Description of the freeRASP API
TalsecConfigSpecifies configuration for your app. See the table below for a detailed description of the attributes.
| field | type | description | sample value |
|---|---|---|---|
public class ThreatListenerpublic ThreatListener(@NonNull ThreatDetected threatsCallback, @Nullable DeviceState deviceStateCallback)
Listener for the threats detected by freeRASP
public void registerListener(Context context)
Registers your reactions to detected threats with freeRASP.
public void unregisterListener(Context context)
Unregisters the reactions to detected threats.
public static void start(Context context, TalsecConfig config)
The method used to start freeRASP's functionality.
public interface ThreatDetectedvoid onRootDetected()
void onDebuggerDetected()
void onEmulatorDetected()
void onTamperDetected()
void onUntrustedInstallationSourceDetected()
void onHookDetected()
void onDeviceBindingDetected()
void onObfuscationIssuesDetected()
public interface DeviceStatevoid onUnlockedDeviceDetected()
void onHardwareBackedKeystoreNotAvailableDetected()
void onDeveloperModeDetected()
void onADBEnabledDetected()
void onSystemVPNDetected()
Sends callbacks to your app when a threat is detected. Read more about the meaning of the callbacks in the .
Provides device state listener to get additional information about device state. Read more about the meaning of the device state listeners in the .
expectedPackageName
String
Package name of the app.
"com.talsec.freerasp.demoapp"
expectedSigningCertificateHashBase64
Array<String>
Certificate hashes of your app. You must get your expected signing certificate hashes in Base64 form. You can go through this manual to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
arrayOf( "mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=")
watcherMail
String?
The value is automatically used as the target address for your security reports. Mail has a strict form 'name@domain.com'.
"john@example.com"
supportedAlternativeStores
Array<String>
Package names of the alternative stores on which you are publishing the application. The Google Play Store and Huawei AppGallery, are included internally. (You can assign just emptyArray()). For more information, visit the Detecting Unofficial Installation wiki page.
arrayOf( "com.sec.android.app.samsungapps")
isProd
Boolean?
Defaults to true when undefined. If you want to use the Dev version to make the development process viable, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.
true
See the most frequent issues occurring during integration.
The most frequent issues occurring during integration:
For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.
freeRASP requires a minimum SDK level of 23. To update the minimum SDK level of the application, follow these steps:
From the root of your project (or module level), go to the build.gradle.
Update minSdkVersion to at least 23 (Android 6.0) or higher.
Set Talsec's Artifact Registry in your project's settings.gradle (or build.gradle). You should comment out the relevant section in settings.gradle, if you want to use build.gradle, as settings.gradle is preferred:
Make sure that Talsec's maven dependency is at the last position.
Set dependencies in your :app module's build.gradle:
To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.
Create an arbitrary subclass of Application(), override its onCreate()method and implement ThreatListener.ThreatDetected interface. You can, of course, use your Application subclass if you already have one in your project. If you encounter issues importing ThreatListener.ThreatDetected, please use 'Sync Project with Gradle Files' to resolve them.“
Add a new subclass to AndroidManifest.xml, inside <application> tag:
Set up the Configuration for your app with your values, which are explained in more detail in API.
You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the Threat detection to learn more details about the performed checks and their importance for app security.
Implement methods of ThreatListener.ThreatDetected interface:
Do not implement the onMalwareDetected(p0: MutableList<SuspiciousAppInfo>?) callback yet. It will be soon introduced as a new feature of freeRASP, although, it is implemented via this SDK as well. You can use just println("onMalwareDetected") for now.
Optionally, you can use a device state listener to get additional information about the device state, like passcode lock and HW-backed Keystore state:
Modify initialization of ThreatListener:
You can make sure that the obfuscation is enabled by checking the value of minifyEnabled property in your module's build.gradle file.
Read more about why this is important in the wiki.
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Visit the freeMalwareDetection repository to learn more about this feature! For the integration, refer to the integration guide for the Android platform.