Select release
Introduction

Home

Installation

Configuration

Google Play Prominent Disclosure

Release Notes

Runtime Protection

RASP Features Overview

Debugger Detection

Emulator Detection

Root Detection

Repackaging Detection

Blocking Screen Readers

Screen Sharing Detection

Blocking Screenshots

Tapjacking Protection

HTTP Proxy Detection

VPN Detection

Screen Lock Usage

Google Play Protect Status

Changing Process Name

Detection of ADB Status

Detection of Developer Options Status

Detection of Biometry Enrollment Status

Activity protection

Anti-Malware

Anti-Malware Use-Cases

Anti-Malware Feature Overview

Malware Threat Identification

Malware Threat Mitigation

Listening to App Changes

Installer identification

Smart Protection

Smart Protection UI Customization

Detection of HTTP Proxy

View product v0.23.0

A system-wide HTTP proxy configuration can force all HTTP (and, in some cases, HTTPS) requests from your app to pass through a proxy server. This is a potentially harmful behaviour since the proxy server can then inspect or even modify request payloads. Furthermore, Android allows configuring an HTTP proxy without the user being fully aware of this fact.

Malwarelytics for Android is able to detect that an HTTP proxy is being used and can be configured to terminate the app in such case.

Configuration

This feature can be configured during the Malwarelytics initialization phase:

val raspConfig = RaspConfig.Builder()
    .checkHttpProxy(Boolean)
    .exitOnHttpProxy(Boolean)
    .exitOnHttpProxyUrl(String)
    // configuration of other RASP features
    .build()
Method Description
checkHttpProxy(Boolean) indicates whether HTTP proxy use should be detected automatically. Defaults to true.
exitOnHttpProxy(Boolean) indicates whether the app should be terminated when the use of an HTTP proxy is detected. Defaults to false.
exitOnHttpProxyUrl(String) defines a URL to be opened when the app is terminated because of detection of HTTP proxy. Defaults to null.

Usage

After initialization, the HTTP proxy detection feature can be accessed via RaspManager. This can be used to register an observer or to trigger a manual HTTP proxy detection check.

Registering an Observer

HTTP proxy detection can trigger a certain action. To achieve that, an observer needs to be configured and registered.

Observer configuration:

val raspObserver = object : RaspObserver {
    override fun onHttpProxyDetected(httpProxyDetected: Boolean) {
        // handle http proxy detection
    }
    // handle detection of other RASP features
}

The observer can be registered in RaspManager. When it is no longer needed, it can be unregistered again.

raspManager.registerRaspObserver(raspObserver)
raspManager.unregisterRaspObserver(raspObserver)

Triggering a Manual Check

HTTP proxy detection check can be triggered manually in RaspManager. Two methods are available - isHttpProxyEnabled() gives a simple boolean answer, whereas getHttpProxyDetection() provides more details.

val isHttpProxyEnabled = raspManager.isHttpProxyEnabled()
val httpProxyDetection = raspManager.getHttpProxyDetection()

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on Feb 14, 2023 (10:22) View product
On this page:
Search

0.23.x

Malwarelytics for Android