostics data (read more in ) in accordance with the . Every detected threat is immediately synchronously logged to a common freeRASP backend. Latencies inflicted by the overload of the endpoint are unfortunate, but we continuously improve and scale as much as possible.

Detecting rooted or jailbroken devices

Rooting/jailbreaking is a technique of acquiring privileged control over the operating system of an Android/iOS device. While most users root their devices to overcome the limitations put on the devices by the manufacturers, it also enables those with malicious intent to abuse privileged access and steal sensitive information. Many different attack vectors require privileged access to be performed. Tools such as , , or can hide privileged access and are often used by attackers.

Learn more about the root detection and jailbreak detection.

Learn more about and detection in our glossary.

freeRASP uses various checks to detect whether the device is rooted or jailbroken. It detects not only rooted/jailbroken devices but also looks for the presence of their hiders (e.g., Magisk Hide, Shamiko, Shad0w, Dopamine).

From our data, around 0.5% - 1% of devices have traces of rooting and jailbreaking. Keep that in mind when choosing the appropriate reaction type.

Below are code snippets demonstrating root and jailbreak detection across various platforms:

Recommended action: Notify users that their device is insecure and log the event on your BE. Some of the applications (mostly banking) are often even killed upon the detection of this threat.

Emulator detection

Running an application inside an emulator/simulator allows an attacker to hook or trace program execution. For applications running inside an emulator, it is easy to inspect the system's state, reset it to a saved image, or monitor how the app operates. Keep in mind that not every emulator/simulator usage means an ongoing potential threat for the application.

Below are code snippets demonstrating emulator detection across various platforms:

// Android emulator check
override fun onEmulatorDetected() {
    TODO("Not yet implemented")
}

// iOS simulator detection
case simulator

// Flutter emulator and simulator detection
onSimulator: () => print("Simulator")

// Cordova emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

// React Native emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

// Capacitor emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

Recommended action: Notify users that their device is insecure and log the event on your BE. Some of the applications (mostly banking) are often even killed upon the detection of this threat.

Hook detection

The application can be analysed or modified even though its source code has not been changed, applying a technique known as hooking. This technique can be used to intercept system or application calls and then modify them. An attacker can exploit this by inserting new (often malicious) code or by altering existing one to obtain personal client data. The most well-known hooking frameworks are Frida, Xposed, or Cydia Substrate.

Learn more about in our glossary.

Below are code snippets demonstrating hook detection across various platforms:

// Android hook check
override fun onHookDetected() {
    TODO("Not yet implemented")
}

// iOS hook detection
case runtimeManipulation

// Flutter hook and runtime manipulation detection
onHooks: () => print("Hooks")

// Cordova hook and runtime manipulation detection
hooks: () => {
    // Place your reaction here
}

// React Native hook and runtime manipulation detection
hooks: () => {
    // Place your reaction here
}

// Capacitor hook and runtime manipulation detection
hooks: () => {
    // Place your reaction here
}

Recommended action: Notify users that their device or app is insecure and log the event on your BE. In some cases, it is recommended to even kill the application.

App tampering detection

Every application can be easily modified and then resigned by an attacker. This process is known as application repackaging. There may be many reasons for application repackaging, whether it's adding new code, removing app protections, or bypassing app licensing. A modified/tampered application is often distributed using third-party stores or other side channels.

Talsec uses various checks to detect whether the application was tampered (e.g., changed package name, signing hash).

Make sure that you have integrated Talsec correctly (e.g., signing certificate hash). Otherwise, this check might be triggered very often.

Below are code snippets demonstrating app tampering detection across various platforms:

Recommended action: Kill the application.

Debugger detection

While most developers use debuggers to trace the flow of their program during its execution same tool can be attached to an application in an attempt to reverse engineer, check memory values, and steal confidential information. This method looks for specific flags to determine whether the debugger is active and offers the option to disable it.

Below are code snippets demonstrating debugger detection across various platforms:

Recommended action: Kill the application.

Detecting unofficial installation

Users can share a copy of the application on unofficial stores or various pirate forums. While some users download these copies to avoid paying for the product, they can include unknown and possibly dangerous modifications. Verifying an official installation consequently protects both the users and the owner. This reaction is also triggered, if you install the application through alternative ways like unofficial store or Xcode build.

Below are code snippets demonstrating detection of unofficial installation across various platforms:

// Android
override fun onUntrustedInstallationSourceDetected() {...}

// iOS
case unofficialStore

// Flutter
onUnofficialStore: () => print("Unofficial store")

// Cordova 
unofficialStore: () => {
    // Place your reaction here 
}

// React Native
unofficialStore: () => {
    // Place your reaction here 
}

// Capacitor
unofficialStore: () => {
    // Place your reaction here 
}

Recommended action: Notify users that the application is installed from an unofficial store. In some cases, it is recommended to even kill the application.

Define alternative supported stores

If you want to define which applications can install the application, insert its package name in the supportedAlternativeStores (or supportedStores on Flutter) parameter. If you publish on Google Play, Huawei AppGallery, App Store (iOS), and TestFlight (iOS), you don't need to assign anything, as they are already supported out of the box.

Store / Distribution method

Package name

Notes

App Store (iOS)

Included by default, no action needed

TestFlight (iOS)

Included by default, no action needed

Google Play

Included by default, no action needed

Huawei AppGallery

Included by default, no action needed

Firebase App Distribution

dev.firebase.appdistribution

Samsung Galaxy Store

com.sec.android.app.samsungapps

Common on Samsung devices

Vivo App Store

com.vivo.appstore

Common on Vivo devices

HeyTap

com.heytap.market

Common on Realme and Oppo devices

Oppo App Market

com.oppo.market

Common on Oppo devices

GetApps

com.xiaomi.mipicks

Common on Xiaomi, Redmi and POCO devices

The application can also be installed by "cloning" apps, which users employ to transfer apps between devices. The following list comprises popular examples of such apps. By default, freeRASP categorizes them as installations from an unofficial store .

Mover / Cloner app

Package name

Mi Mover (Xiaomi)

com.miui.huanji

Phone Clone (Huawei)

com.hicloud.android.clone

Samsung Smart Switch

com.sec.android.easyMover

Samsung Cloud for Wear OS

com.samsung.android.scloud

OPPO Clone Phone

com.coloros.backuprestore

EasyShare (Vivo)

com.vivo.easyshare

Clone Phone (OnePlus)

com.oneplus.backuprestore

SHAREit (Lenovo)

com.lenovo.anyshare.gps

SHAREit Lite

shareit.lite

ShareMe (Xiaomi)

com.xiaomi.midrop

MIUI Backup (Xiaomi)

com.miui.backup

Phone Clone (Honor)

com.hihonor.android.clone

Finally, it's very common application gets installed through browser, file manager, cloud storage or various messaging apps. By default, freeRASP categorizes them as installations from unofficial store.

Device binding detection

Device binding is attaching an application instance to a particular mobile device. This method detects a transfer of an application instance to another device. A new install of the application (e.g. in case of buying a new device and transfer the apps) is not detected.

The deviceID detects, whether the has been changed. It is triggered after reinstallation of the application if there are no other applications from the same vendor installed. The value can also change when installing test builds using Xcode or when installing an app on a device using ad-hoc distribution.

Below are code snippets demonstrating device binding detection across various platforms:

Recommended action: Log the event on your BE and react to it if you need to have an instance attached to a particular mobile device (e.g., activation scenarios); otherwise you can ignore it.

Secure Hardware detection (Keystore/Keychain secure storage check)

The Secure Enclave and the Android Keystore system make it very difficult to decrypt sensitive data without physical access to the device. In that order, these keys need to be stored securely. freeRASP checks if the keys reside inside secure hardware.

Below are code snippets demonstrating missing hardware detection across various platforms:

Recommended action: Ignore the callback or log the event to your BE.

Passcode

Saving any sensitive data on a device without a lock / passcode makes them more prone to theft. With no user authentification device can be accessed and modified with minimal effort. freeRASP checks if the device is secured with any type of lock.

Below are code snippets demonstrating passcode detection across various platforms:

Recommended action: Log the event on your BE or react to it if you need users to have a screen lock set up, otherwise ignore it.

System VPN detection

Detecting a running VPN service on mobile devices is critical for security-sensitive applications, as it can indicate potential privacy and security risks. VPNs can obscure the user’s actual IP address and route data through servers potentially under external control, which might interfere with geographical restrictions and bypass network security settings intended to protect data integrity and confidentiality. Such anonymising features could be exploited to mask illicit activities, evade compliance controls, or access services from unauthorised regions. FreeRASP checks whether the system VPN is enabled.

Below are code snippets demonstrating system VPN detection across various platforms:

Recommended action: Log the event on your BE

Developer Mode detection [Android devices only]

Android developer mode allows deeper system access and debugging capabilities that can bypass app security measures. Developer mode can enable settings that facilitate the installation of uncertified applications and the execution of potentially harmful code, posing significant risks to data integrity and app functionality. FreeRASP detects whether the developer mode is enabled.

Warning: This vulnerability is particularly critical on Android 12 and 13 devices with Developer Mode enabled. A local attacker with ADB shell access can execute arbitrary code within the context of any non-system app, granting them full access to the app’s private data files, AccountManager-stored credentials, and other privileged resources. This bypasses the Application Sandbox’s intended protections, which are designed to isolate app data even from device owners.

Below are code snippets demonstrating developer mode detection across various platforms:

Recommended action: Log the event on your BE

ADB enabled detection [Android devices only]

ADB (Android Debug Bridge) Enabled is a power-user feature activated through the "USB Installation" option in the Developer settings. This state can signal potential security risks, such as apps being installed via USB, the device being connected to a man-in-the-middle (MiTM) proxy, or the device running as an emulator. When ADB is enabled, it allows extensive access to the device, including pulling and pushing files, issuing shell commands, working with the activity manager (e.g., starting activities, broadcasting intents, modifying hidden Android settings, attaching a profiler to a process, or making an app debuggable), and managing packages. Additionally, it enables capturing screenshots, recording the screen, and other actions that can compromise app security and user privacy. FreeRASP detects whether the USB debugging is enabled.

Below are code snippets demonstrating ADB enabled detection across various platforms:

Recommended action: Log the event on your BE

Screen Capture

Screenshot Detection

Screenshot detection identifies when a screenshot is taken on a device. Screenshots can expose sensitive app data, such as user credentials, personal content, or confidential information, leading to privacy and security risks. By detecting screenshots, apps can take preventive measures, such as:

Obscuring sensitive content before the screenshot is captured.
Notifying users that a screenshot has been taken.
Logging events for security monitoring and analysis.

Platform-Specific Implementations

Screen Recording Detection

Screen recording detection helps identify when a device's screen is being recorded. Screen recordings can capture sensitive data, such as user interactions and proprietary app content. By detecting screen recordings, apps can:

Mask sensitive information during recording.
Alert users that their screen is being recorded.
Log events for further security analysis.

Platform-Specific Implementations

Recommended action: Log the event on your BE or hide the sensitive content.

Screen Capture Protection

Screen capture protection prevents your app’s content from appearing in screenshots and screen recordings. When enabled, captured images and recordings display a black screen, protecting sensitive information.

To enable or disable protection dynamically, pass true or false.

Check Screen Capture State

To check whether screen capture is currently blocked in the application, use the following method:

For Android 11 (API 30) and lower, Screen Capture is able to help around 70% of the devices reliably. This is because on certain devices, keyboard taps can be recorded.

In our article we explain how to block screenshots, screen recording, and remote access tools in mobile apps to protect user data. It discusses security threats such as built-in screenshot tools, remote desktop apps like TeamViewer, screen mirroring software, third-party recording apps, and ADB-based access.

Watch on YouTube

Source code obfuscation

The freeRASP contains public API so that the integration process is as simple as possible. Unfortunately, this also creates opportunities for the attacker to use publicly available information to interrupt freeRASP operations or modify your custom reaction implementation in threat callbacks. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also partially randomized for each application so it cannot be automatically abused by generic hooking scripts.

The majority of Android projects support code shrinking and obfuscation without any additional need for setup. The owner of the project can define the set of rules that are usually automatically used when the application is built in the release mode. For detailed guidance, explore the official documentation through these links: and .

isProd flag

There are two possible values for this flag:

true
- Indicates the Release version.
- This is the default value when undefined.
false
- Indicates the Dev version.

The Dev version of freeRASP is intended for usage during the development phase. It serves the purpose of segregating development and production data, as well as disabling certain checks that are not applicable during the development process. These checks include:

Emulator usage (onSimulator),
Debugging (onDebug),
Signing (onAppIntegrity),
Unofficial store (onUnofficialStore),
Obfuscation issues (onObfuscationIssues),
Developer mode (onDevMode),
ADB Enabled (onADBEnabled).

About Us

Talsec is an academic-based and community-driven mobile security company. We deliver in-App Protection and a User Safety suite for Fintechs. We aim to bridge the gaps between the user's perception of app safety and the strong security requirements of the financial industry.

Talsec offers a wide range of security solutions, such as App and API protection SDK, monitoring services, and the User Safety suite. You can check out the offered products on our web.

Contribution

At Talsec, our commitment goes beyond just providing strong security solutions. We believe in continuously evolving our offerings by actively listening to community feedback and responding to the unique needs of developers. Our goal is not only to protect your applications but also to ensure that your insights and experiences shape our products.

We value your input because we understand that secure and effective development tooling is built through collaboration. Your voice, as a developer, is crucial to making our solutions more robust, dev-friendly, and aligned with real-world challenges.

Issues

We strive to deliver a flawless experience with our software. However, despite our best efforts, occasional bugs or issues may still arise. If you encounter any problems or notice anything that seems out of place, we encourage you to let us know.

Enhancements

If you have ideas that could enhance freeRASP or improve your developer experience, we want to hear from you. We value suggestions from the community, as they reflect real needs and practical experiences.

To share your idea, please open an enhancement issue on our GitHub repository. Your input helps us prioritize features and improvements that matter most to our users.

Enhancements Tracking

We recognize that some ideas are already on our radar and are actively under consideration. To keep track of proposed enhancements and their progress, we use GitHub Projects.

Before submitting a new idea, we recommend reviewing our GitHub Projects board. This will help you see if your suggestion is already being worked on or if similar ideas have been proposed.

💬 Join the Talsec Community!

Are you looking for upcoming events, ways to engage on social media, or a quick overview of our key programs? This is the hub of our community! Visit the main go-to resource for staying connected with Talsec.

What's New and Changelog

Stay up-to-date with the latest features, improvements and bug fixes for freeRASP. Here you'll find detailed information about each update we've rolled out, organized by platform. Whether you're using the Android, iOS, Flutter, React Native, Capacitor, or Cordova version, all platforms are supported.

Explore the tabs below to see what's new and how the experience has been improved for you. If you're looking for specific changes or features, each update is documented for your convenience.

Latest from Articles

Learn more: https://docs.talsec.app/appsec-articles

Changelog

Latest Version 15.1.0

Improvement

Added new root detection checks.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
Added externalId to put an integrator-specified custom identifier into the logs. This feature will be presented later.

Fixed

Resolved SecurityException caused by getNetworkCapabilities() - Android 11 specific bug (GH Android issue #56).

Version 15.0.0

Changed

Compile API increased to 35, dependencies updated
Internal library obfuscation reworked
Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)

Fixed

ANR issues bug-fixing

Version 14.0.1

Breaking Change, new feature

❗️Added onScreenshotDetected() - detection of screenshots, refer to the Android freeRASP integration documentation.
❗️Added onScreenRecordingDetected() - detection of screen recording, refer to the Android freeRASP integration documentation.

Improvement

Added blockScreenCapture(Activity activity, boolean enable) for FLAG_SECURE control, an active protection against screen capturing.
isScreenCaptureBlocked() - to receive whether the screen capture is blocked
Rate limiting for both screenshot and screenRecording incidents
Improved root detection capabilities

Bug Fix

Updated proguard rules to fix warnings from okhttp dependency.

Version 13.2.0

Improvement

Added request integrity information to data collection headers.
Enhanced and accelerated the data collection logic.

Version 13.0.0

New features

BREAKING CHANGE: Added onADBEnabledDetected detection feature, which allows you to detect USB debugging option enabled in the developer settings on the device. App needs to implement this new callback.

Version 12.0.0

Improvement

Refactored Magisk checks in the root detection
Internal refactoring of Malware detection feature

Bug Fix

Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver

Version 11.1.3

Bug Fix

Reported ANR issues present on some devices were resolved (GH issue #138).
Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter #140).
Reported crashes caused by the UnsupportedOperationException were resolved.

Version 11.1.1

Bug Fix

False positives in Hook detection (runtimeManipulation).

Version 11.1.0

New Feature

Added onMalwareDetected to ThreatListener.ThreatDetected interface, this is a breaking change and the onMalwareDetected has to be implemented by the integrating application.
- Important Information
  - Further details for this feature will be provided shortly with the new repositories.
  - For now, do not react to the callback, you can implement it simply by just using println().
Added the auditing of the internal execution for the future check optimization and overall security improvements.

Improvement

Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).
Refactored fetching the list of installed applications for root and hook detection.

Bug Fix

Fixed native crashes (SEGFAULT errors) in ifpip method.
Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 9.6.0

New Feature

Two new threat callbacks, onDeveloperModeDetected and onSystemVPNDetected, have been added for detecting Developer mode and System VPN.

Improvement

Updated GMS dependency to a newer version for improved performance and compatibility.
Updated CA bundle to enhance security for secure connections.

Bug Fix

Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 9.1.0

Improvement

Updated freeRASP SDK artifact hosting ensuring better stability and availability.

Version 9.0.2

Improvement

Shortened duration of threat evaluation.
Improved appIntegrity check and its logging.
Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.

Bug Fix

Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).

Version 9.0.0

Improvement

Increased the compileSdk and targetSdk in the demo application.
Updated dependencies in the demo application.

Bug Fix

Fixed issue with ProviderException (#26).

Curious about more in-depth changes for Android? Head over to our GitHub Changelog for the complete history of updates!

Version 6.11.0

New Feature

Screen capture protection obscuring app content in screenshots and screen recordings preventing unauthorized content capture. Refer to the iOS freeRASP integration documentation.

Improvement

Added externalId to put an integrator-specified custom identifier into the logs. This feature will be presented later.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.

Bug Fix

Resolved an issue that prevented Xcode tests from running correctly.
Resolved an issue with the screen recording detection.

Version 6.9.0

Improvement

Improvement of the obfuscation of the SDK

Changed

Deep signing of the OpenSSL binaries

Version 6.8.0

New feature

Enhanced security with our new Screen Capture Threat Detection, now capable of identifying screen recording, AirPlay mirroring, and screenshots to guard against unauthorized viewing. Check out the new screenshot and screenRecording callbacks.

Version 6.6.3

Maintenance

Updated SDK code signing; it will now be signed with:
- Team ID: PBDDS45LQS
- Team Name: Lynx SFT s.r.o.

Version 6.6.2

New feature

Added Serotonin jailbreak detection.

Version 6.6.1

Improvement

Renewed the signing certificate.

Version 6.6.0

New feature

Dopamine jailbreak detection.

Version 6.5.3

Improvement

Updated OpenSSL to version 3.0.14 and CURL to version 8.8.0. (Github issue #114)

Version 6.5.0

New Feature

Added request integrity information to data collection.
Significantly improved the response time from data collection service.

Version 6.4.0

New Feature

Added new threat callback systemVPN for System VPN detection.

Improvement

Passcode check is now performed periodically.
Updated the CA bundle to enhance security for secure connections.

Bug Fix

Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 6.1.2

New Feature

Added Privacy Manifest.
Added codesigning for the SDK, it is signed by:
- Team ID: ASQC376HCN,
- Team Name: AHEAD iTec, s.r.o..

Improvement

Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.
Improved obfuscation of Swift and C strings.

Bug Fix

Fixed memory leak (#13).

Curious about more in-depth changes for iOS? Head over to our GitHub Changelog for the complete history of updates!

Latest Version 7.1.0

New feature

Added interface for screenshot / screen recording blocking on iOS.

Improvements

Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.

Fixed

Issue that caused compilation errors due to unknown references.
[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 7.0.0

Added

fvm support for Flutter version management

Changed

Updated versions for example app
[Android] Breaking: Raised Kotlin version to 2.1.0
[Android] Compile API increased to 35, dependencies updated
[Android] Internal library obfuscation reworked
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries

Fixed

[Android] ANR issues bug-fixing

Version 6.12.0

New feature

Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.
Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.
Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.
Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

[Android] Raised Android CompileSDK level to 35
[Android] Monitoring is now disabled by default

Improvement

[Android] Improved root detection

Bug Fix

[Android] Proguard rules to address warnings from okhttp dependency

Version 6.11.0

Improvement

[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.

Version 6.10.0

Improvement

App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method
[Android] Malware data is now parsed on background thread to improve responsiveness.

Version 6.9.0

New features

[Android] onADBEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 6.8.0

New features and improvements

[Android] Malware detection as a new callback for enhanced app security.
[Android] Internal refactoring of Malware detection feature.
[Android] Refactoring Magisk checks in the root detection.
[iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

[iOS] Updated SDK code signing; it will now be signed with:
- Team ID: PBDDS45LQS
- Team Name: Lynx SFT s.r.o.

Bug Fix

[Android] Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver

Version 6.7.3

Improvement

[iOS] Renewed the signing certificate.

Version 6.7.2

Bug Fix

[Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 6.7.1

Bug Fix

[Android] False positives for hook detection.

Version 6.7.0

New Feature

[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] Dopamine jailbreak detection.

Improvement

Migration to declarative Gradle plugin.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).
[Android] TalsecConfig creation was migrated to a Builder pattern.
[Android] Refactored fetching the list of installed applications for root and hook detection.
[iOS] Enhanced and accelerated the data collection logic.

Bug Fix

[Android] Native crashes (SEGFAULT) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 6.6.0

New Feature

Added new threat Threat.systemVPN for VPN detection.
Added new callback onSystemVPN in ThreatCallback for handling Threat.systemVPN threat.
[Android] Added a new threat detection feature, Threat.devMode, to identify Developer mode.
[Android] Added a new callback onDevMode in ThreatCallback for handling Threat.devMode threat.

Improvement

Increased minimal Dart SDK version to 2.18.0 and minimal Flutter version to 3.3.0
Updated the CA bundle to enhance security for secure connections.
[Android] Increased the version of the GMS dependency
[iOS] Passcode check is now performed periodically.

Bug Fix

Resolved a problem in logging caused by the device’s default system locale

Version 6.5.1

Improvement

[Android] New Talsec SDK artifact hosting - better stability and availibility.

Version 6.5.0

New Feature

[iOS] Added Privacy Manifest.
[iOS] Added codesigning for the SDK, it is signed by:
- Team ID: ASQC376HCN,
- Team Name: AHEAD iTec, s.r.o..

Improvement

Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.
[Android] Improved appIntegrity check and its logging.
[iOS] Improved obfuscation of Swift and C strings.

Bug Fix

[Android] Fixed issue with disappearing threats when the app is quickly put into the background and then back to the foreground (resolves issue #91).
[Android] Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).

Version 6.4.0

Improvement

Improved reaction obfuscation.
[iOS] Improved obfuscation of the iOS SDK.
[iOS] Raised supported Xcode version to 14.3.1 .

Bug Fix

[Android] Fixed ProviderException.
Fixed typo in namespace which caused incompatibility with AGP 8.0 .

Curious about more in-depth changes for Flutter? Head over to our GitHub Changelog for the complete history of updates!

Latest Version 4.1.0

New feature

Added interface for screenshot / screen recording blocking on iOS.

Improvements

Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.

Fixed

[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 4.0.0

Changed

Android SDK requires kotlin_version >= 2.0.0
Set Java version to 17
[Android] Compile API increased to 35, dependencies updated
[Android] Internal library obfuscation reworked
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries

Fixed

[Android] ANR issues bug-fixing

Version 3.14.0

New feature

Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.
Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.
Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.
Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

[Android] Raised Android compileSDK level to 35

Improvement

[Android] Improved root detection

Fixed

Compatibility issues with RN New Architecture
[Android] Added proguard rules for malware data serialization in release mode on Android
[Android] Proguard rules to address warnings from okhttp dependency

Version 3.13.0

Improvement

[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.

Version 3.12.0

Improvement

App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.
Parsing of malware data is now async.
[Android] Malware data is now parsed on background thread to improve responsiveness.

Version 3.11.0

New features

[Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 3.10.0

New features and improvements

Added configuration fields for malware detection.
[Android] Malware detection as a new callback for enhanced app security.
[Android] Refactoring Magisk checks in the root detection.
[iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

[iOS] Updated SDK code signing; it will now be signed with:
- Team ID: PBDDS45LQS
- Team Name: Lynx SFT s.r.o.

Version 3.9.3

Improvement

[iOS] Renewed the signing certificate.

Version 3.9.2

Bug Fix

[Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 3.9.1

Bug Fix

[Android] False positives for hook detection.

Version 3.9.0

New Feature

[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] Dopamine jailbreak detection.

Improvement

Improved error messages when validation of the freeRASP configuration fails.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).
[Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
[Android] Refactored fetching the list of installed applications for root and hook detection.

Bug Fix

Fixed incorrect path to types in package.json.
[Android] Fixed native crashes (SEGFAULT errors) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 3.8.2

Improvement

Updated proguard rules to resolve build issues in RN 0.75.x.

Version 3.8.0

New Feature

Added a new threat systemVPN for VPN detection.
[Android] Added a new threat devMode for Developer mode detection.

Improvement

Updated the CA bundle to enhance security for secure connections.
[Android] Updated the GMS dependency to a newer version for improved performance and compatibility.
[iOS] Enhanced and accelerated the data collection logic.
[iOS] Passcode check is now performed periodically.

Bug Fix

Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.
[Android] Fixed proguard warning in specific versions of RN.

Version 3.7.2

Improvement

Updated expo config plugin to fix release build issue in RN 0.73.

Version 3.7.1

Improvement

[Android] Updated freeRASP SDK artifact hosting ensuring better stability and availibility.

Bug Fix

[Android] Fixed compatibility issues with RN < 0.63.

Version 3.7.0

New Feature

Added support for apps built with Expo SDK.
[iOS] Added Privacy Manifest.
[iOS] Added codesigning for the SDK, it is signed by:
- Team ID: ASQC376HCN,
- Team Name: AHEAD iTec, s.r.o..

Improvement

Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.
[Android] Shortened duration of threat evaluation.
[Android] Improved appIntegrity check and its logging.
[iOS] Improved obfuscation of Swift and C strings.

Bug Fix

[Android] Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).
[iOS] Fixed memory leak (freeRASP iOS issue #13).

Curious about more in-depth changes for React Native? Head over to our GitHub Changelog for the complete history of updates!

Latest Version 8.0.0

New feature

Added interface for screenshot / screen recording blocking on iOS.

Changed

Plugin now requires kotlin version >= 2.0.0.

Improvements

Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.

Fixed

[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 7.4.1

Changed

[Android] Compile API increased to 35, dependencies updated
[Android] Internal library obfuscation reworked
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries

Fixed

[Android] ANR issues bug-fixing

Version 7.4.0

New feature

Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.
Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.
Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.
Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

[Android] Set following required SDK versions for Android plugin:
- minSdkVersion 23
- targetSdkVersion to 35
- compileSdkVersion to 35

Improvement

[Android] Improved root detection

Fixed

[Android] Proguard rules to address warnings from okhttp dependency

Version 7.3.0

Improvement

[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.

Version 7.2.0

Improvement

App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.
Parsing of malware data is now async.
[Android] Malware data is now parsed on background thread to improve responsiveness.

Version 7.1.0

New features

[Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 7.0.0

New features and improvements

Added configuration fields for malware detection.
[Android] Malware detection as a new callback for enhanced app security.
[Android] Refactoring Magisk checks in the root detection.
[iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

BREAKING CHANGE: New dependency is required to run freeRASP; add following plugin to android/build.gradle:

plugins {
    id 'org.jetbrains.kotlin.plugin.serialization' version '1.7.10'
}

[iOS] Updated SDK code signing; it will now be signed with:
- Team ID: PBDDS45LQS
- Team Name: Lynx SFT s.r.o.

Bug Fix

[Android] Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver

Version 6.3.3

Improvement

[iOS] Renewed the signing certificate.

Version 6.3.2

Bug Fix

[Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 6.3.1

Bug Fix

[Android] False positives for hook detection.

Version 6.3.0

New Feature

[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] Dopamine jailbreak detection.

Improvement

Improved error messages when validation of the freeRASP configuration fails.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).
[Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
[Android] Refactored fetching the list of installed applications for root and hook detection.
[iOS] Enhanced and accelerated the data collection logic.

Bug Fix

[Android] Fixed native crashes (SEGFAULT errors) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 6.2.0

New Feature

Added a new threat systemVPN for VPN detection.
[Android] Added a new threat devMode for Developer mode detection.

Improvement

Updated the CA bundle to enhance security for secure connections.
[Android] Updated the GMS dependency to a newer version for improved performance and compatibility.
[iOS] Passcode check is now performed periodically.

Bug Fix

Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 6.1.3

Bug Fix

Fixed BAD_ACCESS error occurring in specific versions of cordova-ios plugin (#28).

Version 6.1.2

Bug Fix

[Android] Removed the talsec namespace that caused change of namespaces for whole app.
[iOS] Fixed issue causing app crash with lower versions of cordova-ios plugin.

Version 6.1.1

Improvement

[Android] Updated freeRASP SDK artifact hosting ensuring better stability and availibility.

Curious about more in-depth changes for Cordova? Head over to our GitHub Changelog for the complete history of updates!

Latest Version 2.1.0

New feature

Added interface for screenshot / screen recording blocking on iOS.

Improvements

Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.

Fixed

[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 2.0.0

Changed

Android SDK requires kotlin_version >= 2.0.0
[Android] Compile API increased to 35, dependencies updated
[Android] Internal library obfuscation reworked
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries

Fixed

[Android] ANR issues bug-fixing

Version 1.10.0

New feature

Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.
Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.
Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.
Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

[Android] Raised Android compileSDK level to 35
[Android] Set minifyEnabled in plugin to true implicitly

Improvement

[Android] Improved root detection

Fixed

[Android] Proguard rules to address warnings from okhttp dependency

Version 1.9.0

Improvement

[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.

Version 1.8.0

Improvement

App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.
Parsing of malware data is now async.
[Android] Malware data is now parsed on background thread to improve responsiveness.

Version 1.7.0

New features

[Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 1.6.0

New features

Added configuration fields for malware detection.
[Android] Malware detection as a new callback for enhanced app security.
[Android] Refactoring Magisk checks in the root detection.
[iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

[iOS] Updated SDK code signing; it will now be signed with:
- Team ID: PBDDS45LQS
- Team Name: Lynx SFT s.r.o.

Bug Fix

Resolved compatibilty issues with JDK 21 (issue #21)

Version 1.5.3

Improvement

[iOS] Renewed the signing certificate.

Version 1.5.2

Bug Fix

[Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 1.5.1

Bug Fix

[Android] False positives for hook detection.

Version 1.5.0

New Feature

[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] Dopamine jailbreak detection.

Improvement

Improved error messages when validation of the freeRASP configuration fails.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).
[Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
[Android] Refactored fetching the list of installed applications for root and hook detection.
[iOS] Enhanced and accelerated the data collection logic.

Bug Fix

[Android] Fixed native crashes (SEGFAULT errors) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 1.4.0

New Feature

Added a new threat systemVPN for VPN detection.
[Android] Added a new threat devMode for Developer mode detection.

Improvement

Updated the CA bundle to enhance security for secure connections.
[Android] Updated the GMS dependency to a newer version for improved performance and compatibility.
[iOS] Passcode check is now performed periodically.

Bug Fix

Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 1.3.1

Improvement

[Android] Updated freeRASP SDK artifact hosting ensuring better stability and availibility.

Version 1.3.0

New Feature

[iOS] Added Privacy Manifest.
[iOS] Added codesigning for the SDK, it is signed by:
- Team ID: ASQC376HCN,
- Team Name: AHEAD iTec, s.r.o..

Improvement

Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.
[Android] Shortened duration of threat evaluation.
[Android] Improved appIntegrity check and its logging.
[iOS] Improved obfuscation of Swift and C strings.

Bug Fix

[Android] Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).
[iOS] Fixed memory leak (freeRASP iOS issue #13)

Version 1.2.1

[Android] Fixed bug that prevented firing callbacks in specific situations.
[iOS] Fixed bug that caused app being killed in specific situations (#42).

Curious about more in-depth changes for Capacitor? Head over to our GitHub Changelog for the complete history of updates!