Malware Threat Mitigation
Malwarelytics for Android provides several threat mitigation options in case a harmful app is detected on the device:
- Killing the app that is integrating Malwarelytics
- Uninstalling the harmful app that has been detected
Due to some Android operating system limitations, uninstalling a harmful app might not always be possible; in certain situations, the system does not allow this. Furthermore, aggressive malware with extensive permissions might be able to protect itself and thwart any uninstallation attempts.
Triggering Mitigations
When the app wants to call a mitigation directly, it has to do so via MitigationManager
.
Killing the App
The app can be killed immediately by calling:
val mitigationManager = antivirus.getMitigationManager()
mitigationManager.killApplication()
Uninstalling Other Apps
The app can also make a request to uninstall another app, identified by its package name (application ID):
mitigationManager.uninstallApplication(context, packageName)
However, no callback with the outcome of the uninstall process is provided in this case.
If information about the outcome is required, the uninstallation request has to be made in a slightly more complicated manner, due to Android OS limitations. Only an Activity
or a Fragment
can be used to make the request as they can receive a callback via Activity Result APIs or onActivityResult()
method (now deprecated for fragments).
Uninstall with Callback via ActivityResult APIs
ActivityResult APIs is a new Android approach of getting a result from another activity.
The uninstall can be triggered in a fragment or activity using Activity Result APIs. The approach consists of two steps:
- Registering for application uninstall result.
- Launching application uninstall.
Registering for application uninstall result has to be done as part of the fragment or activity initialization. This is typically done as a field initializer, or in onAttach()
or onCreate()
methods. For example:
val uninstallLauncher = antivirus.getMitigationManager().registerForApplicationUninstall(this@SomeFragment, uninstallCallback)
val uninstallCallback = ActivityResultCallback<ActivityResult> { result ->
val resultCode = result?.resultCode
if (resultCode == Activity.RESULT_OK) {
// successfully uninstalled
} else {
// failure
}
}
Later the uninstall of an app can be launched by calling:
antivirus.getMitigationManager().launchApplicationUninstall(uninstallLaucher, packageName)
Uninstall with callback via onActivityResult
The onActivityResult
callback is currently available only in activities. Fragment implementation have been deprecated.
The uninstall can be triggered in an activity like this:
mitigationManager.uninstallApplicationWithActivityCallback(activity, packageName, requestCode)
Override the onActivityResult()
system callback implementation so that the activity can receive the result via this callback. The requestCode
obtained must be matched with the requestCode
that was passed to the uninstall request. This approach is deprecated for AndroidX fragments.