1 of 62

freeRASP

Introduction

Let's learn the basics about freeRASP protection.

freeRASP is a lightweight and easy-to-integrate mobile security library designed to detect potential threats during the application's runtime. It contains multiple security checks, each aimed to cover possible attack vectors to ensure a high level of application security.

What does freeRASP do?

freeRASP provides detection of potentially dangerous behaviour, including the following:

Using devices (e.g., su, Magisk, unc0ver, check1rain, Dopamine).
Reverse engineering attempts.
Running (e.g., Frida, Xposed or Shadow).
the application.
Installing the app through .
Running the app in various .
Detect fake clones and (Parallel Space)
attempts.

Advantages

Reactions to various attacks and detected security threats via an API (callback mechanism).
Simple integration.
detection.
, , USB debugging detections.
No significant effect on the app performance.
Data visualization Talsec Portal with real-time security insights, global benchmarks, and detailed analytics
Weekly security report via email indicating the security status of devices and app integrity.
Fulfills OWASP MASVS-RESILIENCE requirements.

Top apps rely on Talsec SDKs—see them here.

Limitations

Limits of Fair Usage Policy (free up to 100k devices).
Data collection from your app to Talsec DB.
Security protections:
- basic protection against root/jailbreak (including Magisk, Dopamine),
- basic runtime reverse engineering controls,
- basic runtime integrity controls.
No protection.

Learn more about the limitations of freeRASP here.

Talsec Portal

Access real-time security insights, global benchmarks, and detailed analytics!

📊 Real-Time Threat Monitoring: Gain insights into threat counts, types, and occurrences over time.
📈 Global Benchmarking: Benchmark your app's security against global statistics.
📚 Stay informed: Read the latest articles and documentation on app security best practices.

Learn more about the Talsec Portal here.

Workflow scheme

Supported platforms

freeRASP is currently supported for:

Android
iOS
Flutter
React Native
Cordova
Capacitor
Unity
Unreal Engine

freeRASP is currently tested and compatible with:

🤖 Android smartphones, tablets, emulators, Android TVs
🍎 iPhones, iPads, simulators

Discover freeRASP

Integration

The general flow of the integration can be decomposed into the following steps:

Conforming to the prerequisites, e.g. setting up Android minSdkVersion.
Adding the dependency.
Setting up the configuration for the application, e.g. package name or whether it is production or not (see #Dev vs. Release version).
Handling the detected threats (callbacks).
Starting the SDK.
Enabling the source code obfuscation.
Registering in Data Visualisation Portal to see the data from your apps and compare it to global statistics.
Become familiar with User Data Policies and License.
Looking at , to provide an additional layer of protection by detecting malware or suspicious applications.
Looking at Features and Pricing Plans if you are interested in more advanced solutions to protect your application and business.
Reading through Wiki and FAQ, if you are interested in more detailed information about internal workings.

Dev vs. Release version

The Dev version is intended for development purposes. It allows you to work on your app without interference from security features that could disrupt the process, e.g. if you would implement killing of the application on the debugger callback.

The Release version is meant for production and must always be used for your published app. It enables all security protections provided by freeRASP.

To configure this, set the isProd flag in freeRASP:

Release: isProd = true
Dev: isProd = false

⚠️Dev version disables some detections which won't be triggered during the development process:

Emulator/Simulator
Debugging
Tampering/Repackaging
Unofficial store/source
Obfuscation issues
Developer mode
ADB Enabled

Make sure that you use the Release version for the production.

Choose the Appropriate Version to Continue Integration

Choose the relevant section based on your app development platform:

API

Description of the freeRASP API

Variables

`TalsecConfig`

Specifies configuration for your app. See the table below for a detailed description of the attributes.

field

type

description

sample value

Classes

`public class ThreatListener`

Constructor

public ThreatListener(@NonNull ThreatDetected threatsCallback, @Nullable DeviceState deviceStateCallback, @Nullable RaspExecutionState raspExecutionCallback)

Listener for the threats detected by freeRASP

Methods

public void registerListener(@NonNull Context context)

Registers your reactions to detected threats with freeRASP.

public void unregisterListener(@NonNull Context context)

Unregisters the reactions to detected threats.

public final class Talsec

Methods

public static void start(@NonNull Context context, @NonNull TalsecConfig config, @Nullable TalsecMode mode)

The method used to start freeRASP's functionality. TalsecMode is an optional parameter that can be used to force the execution of freeRASP in FOREGROUND / BACKGROUND thread (default value is TalsecMode.BACKGROUND).

public static void blockScreenCapture(@NonNull Activity activity, boolean enable)

The method used to block/unblock screen capture.

public static void isScreenCaptureBlocked()

The method used to know the state of screen capture blocking whether blocked or not.

Interfaces

`public interface ThreatDetected`

Sends callbacks to your app when a threat is detected. Read more about the meaning of the callbacks in the .

Methods:

void onRootDetected()
void onDebuggerDetected()
void onEmulatorDetected()
void onTamperDetected()
void onUntrustedInstallationSourceDetected()
void onHookDetected()
void onDeviceBindingDetected()
void onObfuscationIssuesDetected()
void onScreenshotDetected()
void onScreenRecordingDetected()
void onMultiInstanceDetected()
void onLocationSpoofingDetected()
void onTimeSpoofingDetected()
void onUnsecureWifiDetected()
void onMalwareDetected(@NonNull List<SuspiciousAppInfo> suspiciousApps)

`public interface DeviceState`

Provides device state listener to get additional information about device state. Read more about the meaning of the device state listeners in the .

Methods:

void onUnlockedDeviceDetected()
void onHardwareBackedKeystoreNotAvailableDetected()
void onDeveloperModeDetected()
void onADBEnabledDetected()
void onSystemVPNDetected()

`public interface RaspExecutionState`

A class which represents a set of callbacks that are used to notify the application when state of executing RASP checks changes.

Methods:

void onAllChecksFinished()

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007aa9f06888: Failure in SSL library, usually a protocol error

Reason:

Conflicts between one of our device binding detection controls and TLS/SSL, using AndroidKeyStore

Solution:

We've created a special version in which the device binding is disabled. Please, use the following dependency:

For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.

iOS

Example:

📦 Add the dependency

From GitHub, Copy into your Application folder.
Drag & drop the Talsec folder to your .xcworkspace.
Add TalsecRuntime framework to Target > Build Phases > Link Binary With Libraries.
In the General > Frameworks, Libraries, and Embedded Content choose Embed & Sign.

Note: In case you are using Carthage, the zipped version of the framework is included in the .

⚙️ Setup the Configuration for your App

To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided .

In the AppDelegate import TalsecRuntime and add the following code (e.g., in the didFinishLaunchingWithOptions method.:

It does not have to be AppDelegate, it can be anywhere. However, the recommended approach is to start the SDK as soon as possible.

👷 Handle detected threats

You can handle the detected events using handlers. For example, you can log the event, show a window to the user or kill the application. See the to learn more details about the performed checks and their importance for app security.

Anywhere in your project (e.g. in AppDelegate), add the following code as an extension:
Use the code above for handling these types of events:

📱(Optionally) Add screenshot and screen capture blocking

To utilize active screen shot and screen capture (e.g. mirroring, screen recording) protection, you can use Talsec.blockScreenCapture(enable: Bool, window: UIWindow) with specific UIWindow on which it should be blocked. To receive whether the screen capture is blocked in the specific UIWindow, you can use the Talsec.isScreenCaptureBlocked(in window: UIWindow). For more details about all these screen capture methods, see .

🛡️ Start freeRASP

Invoke the following method right after setting up the TalsecConfig in previous steps.

For the version you’re integrating, you can find the specific dSYMs for debugging in .

API

Description of the freeRASP API

Variables

`TalsecConfig`

Specifies configuration for your app. See the table below for detailed description of the attributes.

field

type

description

sample value

appBundleIds

[String]

List of Bundle IDs for the app

["com.talsec.freerasp.demoapp"]

appTeamId

String

Apple Team ID for the signing of the app

"M8AK35..."

watcherMailAddress

String?

The value is automatically used for Security Reports, Product Updates, and Talsec Portal updates, .

Mail has a strict form '[email protected]'.

"[email protected]"

isProd

Bool?

Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!

true

Classes

`public class Talsec`

Methods

public static func start(config: TalsecRuntime.TalsecConfig)

The method used to start freeRASP's audit.

public static func blockScreenCapture(enable: Bool, window: UIWindow)

The method blocks the screen capture in specific UIWindow.

public static func isScreenCaptureBlocked(in window: UIWindow) -> Bool

The method returns whether the screen capture is blocked in specific UIWindow.

public static func storeExternalId(externalId: String)

The method stores an externalId into the logs for data collection.

Protocols

`public protocol SecurityThreatHandler`

Methods

func threatDetected(_ securityThreat: TalsecRuntime.SecurityThreat)

Notifier about detected threats.

`public protocol TalsecRuntume.RaspExecutionState`

Methods

func onAllChecksFinished()

Notifier about finished threats

Enums

`public enum SecurityThreat : String, Codable, CaseIterable, Equatable`

Provides all types of threats detected by freeRASP. Read more about the meaning of the threats in the .

Cases

signature
jailbreak
debugger
runtimeManipulation
passcode
simulator
missingSecureEnclave
systemVPN
deviceChange
deviceID
unofficialStore
screenshot
screenRecording

Troubleshooting

See the most frequent issues occurring during integration.

Currently, there are no commonly present issues solely for the Native iOS development platform. For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.

FlutterFlow

This page provides you with all the necessary information about for . Please read it carefully. If you have a question, don't hesitate to .

📦 Install the plugin

In this section, you will implement the imported freeRASP Action.

On your app's initial page, navigate to the UI Builder.
On the right panel, click on Actions.
In the Action Flow Editor box, click Open.
In the newly opened window, click on On Page Load at the top.
Click Add Action (or + and then Add Action, if you already have an Action).
On the right panel, search for the runRASP Custom Action.
Select the runRASP Action.

In the Set Function Arguments section, you will find the configuration-related arguments and several "onX" arguments. More about reactions in the .

⚙️ Setup the Configuration for your App

The freeRASP Action requires several arguments to be filled to function. Some data are related to specific platforms.

If you are developing the application exclusively for one platform, you can omit the configuration part related to the other platform. If you don't want to provide configuration to an unrelated platform, provide an empty string:

Click the orange variable icon next to the Value label
Scroll down to Constants
Click Constant to expand the dropdown menu
Select Empty String

Configuration parameters

watcherMail

watcherMail is an email address designated for receiving security reports. Ensure that the email address follows the strict [email protected] format.

isProd

isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this .

[Android] packageName

packageName is a unique identifier for your Android application.

You can find the packageName value for your application in FlutterFlow settings:

Navigate to Settings and Integrations.
Locate and select App Details.
In the textbox labelled Package Name, you will find the package name associated with your application.

Do NOT use solutions such as to provide the value of the package name! The package name has to be hardcoded.

[Android] signingCertHash

signingCertHash is a hash of the certificate of the key which was used to sign the application. The value of the hash must be encoded in Base64 form.

More about signing hash and how to obtain it in .

[Android] supportedStore (optional)

supportedStore is a third-party app store to which your application is uploaded. By including this store, freeRASP considers it as trusted source.

To add a store, add the package name of the store to the supportedStore list.

Google Play store and Huawei AppGallery are supported out of the box. You don't need to add them.

[iOS] bundleId

bundleId is a unique identifier for your iOS application.

More about bundle ID and how to obtain one: .

[iOS] teamId

teamId is a unique identifier assigned to a development team enrolled in the Apple Developer Program.

You can find your teamId on the Apple Developer portal:

Go to the website: .
Log in using the account that is used to sign and release your app.
Scroll down to the Membership details section.
Look for the line labelled "Team ID" - the value of your team will be displayed there.

👷 Handle detected threats

The freeRASP Action offers multiple callbacks for handling threats. A callback is an that gets triggered when a threat is detected.

To implement callback:

Open Action Flow Editor with runRASP action.
Open one of the dropdown menus labelled "onX" on the right panel (X for a given type of reaction, for example, onAppIntegrity)
In the Action Flow Editor box, click on Open.
Implement your reaction.

Visit to learn more details about the performed checks and their importance for app security.

Limitations

Limited configuration

freeRASP for Flutter allows you to define multiple values for:

Signing certificate hash
Supported app store
Bundle ID

Due to FlutterFlow's limitations, the current implementation of freeRASP for FlutterFlow only allows you to specify a single value for each of these attributes. If want to provide more values, you can download the code and adjust those parameters manually (see )

Mobile support only

Currently, freeRASP supports only Android and iOS. When running the application in the FlutterFlow web client, freeRASP will not be initialized.

[Android] Minimal SDK level

The minimum required Android SDK level for freeRASP is 23. FlutterFlow applications have a minimum SDK level of 21 by default.

This creates some restrictions:

Deploying the application from the FlutterFlow web client is not possible.
Downloading the APK from the FlutterFlow web client is not supported.

To overcome these limitations, we recommend following these steps:

Download the code.
Manually raise the SDK level in the build.gradle file to 23.
Deploy the application using Google Play Console.

Raising SDK version

From the root of your project, go to android > app > build.gradle
In defaultConfig update minSdkVersion to at least 23 (Android 6.0) or higher

🖥️ Check Talsec Portal

Check out and register using your watcherMail to see your data. If you integrated the SDK successfully, the application will be present after a few hours. The visualisations will be active later due to the bucketing mechanism.

You have to use the same email for the Portal as you used for the watcherMail parameter.

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

General

Upgrading from freeRASP 4.x.x or earlier

Please remove the old TalsecRuntime.xcframework and integration script from your project:

Go to your project's ios folder
Open Runner.xcworkspace in Xcode
On the top bar, select Product -> Scheme -> Edit Scheme...
On the left side, select Build -> Pre-actions
Find the integration script and click the trash icon on the right side to remove it
Open the .flutter-plugins (in the root folder of the app), and get the address where the freerasp is installed.
Go to the given folder, and remove the freerasp folder file.
Delete the .symlinks folder from the project.
Run pub get
Run pod install to test it

Otherwise, no further setup is required.

Note: You need Xcode 15 to be able to build the application.

Android Devices

Could not find ... dependency issue

Solution: Add dependency manually (see issue).

In android -> app -> build.gradle add these dependencies

dependencies {
    ...
    // Talsec dependency
    implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Flutter:<version>'
}

Code throws java.lang.UnsatisfiedLinkError: No implementation found for... exception when building APK

Solution: The Android version of freeRASP is already obfuscated.

Add this rule to your proguard-rules.pro file:

-keepclasseswithmembernames,includedescriptorclasses class * {
native ;
}

APK size increased a lot after implementation of freeRASP

Solution: In android/app/src/AndroidManifest.xml add attribute into application tag:

android:extractNativeLibs="true"

The updated tag might look like this:

<application
    android:label="freerasp_example"
    android:icon="@mipmap/ic_launcher"
    android:extractNativeLibs="true">

As pointed out in this issue comment, setting extractNativeLibs to true removes native libraries from the final APK, resulting in a smaller size. Conversely, setting it to false keeps the libraries uncompressed and stored within the APK, which increases the APK size but might allow the application to load faster because the libraries are loaded directly at runtime.

iOS Devices

Unable to build release for simulator in Xcode (errors)

Solution: The simulator does not support the release build of Flutter - more about it here. Use a real device in order to build the app in release mode.

MissingPluginException occurs on hot restart

Solution: Technical limitation of Flutter - more about it here. Use command flutter run to launch the app (i.e. run the app from scratch).

For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

Expo

freeRASP for React Native is a bare React Native plugin. When installing freeRASP into a project that uses Expo SDK, there may be extra configuration needed.

To integrate freeRASP into the Expo projects, follow the instructions for React Native. After that, continue on this page.

We provide a plugin config that sets up the dependencies of freeRASP without the need to eject the Expo project. It is recommended to use the plugin config. However, manual setup is also possible.

Plugin config setup

Add the plugin config to your app.json and specify the minSdkVersion (use at least 23). Additionally, if you are using Expo 50, increase the version of R8 above 8.2 with the R8Version property .

Manual setup

Increase minSdkVersion
This can be done in two ways:
- update the minSdkVersion property directly in android/build.gradle, or
- use expo-build-properties plugin, which updates the property in the prebuild phase. .
Add maven dependency
1. open android/build.gradle (if you don't see the android folder, run npx expo prebuild -p android in terminal to create it)
2. add the following dependency under allprojects > repositories:
3. if not already configured, add also:

API

Description of the freeRASP API

Types

`TalsecConfig`

Specifies configuration for your app. See the table below for detailed description of the attributes.

field

type

description

sample value

`AndroidConfig`

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field

type

description

sample value

`IOSConfig`

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field

type

description

sample value

`NativeEventEmitterActions`

Specifies a set of callbacks that are used to notify the application when certain security threat is detected.

Actions

threat

type

Android

iOS

Hooks

`const useFreeRasp = (config: TalsecConfig, actions: NativeEventEmitterActions)`

React Custom Hook responsible for starting freeRASP and setting up listeners

Methods

`const setThreatListeners = async (config: NativeEventEmitterActions): void`

Sets up listeners for detected threats

`const talsecStart = async (options: TalsecConfig): Promise<string>`

Method is used to start freeRASP's audit. Returns 'freeRASP started'string when successful.

`const removeThreatListeners = async (): void`

Unregisters threat listeners. Should be called only when the app is being terminated.

`const blockScreenCapture = async (enable: boolean): Promise`<string>

`const isScreenCaptureBlocked = async (): Promise`<boolean>

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

General

Could not determine the dependencies of task ':freerasp-react-native:compileDebugAidl'

Solution:

In package.json, update react-native to a higher patch version and run npm install (or yarn install).

See this issue to find out which patch version is relevant for you.

Invalid hook call. Hooks can only be called inside of the body of a function component.

Reason: The useFreeRasp Hook cannot be called inside useEffect.

Solution:

If you want to initialize freeRASP inside useEffect, you have to handle the initialization on your own. Such inititialization would look like this:

import {
  setThreatListeners,
  talsecStart,
  removeThreatListeners,
} from 'freerasp-react-native';

...

useEffect(() => {
  setThreatListeners(actions);
  talsecStart(config);

  return () => {
    removeThreatListeners();
  };
}, []);

Where actions, config are objects described in the integration guide.

Android Devices

Execution failed for task ':freerasp-react-native:minifyReleaseWithR8'.

Sealed classes are not supported as program classes when generating class files.

Reason: Kotlin sealed classes are not supported in AGP 8.1 used by some versions of RN (currently 0.73.x)

Solution: Follow this comment on Google Issue Tracker, which also contains additional information about the issue.

iOS Devices

Unsupported Swift architecture

Reason: The arm64 macro is not set under Rosetta.

Solution: Go to <your_project>/node_modules/freerasp-react-native/ios/TalsecRuntime.xcframework/ios-arm64/TalsecRuntime.framework/Headers/TalsecRuntime-Swift.h and move the following code (lines 4 and 5 in the file) to the top of the file:

#ifndef TALSECRUNTIME_SWIFT_H
#define TALSECRUNTIME_SWIFT_H

For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

Troubleshooting

See the most frequent issues occurring during integration.

The most frequent issues occurring during integration:

ReferenceError: TalsecPlugin is not defined

Reason:

Cordova Angular cannot find the talsec object.

Solution:

Add the following line below imports: declare var talsec: any;

For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.

API

Description of the freeRASP API

Types

`FreeraspConfig`

Specifies configuration for your app. See the table below for detailed description of the attributes.

field

type

description

sample value

`AndroidConfig`

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field

type

description

sample value

`IOSConfig`

Specifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.

field

type

description

sample value

`NativeEventEmitterActions`

Specifies a set of callbacks that are used to notify the application when certain security threat is detected.

Actions

threat

type

Android

iOS

Methods

`const startFreeRASP = async (config: FreeraspConfig, reactions:` NativeEventEmitterActions`): Promise<bool>`

Method is used to start freeRASP's audit and set up listeners for threats. Returns true when successful.

`const removeThreatListeners = (): void`

Unregisters threat listeners. Should be called only when the app is being terminated.

`const blockScreenCapture = async (enable: boolean): Promise`<boolean>

`const isScreenCaptureBlocked = async (): Promise`<boolean>

Troubleshooting

See the most frequent issues occurring during integration.

Currently, there are no commonly present issues solely for the Capacitor development platform. For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

The Key Differences: freeRASP vs. RASP+

If you want to learn about the differences between freeRASP and BusinessRASP+, you’re in the right place. On this page, we’ll explore the key features and benefits of each option, compare their functionalities, and highlight how the BusinessRASP+ subscription can offer enhanced capabilities and support compared to the freeRASP plan. By the end, you’ll have a clear understanding of which solution best meets your needs and how to make the most of it.

What are the advantages of the commercial Talsec SDK subscription plans compared to freeRASP?

freeRASP is a freemium product, which means there are . For using freeRASP, please refer to the .

and are premium products with a subscription model (which includes SW licenses, SLA, maintenance updates, and more) for SDKs. It is not SaaS, which means we don't introduce any dependency on third-party web services for your mobile solution.

Talsec doesn't collect any customer data within RASP+, while freeRASP SDK sends the diagnostical information to Talsec servers to provide clients with regular security reports and improve the product. You should consider adding Talsec to the list of Data Processors in case of freeRASP usage.

Top 10 Advantages of Talsec RASP+ Business Subscription Over freeRASP

Here are the top 10 benefits of choosing a Talsec RASP+ Business subscription, which includes an SDK license, SLA, and additional services, compared to the freeRASP option.

Bypass Protection

As a result, an app protected by freeRASP is less likely to pass a professional penetration test, as an experienced pentester would be able to bypass it more easily.

Device data collection by Talsec

Premium customers benefit from full control over telemetry and logging endpoints. I.e., Customers can use in-house or managed services like Elastic Cloud to collect mobile threat logs and set up Monitoring events for severe threats.

freeRASP SDK sends data to a Talsec-managed cloud DB (AWS in the USA) for product improvements, anomaly detection, freeRASP client reporting, and aggregated data analytics.

Better Resilience of API Callbacks

The RASP+ binary SDK is built individually with bindings to app-specific data (such as signing certificate hash, package name, team ID, etc.), making it unique to each application. In contrast, the freeRASP SDK is a generic binary used by all users, which can be more easily recognized by attackers. As a result, an app protected by freeRASP is less likely to pass a professional penetration test, as an experienced pentester could bypass it more easily.

AppiCrypt

AppiCrypt is our innovation and extremely powerful RASP hardening from the back-end that implements the concept of zero-trust for the apps world (app/device integrity control at the API gateway level). It is somewhat similar to a JWT verification for user authentication but AppiCrypt verifies that the request is generated by the legit and non-compromised app.

For more information, click . The detailed whitepaper is available .

Additional controls

In RASP+, there are additional controls compared to freeRASP, including:

UI Overlay attack protection.
Accessibility service misuse protection.
Google Play Services or Huawei Services control.
: Strings obfuscation and encryption, aka vaulting within RASP SDK (good for hiding API keys, endpoints, URLs).
VPN detection/prevention.

Dynamic TLS pinning

Business subscription includes SDK, which helps avoid the need to republish the app in case of certificate expiration or root certificate updates.

Self-care tools

Self-Care Tools for Remote SDK Configuration enable users to handle SDK configuration and management on their own, remotely. This functionality allows for seamless adjustments and updates, giving users greater control over their SDK settings.

New upcoming features

Stay tuned for the addition of new features, such as Remote Screen Control, Screen-cast detection, and Screen Mirroring detection.

In the mid-term plan, we will be introducing several new features to further enhance security:

App Enrollment for Mutual TLS SDK.
Voluntary Data Encryption/Decryption: Protect locally stored user data and app assets, such as ML models, with optional encryption and decryption.
Simple Application Layer E2E Encryption: Implement end-to-end encryption at the application layer to protect against Man-in-the-Middle (MiTM) attacks and unauthorized access by malicious administrators. This feature combats traffic data sniffing on the server side, especially behind a TLS API gateway or in server logs.
Advanced E2E Encryption and App Enrollment SDK + Google AppCheck: Strengthen your app's security with advanced end-to-end encryption, enhanced app enrollment SDK, and Google AppCheck, which binds secrets to the client app instance.

Automated App pentesting

Typically, our subscription package includes a free, one-time automated app scanning or pentesting. This service is useful for generic validation of OWASP compliance and preparing your app for external pentesting.

Service Level Agreement

With the BusinessRASP+ subscription, you receive an SLA that covers support and maintenance updates.

For any questions, please refer to our or schedule a call with us by choosing a time slot on .

Data Visualisation Portal

Weekly security status check of your application

🖥️ Talsec Portal - Learn Your Security Posture, Detect Threats, and Benchmark Your App

Access real-time security insights, global benchmarks, and detailed analytics!

Talsec Portal is a centralized dashboard that visualizes the security data collected by freeRASP from your app, giving you real-time insights into threats, incidents, and benchmarks—so if you're using freeRASP, this is where your app's security intelligence lives.

📊 Real-Time Threat Monitoring: Gain insights into threat counts, types, and occurrences over time.
📈 Global Benchmarking: Benchmark your app's security against global statistics.
📚 Stay informed: Read the latest articles and documentation on app security best practices.

Watch the Demo

✨ Features

🛡️ Security incidents

Details about incidents:

Tampered apps and clones
Reverse Engineering - Debug
Reverse Engineering - Hooks
Root or Jailbreak
Unofficial store
Emulator/Simulator

📱 Device info

Details about devices:

OS version
Screen lock
Biometrics
Hardware-backed Keystore

🧾 Activity log

Real-time activity logs from the application, showing ongoing threats.

🔑 Access

🚀 Initial Steps

Visit the Talsec Portal.
Run through the onboarding wizard and explore demo data.
Discover insights using demo applications and global security statistics.

🔐 Accessing Your Account

Click on Login, then Sign Up.
Use the email address (watcherMail) associated with your TalsecConfig.
Create an Organization.

Now, you can view data for your applications. You can invite other users to your organization to see your data (see Organization Settings). The users can also add their applications to your organization to share their data.

Got any questions regarding the Talsec Portal? Feel free to reach out! You can use the chatbot on the Portal or write to us at [email protected].

Wiki

Welcome to the freeRASP wiki page!

This page provides additional information about the product. The main goal is to present clear and easily accessible content that will help you better understand freeRASP. We hope you find it helpful and informative.

What will you find on this Wiki page?

How to .
Details on .
Information about .
Overview of .

We encourage you to explore the different sections of this wiki to gain a more comprehensive understanding of the freeRASP product and its features. If you have any questions or need further assistance, please feel free to reach out to our support team at [email protected].

Getting Signing Certificate Hash

This guide provides step-by-step instructions for getting the Base64-encoded signing certificate hash for your Talsec configuration.

What is Signing Certificate Hash?

All Android apps must be signed with a digital certificate before installation. The signing certificate SHA-256 hash in Base64 form - which we'll refer to as the hash for short, also known as a fingerprint -is the certificate's unique identifier, crucial for security and integrity. The Talsec SDK uses this hash for app tampering detection.

What the Signing Certificate Hash Guarantees?

The hash guarantees that:

The app's origin is verified, preventing malicious actors from distributing fake or modified versions.
Only the original developer can provide updates, ensuring a secure upgrade path.
Third-party services and APIs can authenticate the app before granting access.

Choose Your Signing Method

The first step is to determine which app signing method you're using.

If you're using Google Play App Signing, a very common practice for Android App Bundles (AAB) distribution, your upload key and distribution key are distinct. So, be sure to use the app signing certificate key from the Google Play Console. Proceed with the Google Play App Signing Method.

If you're managing your own signing key (Manual App Signing), you'll need to generate the hash yourself from your keystore, proceed with the Manual App Signing Method.

Continue with the method that matches your signing process ➡️

Google Play App Signing Method

Google manages your app’s signing key and uses it to sign your application.

Watch the video walkthrough or continue with the step-by-step guide below:

Step 1: Find SHA-256 Hash in Google Play Console

To retrieve the SHA-256 hash in Google Play Console, follow these steps:

Open your app and navigate to Test and release > App integrity > Play app signing. Click on "Settings":

Under App signing key certificate, locate the "SHA-256 certificate fingerprint" (fingerprint = hash):

An example SHA-256 hash looks like this:

88:8c:7f:02:d6:2e:ed:3a:53:bb:9c:a6:6b:82:5c:0d:78:a8:e5:b6:b2:11:28:bc:f5:ac:67:c8:e0:a3:7c:5a

You'll need this value for the next step.

Step 2: Convert the SHA-256 Hash to Base64 Format

Convert the hash to Base64 format, as the SDK requires it in this format. Follow the steps in this section ➡️

Manual App Signing Method

You sign your Android application (APK) yourself using a private key that's stored in a keystore.

Step 1: Use Your Release Keystore to Get the SHA-256 Hash

A common mistake is using the wrong signing key, which will cause the Talsec SDK to flag your app as a security risk. To avoid this, you must use the keystore that signs your app for public release.

Here’s the difference:

Debug Keystore: Created automatically by Android Studio. DO NOT USE THIS ONE. It is insecure and only for development purposes.
Release Keystore: The secure keystore you create and manage. USE THIS ONE. It's what permanently ties your app to you as the developer.

If you haven't created a release keystore yet, the will walk you through the process.

Step 2: Retrieve SHA-256 Hash

You can use tools like keytool or apksigner to retrieve certificate details, including the SHA-256 hash. Choose whichever is most convenient: get the hash from your signed release APK or directly from your release keystore:

Alternative approach if you have a keystore file (.jks or .keystore)

-keystore <path_to_your_keystore_file>: Specifies the full path to your keystore file. Replace <path_to_your_keystore_file> with the actual location of your .jks or .keystore file.
-alias <your_alias_name>: Specifies the alias for the specific key you want to inspect within the keystore. Replace <your_alias_name> with the alias you created for your release key.

Example:

This command will output the certificate details, including the SHA-256 hash, which will look something like this:

You'll need this value for the next step.

Step 3: Convert the SHA-256 Hash to Base64 Format

Convert the hash to Base64 format, as the SDK requires it in this format. Follow the steps in ➡️

Result: Convert the SHA-256 Hash to Base64 Format

Step 1: Convert to Base64

To convert the hash to Base64 form, use an online tool like :

After conversion, you'll receive a final Base64 string like this:

Alternative approach using a command-line

This command removes colons from a SHA-256 string, then converts the hexadecimal output to a Base64-encoded binary string for Talsec's configuration.

This command will output the final Base64 string:

iIx/AtYu7TpAu5cma4JdDXio5bayFSi89axnyOCjfFo=

Step 2: Use resulting string in your Talsec configuration ✅

Your work here is done. Insert it into your Talsec configuration.

Example of a Talsec freeRASP configuration in Flutter with the resulting string:

Threat Detection

freeRASP performs several security checks to detect potential threats during runtime, each targeting specific attack vectors. Developers and business owners can determine the appropriate response to these incidents, whether by terminating the application, alerting the user, logging the incident details, or choosing to ignore it.

For a detailed explanation of each security check and guidance on selecting an appropriate response, please refer to the individual threat descriptions in the subsections. Remember, the ideal response will depend on your application's specific security needs and use cases.

Sections

[Android devices only]
(Keystore/Keychain secure storage check)
[Android devices only]
[Android devices only]
(Screenshot and screen recording detection, block screenshot capture)
[Android devices only]

Detecting rooted or jailbroken devices

Rooting/jailbreaking is a technique of acquiring privileged control over the operating system of an Android/iOS device. While most users root their devices to overcome the limitations put on the devices by the manufacturers, it also enables those with malicious intent to abuse privileged access and steal sensitive information. Many different attack vectors require privileged access to be performed. Tools such as Magisk, Shamiko, Shad0w or Dopamine can hide privileged access and are often used by attackers.

Learn more about the root detection and jailbreak detection.

Learn more about and detection in our glossary.

freeRASP uses various checks to detect whether the device is rooted or jailbroken. It detects not only rooted/jailbroken devices but also looks for the presence of their hiders (e.g., Magisk Hide, Shamiko, Shad0w, Dopamine).

From our data, around 0.5% - 1% of devices have traces of rooting and jailbreaking. Keep that in mind when choosing the appropriate reaction type.

Below are code snippets demonstrating root and jailbreak detection across various platforms:

// Root detection on Android
override fun onRootDetected() {
    TODO("Not yet implemented")
}

// iOS jailbreaking detection
case jailbreak

// Flutter root and jailbreak detection
onPrivilegedAccess: () => print("Privileged access")

// Cordova root and jailbreak detection
privilegedAccess: () => {
    // Place your reaction here
}

// React Native root and jailbreak detection
privilegedAccess: () => {
    // Place your reaction here
}

// Capacitor root and jailbreak detection
privilegedAccess: () => {
    // Place your reaction here
}

Recommended action: Notify users that their device is insecure and log the event on your BE. Some of the applications (mostly banking) are often even killed upon the detection of this threat.

Emulator detection

Running an application inside an emulator/simulator allows an attacker to hook or trace program execution. For applications running inside an emulator, it is easy to inspect the system's state, reset it to a saved image, or monitor how the app operates. Keep in mind that not every emulator/simulator usage means an ongoing potential threat for the application.

Below are code snippets demonstrating emulator detection across various platforms:

// Android emulator check
override fun onEmulatorDetected() {
    TODO("Not yet implemented")
}

// iOS simulator detection
case simulator

// Flutter emulator and simulator detection
onSimulator: () => print("Simulator")

// Cordova emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

// React Native emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

// Capacitor emulator and simulator detection
simulator: () => {
    // Place your reaction here
}

Recommended action: Notify users that their device is insecure and log the event on your BE. Some of the applications (mostly banking) are often even killed upon the detection of this threat.

Hook detection

The application can be analysed or modified even though its source code has not been changed, applying a technique known as hooking. This technique can be used to intercept system or application calls and then modify them. An attacker can exploit this by inserting new (often malicious) code or by altering existing one to obtain personal client data. The most well-known hooking frameworks are Frida, Xposed, or Cydia Substrate.

Learn more about in our glossary.

Below are code snippets demonstrating hook detection across various platforms:

// Android hook check
override fun onHookDetected() {
    TODO("Not yet implemented")
}

// iOS hook detection
case runtimeManipulation

// Flutter hook and runtime manipulation detection
onHooks: () => print("Hooks")

// Cordova hook and runtime manipulation detection
hooks: () => {
    // Place your reaction here
}

// React Native hook and runtime manipulation detection
hooks: () => {
    // Place your reaction here
}

// Capacitor hook and runtime manipulation detection
hooks: () => {
    // Place your reaction here
}

Recommended action: Notify users that their device or app is insecure and log the event on your BE. In some cases, it is recommended to even kill the application.

App tampering detection

Every application can be easily modified and then resigned by an attacker. This process is known as application repackaging. There may be many reasons for application repackaging, whether it's adding new code, removing app protections, or bypassing app licensing. A modified/tampered application is often distributed using third-party stores or other side channels.

Talsec uses various checks to detect whether the application was tampered (e.g., changed package name, signing hash).

Make sure that you have integrated Talsec correctly (e.g., signing certificate hash). Otherwise, this check might be triggered very often.

Below are code snippets demonstrating app tampering detection across various platforms:

Recommended action: Kill the application.

Debugger detection

While most developers use debuggers to trace the flow of their program during its execution same tool can be attached to an application in an attempt to reverse engineer, check memory values, and steal confidential information. This method looks for specific flags to determine whether the debugger is active and offers the option to disable it.

Below are code snippets demonstrating debugger detection across various platforms:

// Android debugger detection
override fun onDebuggerDetected() {
    TODO("Not yet implemented")
}

// iOS debugger detection
case debugger

// Flutter
onDebug: () => print("Debugging")

// Cordova
debug: () => {
    // Place your reaction here 
}

// React Native
debug: () => {
    // Place your reaction here 
}

// Capacitor
debug: () => {
    // Place your reaction here 
}

Recommended action: Kill the application.

Device binding detection

Device binding is attaching an application instance to a particular mobile device. This method detects a transfer of an application instance to another device. A new install of the application (e.g. in case of buying a new device and transfer the apps) is not detected.

The deviceID detects, whether the has been changed. It is triggered after reinstallation of the application if there are no other applications from the same vendor installed. The value can also change when installing test builds using Xcode or when installing an app on a device using ad-hoc distribution.

Below are code snippets demonstrating device binding detection across various platforms:

Recommended action: Log the event on your BE and react to it if you need to have an instance attached to a particular mobile device (e.g., activation scenarios); otherwise you can ignore it.

Missing obfuscation detection [Android devices only]

The freeRASP SDK contains public API, so the integration process is as simple as possible. Unfortunately, this public API also creates opportunities for the attacker to interrupt freeRASP SDK operations or modify the custom code in threat callbacks. All internal freeRASP classes are already obfuscated, so it is simple to distinguish freeRASP sources from the rest of the application code during the static analysis. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also to make it partially randomized for each application so it cannot be automatically abused by generic hooking scripts.

Please follow the integration guide of your platform for more information about how to obfuscate the app.

Below are code snippets demonstrating missing obfuscation detection across various platforms:

// Android
override fun onObfuscationIssuesDetected() {
    TODO("Not yet implemented")
}

// Flutter
onObfuscationIssues: () => print("Obfuscation issues")

// Cordova
obfuscationIssues: () => {
    // Place your reaction here
},

// React Native
obfuscationIssues: () => {
    // Place your reaction here
},

// Capacitor
obfuscationIssues: () => {
    // Place your reaction here
},

Recommended action: Use this callback during the development process to ensure that the app is obfuscated.

Secure Hardware detection (Keystore/Keychain secure storage check)

The Secure Enclave and the Android Keystore system make it very difficult to decrypt sensitive data without physical access to the device. In that order, these keys need to be stored securely. freeRASP checks if the keys reside inside secure hardware.

Below are code snippets demonstrating missing hardware detection across various platforms:

// Android Keystore
override fun onHardwareBackedKeystoreNotAvailableDetected() {
    TODO("Not yet implemented")
}

// iOS Secure Enclave
case missingSecureEnclave

// Flutter HW backed keystore not available and missing secure enclave detection
onSecureHardwareNotAvailable: () => print("Secure hardware not available")

// Cordova HW backed keystore not available and missing secure enclave detection
secureHardwareNotAvailable: () => {
    // Place your reaction here
}

// React Native HW backed keystore not available and missing secure enclave detection
secureHardwareNotAvailable: () => {
    // Place your reaction here
}

// Capacitor HW backed keystore not available and missing secure enclave detection
secureHardwareNotAvailable: () => {
    // Place your reaction here
}

Recommended action: Ignore the callback or log the event to your BE.

Passcode

Saving any sensitive data on a device without a lock / passcode makes them more prone to theft. With no user authentification device can be accessed and modified with minimal effort. freeRASP checks if the device is secured with any type of lock.

Below are code snippets demonstrating passcode detection across various platforms:

Recommended action: Log the event on your BE or react to it if you need users to have a screen lock set up, otherwise ignore it.

System VPN detection

Detecting a running VPN service on mobile devices is critical for security-sensitive applications, as it can indicate potential privacy and security risks. VPNs can obscure the user’s actual IP address and route data through servers potentially under external control, which might interfere with geographical restrictions and bypass network security settings intended to protect data integrity and confidentiality. Such anonymising features could be exploited to mask illicit activities, evade compliance controls, or access services from unauthorised regions. FreeRASP checks whether the system VPN is enabled.

Below are code snippets demonstrating system VPN detection across various platforms:

Recommended action: Log the event on your BE

Developer Mode detection [Android devices only]

Android developer mode allows deeper system access and debugging capabilities that can bypass app security measures. Developer mode can enable settings that facilitate the installation of uncertified applications and the execution of potentially harmful code, posing significant risks to data integrity and app functionality. FreeRASP detects whether the developer mode is enabled.

Warning: This vulnerability is particularly critical on Android 12 and 13 devices with Developer Mode enabled. A local attacker with ADB shell access can execute arbitrary code within the context of any non-system app, granting them full access to the app’s private data files, AccountManager-stored credentials, and other privileged resources. This bypasses the Application Sandbox’s intended protections, which are designed to isolate app data even from device owners.

Below are code snippets demonstrating developer mode detection across various platforms:

// Android Developer mode detection
override fun onDeveloperModeDetected() {
    TODO("Not yet implemented")
}

// Flutter Developer mode detection
onDevMode: () => print("Developer mode detected")

// Cordova Developer mode detection
devMode: () => {
    // Place your reaction here
}

// React Native Developer mode detection
devMode: () => {
    // Place your reaction here
}

// Capacitor Developer mode detection
devMode: () => {
    // Place your reaction here
}

Recommended action: Log the event on your BE

ADB enabled detection [Android devices only]

ADB (Android Debug Bridge) Enabled is a power-user feature activated through the "USB Installation" option in the Developer settings. This state can signal potential security risks, such as apps being installed via USB, the device being connected to a man-in-the-middle (MiTM) proxy, or the device running as an emulator. When ADB is enabled, it allows extensive access to the device, including pulling and pushing files, issuing shell commands, working with the activity manager (e.g., starting activities, broadcasting intents, modifying hidden Android settings, attaching a profiler to a process, or making an app debuggable), and managing packages. Additionally, it enables capturing screenshots, recording the screen, and other actions that can compromise app security and user privacy. FreeRASP detects whether the USB debugging is enabled.

Below are code snippets demonstrating ADB enabled detection across various platforms:

Recommended action: Log the event on your BE

Time Spoofing Detection [Android only]

Time spoofing attack is when an attacker (or malicious app) manipulates the device's clock or its time source (e.g. network, GPS, or NTP) to cause system apps to behave incorrectly.

Time spoofing in mobile apps is often used to extend or reuse expired tokens, OTPs, or sessions, bypass trial periods and usage quotas, and skip waiting or cooldown times for time‑restricted features, giving attackers or unauthorised users continued access or unfair advantages.

Below are code snippets demonstrating debugger detection across various platforms:

Location Spoofing Detection [Android only]

Location spoofing is when an attacker (or malicious app) falsifies the device’s reported location or the location signals it trusts (e.g., GNSS/GPS, Wi‑Fi positioning, cellular location, or IP‑based geolocation), causing the OS and apps to receive incorrect location data.

Location spoofing in mobile apps is commonly used to bypass geofences and region locks, fake presence (e.g., on dating apps or games), create alibis (e.g., on social or parental control apps), or commit location‑based fraud (offers, check‑ins).

Below are code snippets demonstrating debugger detection across various platforms:

// Android location spoofing check
override fun onLocationSpoofingDetected() {
    TODO("Not yet implemented")
}

// Flutter location spoofing detection
onLocationSpoofing: () => print("Multi instance detected")

// Cordova location spoofing detection
locationSpoofing: () => {
    // Place your reaction here
}

// React Native location spoofing detection
locationSpoofing: () => {
    // Place your reaction here
}

// Capacitor location spoofing detection
locationSpoofing: () => {
    // Place your reaction here
}

Unsecure WiFi Detection [Android only]

Unsecure Wi‑Fi describes a situation where a device is connected to an open or poorly protected wireless network (for example an open hotspot, weak WPA, or a rogue access point), allowing an attacker to observe, intercept, or alter the device’s traffic and network behavior so the OS and apps communicate over an untrusted link.

Attackers can use unsecured Wi‑Fi to perform man‑in‑the‑middle attacks such as:

Eavesdrop on unencrypted traffic to harvest credentials and session cookies
Hijack or replay active sessions to gain unauthorized access
Present forged or untrusted certificates to perform HTTPS interception

Open network could be considered as safe, if VPN is enabled as well. .

Below are code snippets demonstrating debugger detection across various platforms:

Source Code Obfuscation

The freeRASP contains so that the integration process is as simple as possible. Unfortunately, this public API also creates opportunities for the attacker to use publicly available information to interrupt freeRASP operations or modify your custom reaction implementation in threat callbacks. In order for freeRASP to be as effective as possible, it is highly recommended to apply obfuscation to the final package/application, making the public API more difficult to find and also partially randomized for each application so it cannot be automatically abused by generic hooking scripts.

The majority of Android projects support code shrinking and obfuscation without any additional need for setup. The owner of the project can define the set of rules that are usually automatically used when the application is built in the release mode. For detailed guidance, explore the official documentation through these links: first reference and second reference.

Learn More

Explore obfuscation, its types, and Talsec's practical approach—balancing developer experience, app performance, and attack resistance while minimizing drawbacks and ensuring cost-efficient mobile app security:

isProd flag

There are two possible values for this flag:

true
- Indicates the Release version.
- This is the default value when undefined.
false
- Indicates the Dev version.

The Dev version of freeRASP is intended for usage during the development phase. It serves the purpose of segregating development and production data, as well as disabling certain checks that are not applicable during the development process. These checks include:

Emulator usage (onSimulator),
Debugging (onDebug),
Signing (onAppIntegrity),
Unofficial store (onUnofficialStore),
Obfuscation issues (onObfuscationIssues),
Developer mode (onDevMode),
ADB Enabled (onADBEnabled).

Role of watcherMail

A valid business email is your key to the Talsec Portal and the critical security intelligence for your application. This is where your freeRASP data comes to life.

Don't use example or throw-away email. Enter your business email to ensure the Talsec Portal access, security reports, and important product announcements.

We need to ensure that critical security information reaches the right person—or team—responsible for your app.

Invite Your Team: The business email you provide serves as the foundation for your Organization within the Talsec Portal. Once established, you can invite other developers, security analysts, and managers to a centralized dashboard.
Prevent Missed Threats: Imagine a new, widespread attack targeting apps like yours. A throwaway email address means you will miss the security alert, leaving your application and users vulnerable.
Secure Authentication: A valid email is our primary method for verifying your identity & app ownership to ensure that only authorized personnel can access your app's sensitive security data on the Talsec Portal.
It’s Your Professional Identity: We treat you as a professional partner. A business email helps us to establish a proper communication channel with you.

By providing your watcherMail, you consent to receive security reports, product updates, and other essential communications from Talsec. You can unsubscribe at any time (mail us at [email protected]). For more details, please review our Privacy Policy.

License

This project is provided as freemium software, i.e. there is a that imposes some limitations on the free usage. The SDK software consists of open-source and binary parts, which is the property of Talsec. The open-source part is licensed under the MIT License - see the file on GitHub for details.

Fair Usage Policy (FUP)

& Fair Usage Policy

Version Number: 1.1

Effective Date: October 13, 2025

1. Introduction

This Fair Usage Policy (“Policy”) is incorporated by reference into the Agreement and governs the permitted use of Talsec’s freeRASP (the “Service”) provided by Lynx SFT s.r.o. (“Talsec”, “Provider”, “we”, “us”, or “our”). By utilizing the Service, the Customer (“you”, “your”) agrees to abide by this Policy.

2. Usage Limits

The Service is provided, free of charge, for integration into mobile applications (“Applications”) under the condition that the total cumulative download count across all Applications owned or controlled by the Customer or their organization does not exceed one hundred thousand (100,000) unique devices. For clarity, multiple downloads or updates from the same device are counted as a single download, and the download limit applies collectively to all such Applications per Customer or organization.
Exceeding this threshold constitutes a breach of this Policy and obliges the Customer to transition to a commercial subscription plan.

3. Right to Reference Application Name and Logo in Marketing

Talsec reserves the right to reference the Application’s name and logo in Talsec’s marketing communications, including, but not limited to, website sections such as “Trusted by”, presentations, and other promotional materials.

4. Data Collection

The Service collects and processes security telemetry and threat data. This data is used for product enhancement, operational improvements, and aggregated security insights. By using the Service, you consent to such data collection and processing practices.
No personally identifiable information is intentionally collected or processed.
App publishers should provide clear disclosure to users in compliance with Google Play and Apple App Store policies.

5. Enforcement and Remedies

In the event of suspected or actual usage in breach of this Policy (including but not limited to exceeding limits, or interfering with data collection), Talsec may, at its sole discretion and without prejudice to any other remedies:
1. Suspend or terminate your license to use the Service,
2. Withhold or discontinue consolidated security reporting or related services,
3. Require immediate transition to a commercial subscription plan.

6. Policy Modifications

Talsec may revise this Policy at any time. Notice of material changes will be provided by publishing the updated Policy on the Service website. Continued use of the Service after posting will constitute acceptance of those changes.

About Us

Talsec is an academic-based and community-driven mobile security company. We deliver in-App Protection and a User Safety suite for Fintechs. We aim to bridge the gaps between the user's perception of app safety and the strong security requirements of the financial industry.

Talsec offers a wide range of security solutions, such as App and API protection SDK, monitoring services, and the User Safety suite. You can check out the offered products on .

What's New and Changelog

Stay up-to-date with the latest features, improvements and bug fixes for freeRASP. Here you'll find detailed information about each update we've rolled out, organized by platform. Whether you're using the Android, iOS, Flutter, React Native, Capacitor, or Cordova version, all platforms are supported.

Explore the tabs below to see what's new and how the experience has been improved for you. If you're looking for specific changes or features, each update is documented for your convenience.

Latest from Articles

Learn more: https://docs.talsec.app/appsec-articles

Changelog

Latest version 17.0.0

Breaking Change

❗️Breaking: Added killOnBypass method to the TalsecConfig.Builder that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker Issue 65
❗️Breaking: Added onTimeSpoofingDetected() callback to ThreatDetected interface
- We are introducing a new capability, detecting whether the device time has been tampered with
❗️Breaking: Added onLocationSpoofing() callback
- We are introducing a new capability, detecting whether the location is being spoofed on the device.
❗️Breaking: Added onUnsecureWifi() callback to ThreatDetected interface
❗️Breaking: Changed onMalwareDetected() method parameter packageInfo to non-nullable
❗️Breaking: Updated dispatchKeyEvent() parameter nullability from @Nullable to @NonNull
❗️Breaking: Changed parameter type of Activity instead of Context in the blockScreenCapture() method
❗️Breaking: Removed deprecated functionality Pbkdf2Native and both related native libraries (libpbkdf2_native.so and libpolarssl.so)

Added

Added ScreenProtector feature wrapper object that helps with registration/unregistration of screen protection features
A new constructor parameter of type RaspExecutionState in class ThreatListenerrepresenting changes in state in our library. RaspExecutionState contains onAllChecksFinished() method, which is triggered after all checks are completed.
Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission
New option to start Talsec, Talsec.start() takes new parameter TalsecMode that determines the dispatcher thread of initialization and sync checks
Capability to check if another app has an option REQUEST_INSTALL_PACKAGES enabled in the system settings to malware detection

Fixed

ANR issue caused by registerScreenCaptureCallback() method on the main thread
NullPointerException when checking key alias in Keystore on Android 7
JaCoCo issue causing MethodTooLargeException during instrumentation
DeadApplicationException when calling Settings.Global.getInt or Settings.Secure.getInt on invalid context
AndroidKeyStore crashes causing java.util.concurrent.TimeoutException when calling finalize() method on Cipher (GC issues)

Changed

Shortened the value of threat detection interval
Refactoring of internal architecture of SDK that newly uses Coroutines to manage threading
Update of internal dependencies and security libraries

Version 16.0.1

Breaking Change, new feature

❗️Added onMultiInstanceDetected() callback - detection whether the application is installed/running in various multi-instancing environments (e.g. Parallel Space).

Improvement

Added support for 16 KB memory page sizes.
The ADB service running as "root" is a signal for root detection.
Improved emulator detection.
Internal security improvements.

Fixed

Removed malware report duplicates.

Version 15.1.0

Improvement

Added new root detection checks.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
Added externalId to put an integrator-specified custom identifier into the logs. This feature will be presented later.

Fixed

Resolved SecurityException caused by getNetworkCapabilities() - Android 11 specific bug (GH Android issue #56).

Version 15.0.0

Changed

Compile API increased to 35, dependencies updated
Internal library obfuscation reworked
Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)

Fixed

ANR issues bug-fixing

Version 14.0.1

Breaking Change, new feature

❗️Added onScreenshotDetected() - detection of screenshots, refer to the Android freeRASP integration documentation.
❗️Added onScreenRecordingDetected() - detection of screen recording, refer to the Android freeRASP integration documentation.

Improvement

Added blockScreenCapture(Activity activity, boolean enable) for FLAG_SECURE control, an active protection against screen capturing.
isScreenCaptureBlocked() - to receive whether the screen capture is blocked
Rate limiting for both screenshot and screenRecording incidents
Improved root detection capabilities

Bug Fix

Updated proguard rules to fix warnings from okhttp dependency.

Version 13.2.0

Improvement

Added request integrity information to data collection headers.
Enhanced and accelerated the data collection logic.

Version 13.0.0

New features

BREAKING CHANGE: Added onADBEnabledDetected detection feature, which allows you to detect USB debugging option enabled in the developer settings on the device. App needs to implement this new callback.

Version 12.0.0

Improvement

Refactored Magisk checks in the root detection
Internal refactoring of Malware detection feature

Bug Fix

Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver

Version 11.1.3

Bug Fix

Reported ANR issues present on some devices were resolved (GH issue #138).
Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter #140).
Reported crashes caused by the UnsupportedOperationException were resolved.

Version 11.1.1

Bug Fix

False positives in Hook detection (runtimeManipulation).

Version 11.1.0

New Feature

Added onMalwareDetected to ThreatListener.ThreatDetected interface, this is a breaking change and the onMalwareDetected has to be implemented by the integrating application.
- Important Information
  - Further details for this feature will be provided shortly with the new repositories.
  - For now, do not react to the callback, you can implement it simply by just using println().
Added the auditing of the internal execution for the future check optimization and overall security improvements.

Improvement

Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).
Refactored fetching the list of installed applications for root and hook detection.

Bug Fix

Fixed native crashes (SEGFAULT errors) in ifpip method.
Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 9.6.0

New Feature

Two new threat callbacks, onDeveloperModeDetected and onSystemVPNDetected, have been added for detecting Developer mode and System VPN.

Improvement

Updated GMS dependency to a newer version for improved performance and compatibility.
Updated CA bundle to enhance security for secure connections.

Bug Fix

Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 9.1.0

Improvement

Updated freeRASP SDK artifact hosting ensuring better stability and availability.

Version 9.0.2

Improvement

Shortened duration of threat evaluation.
Improved appIntegrity check and its logging.
Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.

Bug Fix

Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).

Version 9.0.0

Improvement

Increased the compileSdk and targetSdk in the demo application.
Updated dependencies in the demo application.

Bug Fix

Fixed issue with ProviderException (#26).

Curious about more in-depth changes for Android? Head over to our GitHub Changelog for the complete history of updates!

Latest version 6.12.1

Improvement

Added palera1n jailbreak detection
Improved Dopamine jailbreak detection

Fixed

Resolved memory-related stability issues.

Version 6.11.0

New Feature

Screen capture protection obscuring app content in screenshots and screen recordings preventing unauthorized content capture. Refer to the iOS freeRASP integration documentation.

Improvement

Added externalId to put an integrator-specified custom identifier into the logs. This feature will be presented later.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.

Bug Fix

Resolved an issue that prevented Xcode tests from running correctly.
Resolved an issue with the screen recording detection.

Version 6.9.0

Improvement

Improvement of the obfuscation of the SDK

Changed

Deep signing of the OpenSSL binaries

Version 6.8.0

New feature

Enhanced security with our new Screen Capture Threat Detection, now capable of identifying screen recording, AirPlay mirroring, and screenshots to guard against unauthorized viewing. Check out the new screenshot and screenRecording callbacks.

Version 6.6.3

Maintenance

Updated SDK code signing; it will now be signed with:
- Team ID: PBDDS45LQS
- Team Name: Lynx SFT s.r.o.

Version 6.6.2

New feature

Added Serotonin jailbreak detection.

Version 6.6.1

Improvement

Renewed the signing certificate.

Version 6.6.0

New feature

Dopamine jailbreak detection.

Version 6.5.3

Improvement

Updated OpenSSL to version 3.0.14 and CURL to version 8.8.0. (Github issue #114)

Version 6.5.0

New Feature

Added request integrity information to data collection.
Significantly improved the response time from data collection service.

Version 6.4.0

New Feature

Added new threat callback systemVPN for System VPN detection.

Improvement

Passcode check is now performed periodically.
Updated the CA bundle to enhance security for secure connections.

Bug Fix

Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 6.1.2

New Feature

Added Privacy Manifest.
Added codesigning for the SDK, it is signed by:
- Team ID: ASQC376HCN,
- Team Name: AHEAD iTec, s.r.o..

Improvement

Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.
Improved obfuscation of Swift and C strings.

Bug Fix

Fixed memory leak (#13).

Curious about more in-depth changes for iOS? Head over to our GitHub Changelog for the complete history of updates!

Latest version: 7.3.0

Added

Added killOnBypass to TalsecConfig that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker (Android only) (Issue 65)
Added onTimeSpoofing callback to ThreatCallback for handling Threat.timeSpoofing threat (Android only)
- We are introducing a new capability, detecting whether the device time has been tampered with
Added onLocationSpoofing callback to ThreatCallback for handling Threat.locationSpoofing threat (Android only)
- We are introducing a new capability, detecting whether the location is being spoofed on the device.
Added onUnsecureWifi callback to ThreatCallback for handling Threat.unsecureWifi threat (Android only)
- We are introducing a new capability, detecting whether the device is connected to an unsecured Wi-Fi network.
Added onAllChecksDone callback to new RaspExecutionStateCallback
- We are introducing a new callback that notifies when all security checks have been completed.

Removed

Removed deprecated functionality Pbkdf2Native and both related native libraries (libpbkdf2_native.so and libpolarssl.so)

Changed

Updated internal dependencies

Version 7.2.2

Fixed

[Android] Fixed an issue with crashing screen protector

Version 7.2.1

Fixed

[iOS] Fixed an issue with native framework

Version: 7.2.0

New Feature

Added interface for multi-instance detection

Improvement

[iOS] Added palera1n jailbreak detection
[iOS] Improved Dopamine jailbreak detection
[Android] Improved emulator detection
[Android] Added support for 16 KB pages

Fixed

[iOS] Resolved memory-related stability issues
[Android] Removed malware report duplicates

Version: 7.1.0

New feature

Added interface for screenshot / screen recording blocking on iOS.

Improvements

Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.

Fixed

Issue that caused compilation errors due to unknown references.
[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 7.0.0

Added

fvm support for Flutter version management

Changed

Updated versions for example app
[Android] Breaking: Raised Kotlin version to 2.1.0
[Android] Compile API increased to 35, dependencies updated
[Android] Internal library obfuscation reworked
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries

Fixed

[Android] ANR issues bug-fixing

Version 6.12.0

New feature

Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.
Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.
Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.
Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

[Android] Raised Android CompileSDK level to 35
[Android] Monitoring is now disabled by default

Improvement

[Android] Improved root detection

Bug Fix

[Android] Proguard rules to address warnings from okhttp dependency

Version 6.11.0

Improvement

[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.

Version 6.10.0

Improvement

App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method
[Android] Malware data is now parsed on background thread to improve responsiveness.

Version 6.9.0

New features

[Android] onADBEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 6.8.0

New features and improvements

[Android] Malware detection as a new callback for enhanced app security.
[Android] Internal refactoring of Malware detection feature.
[Android] Refactoring Magisk checks in the root detection.
[iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

[iOS] Updated SDK code signing; it will now be signed with:
- Team ID: PBDDS45LQS
- Team Name: Lynx SFT s.r.o.

Bug Fix

[Android] Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver

Version 6.7.3

Improvement

[iOS] Renewed the signing certificate.

Version 6.7.2

Bug Fix

[Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 6.7.1

Bug Fix

[Android] False positives for hook detection.

Version 6.7.0

New Feature

[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] Dopamine jailbreak detection.

Improvement

Migration to declarative Gradle plugin.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).
[Android] TalsecConfig creation was migrated to a Builder pattern.
[Android] Refactored fetching the list of installed applications for root and hook detection.
[iOS] Enhanced and accelerated the data collection logic.

Bug Fix

[Android] Native crashes (SEGFAULT) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 6.6.0

New Feature

Added new threat Threat.systemVPN for VPN detection.
Added new callback onSystemVPN in ThreatCallback for handling Threat.systemVPN threat.
[Android] Added a new threat detection feature, Threat.devMode, to identify Developer mode.
[Android] Added a new callback onDevMode in ThreatCallback for handling Threat.devMode threat.

Improvement

Increased minimal Dart SDK version to 2.18.0 and minimal Flutter version to 3.3.0
Updated the CA bundle to enhance security for secure connections.
[Android] Increased the version of the GMS dependency
[iOS] Passcode check is now performed periodically.

Bug Fix

Resolved a problem in logging caused by the device’s default system locale

Version 6.5.1

Improvement

[Android] New Talsec SDK artifact hosting - better stability and availibility.

Version 6.5.0

New Feature

[iOS] Added Privacy Manifest.
[iOS] Added codesigning for the SDK, it is signed by:
- Team ID: ASQC376HCN,
- Team Name: AHEAD iTec, s.r.o..

Improvement

Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.
[Android] Improved appIntegrity check and its logging.
[iOS] Improved obfuscation of Swift and C strings.

Bug Fix

[Android] Fixed issue with disappearing threats when the app is quickly put into the background and then back to the foreground (resolves issue #91).
[Android] Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).

Version 6.4.0

Improvement

Improved reaction obfuscation.
[iOS] Improved obfuscation of the iOS SDK.
[iOS] Raised supported Xcode version to 14.3.1 .

Bug Fix

[Android] Fixed ProviderException.
Fixed typo in namespace which caused incompatibility with AGP 8.0 .

Curious about more in-depth changes for Flutter? Head over to our GitHub Changelog for the complete history of updates!

Latest Version: 4.2.0

New Feature

Added interface for multi-instance detection

Improvement

[iOS] Added palera1n jailbreak detection
[iOS] Improved Dopamine jailbreak detection
[Android] Improved emulator detection
[Android] Added support for 16 KB pages

Fixed

[iOS] Resolved memory-related stability issues
[Android] Removed malware report duplicates

Version: 4.1.0

New feature

Added interface for screenshot / screen recording blocking on iOS.

Improvements

Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.

Fixed

[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 4.0.0

Changed

Android SDK requires kotlin_version >= 2.0.0
Set Java version to 17
[Android] Compile API increased to 35, dependencies updated
[Android] Internal library obfuscation reworked
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries

Fixed

[Android] ANR issues bug-fixing

Version 3.14.0

New feature

Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.
Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.
Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.
Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

[Android] Raised Android compileSDK level to 35

Improvement

[Android] Improved root detection

Fixed

Compatibility issues with RN New Architecture
[Android] Added proguard rules for malware data serialization in release mode on Android
[Android] Proguard rules to address warnings from okhttp dependency

Version 3.13.0

Improvement

[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.

Version 3.12.0

Improvement

App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.
Parsing of malware data is now async.
[Android] Malware data is now parsed on background thread to improve responsiveness.

Version 3.11.0

New features

[Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 3.10.0

New features and improvements

Added configuration fields for malware detection.
[Android] Malware detection as a new callback for enhanced app security.
[Android] Refactoring Magisk checks in the root detection.
[iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

[iOS] Updated SDK code signing; it will now be signed with:
- Team ID: PBDDS45LQS
- Team Name: Lynx SFT s.r.o.

Version 3.9.3

Improvement

[iOS] Renewed the signing certificate.

Version 3.9.2

Bug Fix

[Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 3.9.1

Bug Fix

[Android] False positives for hook detection.

Version 3.9.0

New Feature

[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] Dopamine jailbreak detection.

Improvement

Improved error messages when validation of the freeRASP configuration fails.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).
[Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
[Android] Refactored fetching the list of installed applications for root and hook detection.

Bug Fix

Fixed incorrect path to types in package.json.
[Android] Fixed native crashes (SEGFAULT errors) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 3.8.2

Improvement

Updated proguard rules to resolve build issues in RN 0.75.x.

Version 3.8.0

New Feature

Added a new threat systemVPN for VPN detection.
[Android] Added a new threat devMode for Developer mode detection.

Improvement

Updated the CA bundle to enhance security for secure connections.
[Android] Updated the GMS dependency to a newer version for improved performance and compatibility.
[iOS] Enhanced and accelerated the data collection logic.
[iOS] Passcode check is now performed periodically.

Bug Fix

Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.
[Android] Fixed proguard warning in specific versions of RN.

Version 3.7.2

Improvement

Updated expo config plugin to fix release build issue in RN 0.73.

Version 3.7.1

Improvement

[Android] Updated freeRASP SDK artifact hosting ensuring better stability and availibility.

Bug Fix

[Android] Fixed compatibility issues with RN < 0.63.

Version 3.7.0

New Feature

Added support for apps built with Expo SDK.
[iOS] Added Privacy Manifest.
[iOS] Added codesigning for the SDK, it is signed by:
- Team ID: ASQC376HCN,
- Team Name: AHEAD iTec, s.r.o..

Improvement

Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.
[Android] Shortened duration of threat evaluation.
[Android] Improved appIntegrity check and its logging.
[iOS] Improved obfuscation of Swift and C strings.

Bug Fix

[Android] Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).
[iOS] Fixed memory leak (freeRASP iOS issue #13).

Curious about more in-depth changes for React Native? Head over to our GitHub Changelog for the complete history of updates!

Latest Version: 8.1.0

New Feature

Added interface for multi-instance detection

Improvement

[iOS] Added palera1n jailbreak detection
[iOS] Improved Dopamine jailbreak detection
[Android] Improved emulator detection
[Android] Added support for 16 KB pages

Fixed

[iOS] Resolved memory-related stability issues
[Android] Removed malware report duplicates

Version: 8.0.0

New feature

Added interface for screenshot / screen recording blocking on iOS.

Changed

Plugin now requires kotlin version >= 2.0.0.

Improvements

Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.

Fixed

[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 7.4.1

Changed

[Android] Compile API increased to 35, dependencies updated
[Android] Internal library obfuscation reworked
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries

Fixed

[Android] ANR issues bug-fixing

Version 7.4.0

New feature

Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.
Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.
Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.
Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

[Android] Set following required SDK versions for Android plugin:
- minSdkVersion 23
- targetSdkVersion to 35
- compileSdkVersion to 35

Improvement

[Android] Improved root detection

Fixed

[Android] Proguard rules to address warnings from okhttp dependency

Version 7.3.0

Improvement

[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.

Version 7.2.0

Improvement

App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.
Parsing of malware data is now async.
[Android] Malware data is now parsed on background thread to improve responsiveness.

Version 7.1.0

New features

[Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 7.0.0

New features and improvements

Added configuration fields for malware detection.
[Android] Malware detection as a new callback for enhanced app security.
[Android] Refactoring Magisk checks in the root detection.
[iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

BREAKING CHANGE: New dependency is required to run freeRASP; add following plugin to android/build.gradle:

plugins {
    id 'org.jetbrains.kotlin.plugin.serialization' version '1.7.10'
}

[iOS] Updated SDK code signing; it will now be signed with:
- Team ID: PBDDS45LQS
- Team Name: Lynx SFT s.r.o.

Bug Fix

[Android] Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver

Version 6.3.3

Improvement

[iOS] Renewed the signing certificate.

Version 6.3.2

Bug Fix

[Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 6.3.1

Bug Fix

[Android] False positives for hook detection.

Version 6.3.0

New Feature

[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] Dopamine jailbreak detection.

Improvement

Improved error messages when validation of the freeRASP configuration fails.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).
[Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
[Android] Refactored fetching the list of installed applications for root and hook detection.
[iOS] Enhanced and accelerated the data collection logic.

Bug Fix

[Android] Fixed native crashes (SEGFAULT errors) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 6.2.0

New Feature

Added a new threat systemVPN for VPN detection.
[Android] Added a new threat devMode for Developer mode detection.

Improvement

Updated the CA bundle to enhance security for secure connections.
[Android] Updated the GMS dependency to a newer version for improved performance and compatibility.
[iOS] Passcode check is now performed periodically.

Bug Fix

Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 6.1.3

Bug Fix

Fixed BAD_ACCESS error occurring in specific versions of cordova-ios plugin (#28).

Version 6.1.2

Bug Fix

[Android] Removed the talsec namespace that caused change of namespaces for whole app.
[iOS] Fixed issue causing app crash with lower versions of cordova-ios plugin.

Version 6.1.1

Improvement

[Android] Updated freeRASP SDK artifact hosting ensuring better stability and availibility.

Curious about more in-depth changes for Cordova? Head over to our GitHub Changelog for the complete history of updates!

Latest Version: 2.2.0

New Feature

Added interface for multi-instance detection

Improvement

[iOS] Added palera1n jailbreak detection
[iOS] Improved Dopamine jailbreak detection
[Android] Improved emulator detection
[Android] Added support for 16 KB pages

Fixed

[iOS] Resolved memory-related stability issues
[Android] Removed malware report duplicates

Version: 2.1.0

New feature

Added interface for screenshot / screen recording blocking on iOS.

Improvements

Added interface for external ID storage.
Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
[Android] New root detection checks added.

Fixed

[iOS] Resolved an issue with the screen recording detection.
[iOS] Resolved an issue that prevented Xcode tests from running correctly.

Version 2.0.0

Changed

Android SDK requires kotlin_version >= 2.0.0
[Android] Compile API increased to 35, dependencies updated
[Android] Internal library obfuscation reworked
[Android] Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)
[iOS] Improvement of the obfuscation of the SDK
[iOS] Deep signing of the OpenSSL binaries

Fixed

[Android] ANR issues bug-fixing

Version 1.10.0

New feature

Added screenshot - detection of screenshots, refer to the freeRASP integration documentation.
Added screenRecording - detection of screen recording, refer to the freeRASP integration documentation.
Added blockScreenCapture for FLAG_SECURE control, an active protection against screen capturing.
Added isScreenCaptureBlocked - to receive whether the screen capture is blocked

Changed

[Android] Raised Android compileSDK level to 35
[Android] Set minifyEnabled in plugin to true implicitly

Improvement

[Android] Improved root detection

Fixed

[Android] Proguard rules to address warnings from okhttp dependency

Version 1.9.0

Improvement

[Android] Added request integrity information to data collection headers.
[Android] Enhanced and accelerated the data collection logic.

Version 1.8.0

Improvement

App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method.
Parsing of malware data is now async.
[Android] Malware data is now parsed on background thread to improve responsiveness.

Version 1.7.0

New features

[Android] adbEnabled callback, allowing you to detect USB debugging option enabled in the developer settings on the device.

Version 1.6.0

New features

Added configuration fields for malware detection.
[Android] Malware detection as a new callback for enhanced app security.
[Android] Refactoring Magisk checks in the root detection.
[iOS] Enhanced security with Serotonin Jailbreak Detection to identify compromised devices.

Maintenance

[iOS] Updated SDK code signing; it will now be signed with:
- Team ID: PBDDS45LQS
- Team Name: Lynx SFT s.r.o.

Bug Fix

Resolved compatibilty issues with JDK 21 (issue #21)

Version 1.5.3

Improvement

[iOS] Renewed the signing certificate.

Version 1.5.2

Bug Fix

[Android] Reported ANR issues present on some devices were resolved (GH Flutter issue #138).
[Android] Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter issue #140).
[Android] Reported crashes caused by the UnsupportedOperationException were resolved.

Version 1.5.1

Bug Fix

[Android] False positives for hook detection.

Version 1.5.0

New Feature

[Android] Added the auditing of the internal execution for the future check optimization and overall security improvements.
[iOS] Dopamine jailbreak detection.

Improvement

Improved error messages when validation of the freeRASP configuration fails.
Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).
[Android] Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.
[Android] Refactored fetching the list of installed applications for root and hook detection.
[iOS] Enhanced and accelerated the data collection logic.

Bug Fix

[Android] Fixed native crashes (SEGFAULT errors) in ifpip method.
[Android] Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 1.4.0

New Feature

Added a new threat systemVPN for VPN detection.
[Android] Added a new threat devMode for Developer mode detection.

Improvement

Updated the CA bundle to enhance security for secure connections.
[Android] Updated the GMS dependency to a newer version for improved performance and compatibility.
[iOS] Passcode check is now performed periodically.

Bug Fix

Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 1.3.1

Improvement

[Android] Updated freeRASP SDK artifact hosting ensuring better stability and availibility.

Version 1.3.0

New Feature

[iOS] Added Privacy Manifest.
[iOS] Added codesigning for the SDK, it is signed by:
- Team ID: ASQC376HCN,
- Team Name: AHEAD iTec, s.r.o..

Improvement

Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.
[Android] Shortened duration of threat evaluation.
[Android] Improved appIntegrity check and its logging.
[iOS] Improved obfuscation of Swift and C strings.

Bug Fix

[Android] Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).
[iOS] Fixed memory leak (freeRASP iOS issue #13)

Version 1.2.1

[Android] Fixed bug that prevented firing callbacks in specific situations.
[iOS] Fixed bug that caused app being killed in specific situations (#42).

Curious about more in-depth changes for Capacitor? Head over to our GitHub Changelog for the complete history of updates!