Description of the freeRASP API
FreeraspConfigSpecifies configuration for your app. See the table below for detailed description of the attributes.
androidConfig
AndroidConfig?
Configuration for Android apps
any AndroidConfig instance
iosConfig
IOSConfig?
Configuration for iOS apps
any IOSConfig instance
watcherMail
string
The value is automatically used as the target address for your security reports. Mail has a strict form 'name@domain.com'.
'john@example.com'
isProd
boolean?
Defaults to true when undefined. If you want to use the Dev version to make the development process easier, set the parameter to false. Make sure that you have the Release version in the production (i.e. isProd set to true)!. To simplify switching between debug and release version of freeRASP based on the build type, you can use BuildConfig.BUILD_TYPE.contains("Release", true) as a value for isProd.
true
AndroidConfigSpecifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
packageName
string
Package name of the app.
'com.talsec.freerasp.demoapp'
certificateHashes
string[]
Certificate hashes of your app.
['mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=']
supportedAlternativeStores
string[]
[ 'com.sec.android.app.samsungapps']
IOSConfigSpecifies configuration for instances of the app running on Android devices. See the table below for detailed description of the attributes.
appBundleId
string
Apple Bundle ID for the app
'com.talsec.freerasp.demoapp'
appTeamId
string
Apple Team ID used in the app
'M8AK35...'
NativeEventEmitterActionsSpecifies a set of callbacks that are used to notify the application when certain security threat is detected.
privilegedAccess
() => any
debug
() => any
simulator
() => any
appIntegrity
() => any
unofficialStore
() => any
hooks
() => any
deviceBinding
() => any
deviceID
() => any
passcode
() => any
secureHardwareNotAvailable
() => any
obfuscationIssues
() => any
devMode
() => any
adbEnabled
() => any
systemVPN
() => any
const startFreeRASP = async (config: FreeraspConfig, reactions: NativeEventEmitterActions): Promise<bool>Method is used to start freeRASP's audit and set up listeners for threats. Returns true when successful.
const removeThreatListeners = (): voidUnregisters threat listeners. Should be called only when the app is being terminated.
See the most frequent issues occurring during integration.
Currently, there are no commonly present issues solely for the Capacitor development platform. For more general issues or questions, visit page. You can also check out the , where you can report issues and view existing reports.
The freeRASP has the following prerequisites that must be met before starting.
freeRASP for Android requires a minSdkVersion level of >=23 and a targetSdkVersion level of >=33. Some Capacitor projects, by default, support even lower levels of minimum and target SDKs. This creates an inconsistency we must solve by updating the SDK levels of the application:
From the root of your project, go to android > variables.gradle (or equivalent).
In ext, update minSdkVersion to at least 23 (Android 6.0) and compileSdkVersion to at least 33 (Android 13) or higher.
Install the plugin using your preferred package manager
Synchronize the project files across native platforms
In the the entry point to your app, import freeRASP and add the code below.
Threat reactions can be specified inside a JavaScript object, which is then passed into the initialization function:
Pass the configuration and reactions you set up in previous steps into startFreeRASP function.
Based on your framework, we recommend:
In React: Wrap this function in useEffect with an empty dependency array
In Vue: Call the method inside the mounted property
In Angular: Call the method inside the ngOnInit method
The easiest way to obfuscate your app is via code minification, a technique that reduces the size of the compiled code by removing unnecessary characters, whitespace, and renaming variables and functions to shorter names. It can be configured for Android devices in android/app/build.gradle like so:
Please note that some other modules in your app may rely on reflection, therefore it may be necessary to add corresponding keep rules into proguard-rules.pro file.
If there is a problem with the obfuscation, freeRASP will notify you about it via obfuscationIssues callback.
freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.
It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.
Package names of the alternative stores. If you publish on the Google Play Store and Huawei AppGallery, as these are already included internally. (You can assign just emptyArray()). For more information, visit the wiki page.
To ensure freeRASP functions correctly, you need to provide the necessary configuration and initialize it. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided.
For Android apps, you must get your expected signing certificate hashes in Base64 form. You can go through to learn how to sign your app in more detail, including manual signing and using Google's Play app signing.
freeRASP executes periodical checks when the application is running. You can handle the detected threats using listeners. For example, you can log the event, show a window to the user or kill the application. See the in the wiki to learn more details about the performed checks and their importance for app security.
For the version you’re integrating, you can find the specific dSYMs for debugging in .
Read more about why this is important in the.
Visit the repository to learn more about this feature! For the integration, refer to the for the Capacitor platform.
isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this .