.svg?alt=media&token=d7c8c4c9-d0a9-4fad-8d39-cf7e4208a360)
Android
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
From GitHub, Copy Talsec folder into your Application folder.
Drag & drop the Talsec folder to your .xcworkspace.
Add TalsecRuntime framework to Target > Build Phases > Link Binary With Libraries.
In the General > Frameworks, Libraries, and Embedded Content choose Embed & Sign.
Note: In case you are using Carthage, the zipped version of the framework is included in the GitHub Releases.
To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.
In the AppDelegate import TalsecRuntime and add the following code (e.g., in the didFinishLaunchingWithOptions method.:
It does not have to be AppDelegate, it can be anywhere. However, the recommended approach is to start the SDK as soon as possible.
You can handle the detected events using handlers. For example, you can log the event, show a window to the user or kill the application. See the Threat detection to learn more details about the performed checks and their importance for app security.
Anywhere in your project (e.g. in AppDelegate), add the following code as an extension:
Use the code above for handling these types of events:
Invoke the following method right after setting up the TalsecConfig in previous steps.
For the version you’re integrating, you can find the specific dSYMs for debugging in Releases.
See the most frequent issues occurring during integration.
The most frequent issues occurring during integration:
For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.
See the most frequent issues occurring during integration.
Currently, there are no commonly present issues solely for the Native iOS development platform. For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.
This page provides you with all the necessary information about freeRASP integration for FlutterFlow. Please read it carefully. If you have a question, don't hesitate to open an issue.
In this section, you will implement the imported freeRASP Action.
On your app's initial page, navigate to the UI Builder.
On the right panel, click on Actions.
In the Action Flow Editor box, click Open.
In the newly opened window, click on On Page Load at the top.
Click Add Action (or + and then Add Action, if you already have an Action).
On the right panel, search for the runRASP Custom Action.
Select the runRASP Action.
In the Set Function Arguments section, you will find the configuration-related arguments and several "onX" arguments. More about reactions in the #handle-detected-threats.
The freeRASP Action requires several arguments to be filled to function. Some data are related to specific platforms.
If you are developing the application exclusively for one platform, you can omit the configuration part related to the other platform. If you don't want to provide configuration to an unrelated platform, provide an empty string:
Click the orange variable icon next to the Value label
Scroll down to Constants
Click Constant to expand the dropdown menu
Select Empty String
watcherMail is an email address designated for receiving security reports. Ensure that the email address follows the strict name@domain.com format.
isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version.
The Dev version of freeRASP is intended for usage during the development phase. It serves the purpose of segregating development and production data, as well as disabling certain checks that are not applicable during the development process. These checks include:
Emulator usage (onSimulator)
Debugging (onDebug)
Signing (onAppIntegrity)
Unofficial store (onUnofficialStore)
Obfuscation issues (onObfuscationIssues)
Developer mode (onDevMode)
ADB Enabled (onADBEnabled)
packageName is a unique identifier for your Android application.
You can find the packageName value for your application in FlutterFlow settings:
Navigate to Settings and Integrations.
Locate and select App Details.
In the textbox labelled Package Name, you will find the package name associated with your application.
Do NOT use solutions such as package_info_plus to provide the value of the package name! The package name has to be hardcoded.
signingCertHash is a hash of the certificate of the key which was used to sign the application. The value of the hash must be encoded in Base64 form.
More about signing hash and how to obtain it in Getting Signing Certificate Hash.
supportedStore is a third-party app store to which your application is uploaded. By including this store, freeRASP considers it as trusted source.
To add a store, add the package name of the store to the supportedStore list.
Google Play store and Huawei AppGallery are supported out of the box. You don't need to add them.
bundleId is a unique identifier for your iOS application.
More about bundle ID and how to obtain one: FlutterFlow Documentation | App Deployment.
teamId is a unique identifier assigned to a development team enrolled in the Apple Developer Program.
You can find your teamId on the Apple Developer portal:
Go to the website: https://developer.apple.com/account.
Log in using the account that is used to sign and release your app.
Scroll down to the Membership details section.
Look for the line labelled "Team ID" - the value of your team will be displayed there.
The freeRASP Action offers multiple callbacks for handling threats. A callback is an Action that gets triggered when a threat is detected.
To implement callback:
Open Action Flow Editor with runRASP action.
Open one of the dropdown menus labelled "onX" on the right panel (X for a given type of reaction, for example, onAppIntegrity)
In the Action Flow Editor box, click on Open.
Implement your reaction.
Visit Threat detection to learn more details about the performed checks and their importance for app security.
freeRASP for Flutter allows you to define multiple values for:
Signing certificate hash
Supported app store
Bundle ID
Due to FlutterFlow's limitations, the current implementation of freeRASP for FlutterFlow only allows you to specify a single value for each of these attributes. If want to provide more values, you can download the code and adjust those parameters manually (see Flutter)
Currently, freeRASP supports only Android and iOS. When running the application in the FlutterFlow web client, freeRASP will not be initialized.
The minimum required Android SDK level for freeRASP is 23. FlutterFlow applications have a minimum SDK level of 21 by default.
This creates some restrictions:
Deploying the application from the FlutterFlow web client is not possible.
Downloading the APK from the FlutterFlow web client is not supported.
To overcome these limitations, we recommend following these steps:
Download the code.
Manually raise the SDK level in the build.gradle file to 23.
Deploy the application using Google Play Console.
Raising SDK version
From the root of your project, go to android > app > build.gradle
In defaultConfig update minSdkVersion to at least 23 (Android 6.0) or higher
The freeRASP has the following prerequisites that must be met before starting.
freeRASP requires a minimum SDK level of 23. Some versions of Flutter projects, by default, support even lower levels of minimum SDK. This creates an inconsistency we must solve by updating the minimum SDK level of the application:
From the root of your project, go to android > app > build.gradle.
In defaultConfig, update minSdkVersion property to at least 23 (Android 6.0) or higher.
Xcode 15 is required to be able to build the application
Run the following command inside the project directory to add the freeRASP dependency:
To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Detailed descriptions of the configuration options are provided on the API page.
For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through this manual to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
In the entry point to your app, import freeRASP and add the following code:
It is necessary that Flutter Bindings are initialized. This can be satisfied by calling WidgetsFlutterBinding.ensureInitialized(), as shown in the code snippet above.
freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the Threat detection in the wiki to learn more details about the performed checks and their importance for app security.
freeRASP reacts to threats using ThreatCallback. Internally, each threat has its own callback (of VoidCallback type), which is called when a threat is detected.
Start freeRASP to detect threats just by adding this line below the created config and the callback handler:
For the version you’re integrating, you can find the specific dSYMs for debugging in Releases.
In order to provide as much protection as possible, freeRASP enhances security measures by implementing ProGuard consumer rules, which obfuscate specific sections of the SDK. However, these rules are applied to your Android app code as well due to inheritance.
In certain cases, you may prefer to exclude this rule.
To remove the rule, you need to find freerasp in your cache folder. More about where to find the cache folder here. Then navigate to the freerasp-X.Y.Z/android/build.gradle file and delete the line:
Read more about why obfuscation is important in the wiki.
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Visit the freeMalwareDetection repository to learn more about this feature! For the integration, refer to the integration guide for the Flutter platform.
freeRASP requires a minimum SDK level of 23. To update the minimum SDK level of the application, follow these steps:
From the root of your project (or module level), go to the build.gradle.
Update minSdkVersion to at least 23 (Android 6.0) or higher.
Set Talsec's Artifact Registry in your project's settings.gradle (or build.gradle). You should comment out the relevant section in settings.gradle, if you want to use build.gradle, as settings.gradle is preferred:
Make sure that Talsec's maven dependency is at the last position.
Set dependencies in your :app module's build.gradle:
To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.
Create an arbitrary subclass of Application(), override its onCreate()method and implement ThreatListener.ThreatDetected interface. You can, of course, use your Application subclass if you already have one in your project. If you encounter issues importing ThreatListener.ThreatDetected, please use 'Sync Project with Gradle Files' to resolve them.“
Add a new subclass to AndroidManifest.xml, inside <application> tag:
Set up the Configuration for your app with your values, which are explained in more detail in API.
You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the Threat detection to learn more details about the performed checks and their importance for app security.
Implement methods of ThreatListener.ThreatDetected interface:
Do not implement the onMalwareDetected(p0: MutableList<SuspiciousAppInfo>?) callback yet. It will be soon introduced as a new feature of freeRASP, although, it is implemented via this SDK as well. You can use just println("onMalwareDetected") for now.
Optionally, you can use a device state listener to get additional information about the device state, like passcode lock and HW-backed Keystore state:
Modify initialization of ThreatListener:
You can make sure that the obfuscation is enabled by checking the value of minifyEnabled property in your module's build.gradle file.
Read more about why this is important in the wiki.
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Visit the freeMalwareDetection repository to learn more about this feature! For the integration, refer to the integration guide for the Android platform.
See the most frequent issues occurring during integration.
The most frequent issues occurring during integration:
For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.
The freeRASP has the following prerequisites that must be met before starting.
freeRASP requires a minimum SDK level of 23. React Native projects, by default, support even lower levels of minimum SDK. This creates an inconsistency we must solve by updating the minimum SDK level of the application:
From the root of your project, go to android > build.gradle.
In buildscript, update minSdkVersion to at least 23 (Android 6.0) or higher.
freeRASP React Native plugin uses Pods. Navigate to the ios folder and run:
Install the plugin using your preferred package manager
Navigate to the ios folder and run:
To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.
In the the entry point to your app, import freeRASP and add the code below.
For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through this manual to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
FreeRASP provides a React Custom Hook that handles all required logic as registration of freeRASP, mounting and unmounting of listeners for you.
freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the Threat detection in the wiki to learn more details about the performed checks and their importance for app security.
Threat reactions should be specified inside a JavaScript object.
Start freeRASP to detect threats by calling the useFreeRasp hook, below the created config and the callback handler:
Please note that useFreeRasp Hook should be called outside useEffect.
When freeRASP initializes correctly, you should see freeRASP initialized message in the logs. Otherwise, you'll see a warning with a description of what went wrong.
You can override this default behaviour by extending the actions object with started key (to change action after successful initialization), and initializationError key (to set up action after unsuccessful initialization)
For the version you’re integrating, you can find the specific dSYMs for debugging in Releases.
Import methods from the freeRASP plugin:
Override constructor() method in the entry point to your app set listeners to threats and start freeRASP:
In this code snippet, actions is object with your reactions to threats and config is a freeRASP configuration object from previous parts of the readme.
Override componentWillUnmount() method where you clean up the listeners:
The easiest way to obfuscate your app is via code minification, a technique that reduces the size of the compiled code by removing unnecessary characters, whitespace, and renaming variables and functions to shorter names. It can be configured for Android devices in android/app/build.gradle like:
Please note that some other modules in your app may rely on reflection, therefore it may be necessary to add corresponding keep rules into proguard-rules.pro file.
If there is a problem with the obfuscation, freeRASP will notify you about it via obfuscationIssues callback.
Read more about why this is important in the wiki.
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Visit the freeMalwareDetection repository to learn more about this feature! For the integration, refer to the integration guide for the React Native platform.
Description of the freeRASP API
TalsecConfigSpecifies configuration for your app. See the table below for a detailed description of the attributes.
| field | type | description | sample value |
|---|---|---|---|
public class ThreatListenerpublic ThreatListener(@NonNull ThreatDetected threatsCallback, @Nullable DeviceState deviceStateCallback)
Listener for the threats detected by freeRASP
public void registerListener(Context context)
Registers your reactions to detected threats with freeRASP.
public void unregisterListener(Context context)
Unregisters the reactions to detected threats.
public static void start(Context context, TalsecConfig config)
The method used to start freeRASP's functionality.
public interface ThreatDetectedvoid onRootDetected()
void onDebuggerDetected()
void onEmulatorDetected()
void onTamperDetected()
void onUntrustedInstallationSourceDetected()
void onHookDetected()
void onDeviceBindingDetected()
void onObfuscationIssuesDetected()
public interface DeviceStatevoid onUnlockedDeviceDetected()
void onHardwareBackedKeystoreNotAvailableDetected()
void onDeveloperModeDetected()
void onADBEnabledDetected()
void onSystemVPNDetected()
The general flow of the integration can be decomposed into the following steps:
Conforming to the prerequisites, e.g. setting up Android minSdkVersion.
Adding the dependency.
Setting up the configuration for the application, e.g. package name or whether it is production or not (see #dev-vs-release-version).
Handling the detected threats (callbacks).
Starting the SDK.
Enabling the source code obfuscation.
Become familiar with Security Report, User Data Policies and License.
Looking at , to provide an additional layer of protection by detecting malware or suspicious applications.
Looking at Features and Pricing plans if you are interested in more advanced solutions to protect your application and business.
The Dev version is used to not complicate the development process of the application, e.g. if you would implement killing of the application on the debugger callback. It disables some detections which won't be triggered during the development process:
Emulator/Simulator
Debugging
Tampering/Repackaging
Unofficial store/source
Obfuscation issues
Developer mode
ADB Enabled
Make sure that you use the Release version for the production.
Choose the relevant section based on your app development platform:
Description of the freeRASP API
TalsecConfigSpecifies configuration for your app. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|---|---|---|
public class Talsecpublic static func start(config: TalsecRuntime.TalsecConfig)
The method used to start freeRASP's audit.
public protocol SecurityThreatHandlerfunc threatDetected(_ securityThreat: TalsecRuntime.SecurityThreat)
Notifier about detected threats.
public enum SecurityThreat : String, Codable, CaseIterable, Equatablesignature
jailbreak
debugger
runtimeManipulation
passcode
simulator
missingSecureEnclave
systemVPN
deviceChange
deviceID
unofficialStore
Description of the freeRASP API
TalsecConfigSpecifies configuration for your app. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|---|---|---|
AndroidConfigSpecifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|---|---|---|
IOSConfigSpecifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|---|---|---|
NativeEventEmitterActionsSpecifies a set of callbacks that are used to notify the application when certain security threat is detected.
const useFreeRasp = (config: TalsecConfig, actions: NativeEventEmitterActions)React Custom Hook responsible for starting freeRASP and setting up listeners
const setThreatListeners = async (config: NativeEventEmitterActions): voidSets up listeners for detected threats
const talsecStart = async (options: TalsecConfig): Promise<string>Method is used to start freeRASP's audit. Returns 'freeRASP started'string when successful.
const removeThreatListeners = (): voidUnregisters threat listeners. Should be called only when the app is being terminated.
freeRASP for React Native is a bare React Native plugin. When installing freeRASP into a project that uses Expo SDK, there may be extra configuration needed.
To integrate freeRASP into the Expo projects, follow the instructions for React Native. After that, continue on this page.
We provide a plugin config that sets up the dependencies of freeRASP without the need to eject the Expo project. It is recommended to use the plugin config. However, manual setup is also possible.
Add the plugin config to your app.json and specify the minSdkVersion (use at least 23). Additionally, if you are using Expo 50, increase the version of R8 above 8.2 with the R8Version property .
Increase minSdkVersion
This can be done in two ways:
update the minSdkVersion property directly in android/build.gradle, or
Add maven dependency
open android/build.gradle (if you don't see the android folder, run npx expo prebuild -p android in terminal to create it)
add the following dependency under allprojects > repositories:
if not already configured, add also:
The freeRASP has the following prerequisites that must be met before starting.
freeRASP for Android requires a minSdkVersion level of >=23 and a targetSdkVersion level of >=33. Some Capacitor projects, by default, support even lower levels of minimum and target SDKs. This creates an inconsistency we must solve by updating the SDK levels of the application:
From the root of your project, go to android > variables.gradle (or equivalent).
In ext, update minSdkVersion to at least 23 (Android 6.0) and compileSdkVersion to at least 33 (Android 13) or higher.
Install the plugin using your preferred package manager
Synchronize the project files across native platforms
In the the entry point to your app, import freeRASP and add the code below.
Threat reactions can be specified inside a JavaScript object, which is then passed into the initialization function:
Pass the configuration and reactions you set up in previous steps into startFreeRASP function.
Based on your framework, we recommend:
In React: Wrap this function in useEffect with an empty dependency array
In Vue: Call the method inside the mounted property
In Angular: Call the method inside the ngOnInit method
The easiest way to obfuscate your app is via code minification, a technique that reduces the size of the compiled code by removing unnecessary characters, whitespace, and renaming variables and functions to shorter names. It can be configured for Android devices in android/app/build.gradle like so:
Please note that some other modules in your app may rely on reflection, therefore it may be necessary to add corresponding keep rules into proguard-rules.pro file.
If there is a problem with the obfuscation, freeRASP will notify you about it via obfuscationIssues callback.
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Description of the freeRASP API
FreeraspConfigSpecifies configuration for your app. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|
AndroidConfigSpecifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|
IOSConfigSpecifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|
NativeEventEmitterActionsSpecifies a set of callbacks that are used to notify the application when certain security threat is detected.
const startFreeRASP = async (config: FreeraspConfig, reactions: NativeEventEmitterActions): Promise<bool>Method is used to start freeRASP's audit and set up listeners for threats. Returns true when successful.
const removeThreatListeners = (): voidUnregisters threat listeners. Should be called only when the app is being terminated.
Description of the freeRASP API
TalsecConfigSpecifies configuration for your app. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|
AndroidConfigSpecifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|
IOSConfigSpecifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|
NativeEventEmitterActionsSpecifies a set of callbacks that are used to notify the application when certain security threat is detected.
const start = async (config: FreeraspConfig, eventListenerConfig: NativeEventEmitterActions): Promise<void>Method is used to start freeRASP's audit and set up listeners for threats.
See the most frequent issues occurring during integration.
The most frequent issues occurring during integration:
For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.
See the most frequent issues occurring during integration.
Currently, there are no commonly present issues solely for the Capacitor development platform. For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.
Description of the freeRASP API
TalsecConfigSpecifies configuration for your app. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|
AndroidConfigSpecifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|
IOSConfigSpecifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
| field | type | description | sample value |
|---|
Future<void> start(TalsecConfig config)Starts freeRASP with configuration provided in config.
void attachListener(ThreatCallback callback)Attaches instance of ThreatCallback to freeRASP. If ThreatCallback is already attached, current one will be detached and replaced with callback. When threat is detected, respective callback of ThreatCallback is invoked.
ThreatCallbackThe freeRASP has the following prerequisites that must be met before starting.
The Android implementation uses Kotlin serialization plugin; following line has to be added to the plugins block in platforms/android/build.gradle:
freeRASP requires minSdkVersion level of >=23, targetSdkVersion level of >=31 and Kotlin support. Add the following lines to the config.xml file in your project root directory.
Then run the following command to apply the preferences:
freeRASP plugin uses Swift. Install the following plugin to support Swift in your project.
Install the plugin using Cordova CLI
In the the entry point to your app, import freeRASP and add the code below.
Threat reactions can be specified inside a JavaScript object, which is then passed into the initialization function:
freeRASP can be started after the Cordova initialization is completed, for example, inside the onDeviceReady function in the index.js.
The easiest way to obfuscate your app is via code minification, a technique that reduces the size of the compiled code by removing unnecessary characters, whitespace, and renaming variables and functions to shorter names. It can be configured for Android devices in android/app/build.gradle like so:
Additionally, create or extend proguard-rules.pro in android/app folder and exclude Cordova’s specific classes that rely on package names from being obfuscated:
Please note that some other modules in your app may rely on reflection, therefore it may be necessary to add corresponding keep rules into proguard-rules.pro file.
If there is a problem with the obfuscation, freeRASP will notify you about it via obfuscationIssues callback.
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Sends callbacks to your app when a threat is detected. Read more about the meaning of the callbacks in the .
Provides device state listener to get additional information about device state. Read more about the meaning of the device state listeners in the .
Provides all types of threats detected by freeRASP. Read more about the meaning of the threats in the .
| threat | type | Android | iOS |
|---|---|---|---|
Solution: The simulator does not support the release build of Flutter - more about it . Use a real device in order to build the app in release mode.
Solution: Technical limitation of Flutter - more about it . Use command flutter run to launch the app (i.e. run the app from scratch).
For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.
use expo-build-properties plugin, which updates the property in the prebuild phase. .
To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided.
For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the in the wiki to learn more details about the performed checks and their importance for app security.
For the version you’re integrating, you can find the specific dSYMs for debugging in .
Read more about why this is important in the.
Visit the repository to learn more about this feature! For the integration, refer to the for the Capacitor platform.
| threat | type | Android | iOS |
|---|
| threat | type | Android | iOS |
|---|
A class which represents a set of callbacks that are used to notify the application when certain security threat is detected. Read more about the meaning of the callbacks in the .
| method name | return type | Android | iOS |
|---|
To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided.
For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the in the wiki to learn more details about the performed checks and their importance for app security.
For the version you’re integrating, you can find the specific dSYMs for debugging in .
Read more about why this is important in the.
Visit the repository to learn more about this feature! For the integration, refer to the for the Cordova platform.
expectedPackageName
String
Package name of the app.
"com.talsec.freerasp.demoapp"
expectedSigningCertificateHashBase64
Array<String>
Certificate hashes of your app. You must get your expected signing certificate hashes in Base64 form. You can go through this manual to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
arrayOf( "mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=")
watcherMail
String?
The value is automatically used as the target address for your security reports. Mail has a strict form 'name@domain.com'.
"john@example.com"
supportedAlternativeStores
Array<String>
Package names of the alternative stores on which you are publishing the application. The Google Play Store and Huawei AppGallery, are included internally. (You can assign just emptyArray()). For more information, visit the Detecting Unofficial Installation wiki page.
arrayOf( "com.sec.android.app.samsungapps")
isProd
Boolean?
Defaults to true when undefined. If you want to use the Dev version to make the development process viable, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.
true
appBundleIds
[String]
List of Bundle IDs for the app
["com.talsec.freerasp.demoapp"]
appTeamId
String
Apple Team ID for the signing of the app
"M8AK35..."
watcherMail
String?
The value is automatically used as the target address for your security reports. Mail has a strict form 'name@domain.com'.
"john@example.com"
isProd
Bool?
Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!
true
androidConfig
AndroidConfig?
Configuration for Android apps
any AndroidConfig instance
iosConfig
IOSConfig?
Configuration for iOS apps
any IOSConfig instance
watcherMail
string
The value is automatically used as the target address for your security reports. Mail has a strict form 'name@domain.com'.
'john@example.com'
isProd
boolean?
Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.
true
packageName
string
Package name of the app.
'com.talsec.freerasp.demoapp'
certificateHashes
string[]
Certificate hashes of your app.
['mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=']
supportedAlternativeStores
string[]
Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the Detecting Unofficial Installation wiki page.
[ 'com.sec.android.app.samsungapps']
appBundleId
string
Apple Bundle ID for the app
'com.talsec.freerasp.demoapp'
appTeamId
string
Apple Team ID used in the app
'M8AK35...'
privilegedAccess
() => any
debug
() => any
simulator
() => any
appIntegrity
() => any
unofficialStore
() => any
hooks
() => any
deviceBinding
() => any
deviceID
() => any
passcode
() => any
secureHardwareNotAvailable
() => any
obfuscationIssues
() => any
devMode
() => any
adbEnabled
() => any
systemVPN
() => any
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| () => any |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
| VoidCallback? |
androidConfig | AndroidConfig? | Configuration for Android apps | any AndroidConfig instance |
iosConfig | IOSConfig? | Configuration for iOS apps | any IOSConfig instance |
watcherMail | string | The value is automatically used as the target address for your security reports. Mail has a strict form | ' |
isProd | boolean? | Defaults to |
|
packageName | string | Package name of the app. | ' |
certificateHashes | string[] | Certificate hashes of your app. |
|
supportedAlternativeStores | string[] | [ |
appBundleId | string | Apple Bundle ID for the app | ' |
appTeamId | string | Apple Team ID used in the app | 'M8AK35...' |
androidConfig | AndroidConfig? | Configuration for Android apps | any AndroidConfig instance |
iosConfig | IOSConfig? | Configuration for iOS apps | any IOSConfig instance |
watcherMail | string | The value is automatically used as the target address for your security reports. Mail has a strict form | ' |
isProd | boolean? | Defaults to |
|
packageName | string | Package name of the app. | ' |
certificateHashes | string[] | Certificate hashes of your app. |
|
supportedAlternativeStores | string[] | [ |
appBundleId | string | Apple Bundle ID for the app | ' |
appTeamId | string | Apple Team ID used in the app | 'M8AK35...' |
androidConfig | AndroidConfig? | Configuration for Android apps | any AndroidConfig instance |
iosConfig | IOSConfig? | Configuration for iOS apps | any IOSConfig instance |
watcherMail | String | The value is automatically used as the target address for your security reports. Mail has a strict form | ' |
isProd | bool? | Defaults to |
|
packageName | String | Package name of the app. | ' |
signingCertHashes | List<String> | Certificate hashes of your app. |
|
supportedStores | List<String> | [ |
bundleIds | List<String> | List of Bundle IDs for the app | [' |
teamId | String | Apple Team ID used in the app | 'M8AK35...' |
Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the wiki page.
Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the wiki page.
Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the wiki page.
.svg?alt=media&token=a92a054a-c1cb-4861-b19c-4bbac8e752f2)
.svg?alt=media&token=a01ecc00-51da-4eea-be79-00c054d50d97)
.svg?alt=media&token=990a2e9a-d9ca-4f49-ba75-ceeafd97bb60)
.svg?alt=media&token=3b653caa-88c7-403f-95e5-e3910bc1671e)
.svg?alt=media&token=f014fd8f-ffd9-4b76-b078-1a7d72034212)