Common Usage Scenarios

Malwarelytics for Android offers a huge variety of possible usages and integrations within an app. The SDK offers Anti-Malware and Runtime Protection components providing different features that can be used separately. Moreover, the SDK can be used in an online mode, when it’s connected to a remote console app, or in an offline mode.

Online and Offline Mode

The most common usage of Malwarelytics for Android is to run it in online mode. A crucial condition for the SDK to run in online mode is to provide API credentials in the configuration. The API credentials consist of API_USERNAME, API_PASSWORD, and API_SIGNATURE_PUBLIC_KEY and can be found in the Malwarelytics console.

The minimum online configuration has to contain:

val config = AppProtectionConfig.Builder(appContext)
    .apiUsername(API_USERNAME)
    .apiPassword(API_PASSWORD)
    .apiSignaturePublicKey(API_SIGNATURE_PUBLIC_KEY)
    // other configuration items
    .build()

If the API_USERNAME, API_PASSWORD, and API_SIGNATURE_PUBLIC_KEY values are not provided, the SDK will run in offline mode without a connection to the remote Malwarelytics console.

The mode, in which the SDK was initialized, corresponds with the initialization result value. The result PERMANENT_OFFLINE_MODE indicates that the SDK is initialized into offline mode.

Using Anti-Malware Feature Only

The Anti-Malware feature can be used separately from the RASP feature. To use only the Anti-Malware feature, it’s necessary to configure Malwarelytics for Android with the turned-off RASP feature. That can be done by not configuring RASP at all.

val config = AppProtectionConfig.Builder(appContext)
    // no usage and no value passed to .raspConfig()
    // other configuration items
    .build()

Turned off the RASP feature doesn’t affect the functionality of the Anti-Malware feature in any way.

Anti-Malware Feature in Offline Mode

When used in offline mode Anti-Malware feature doesn’t have data from the remote console for proper identification of malware threats. This greatly reduces the capability of the SDK to detect malware.

It is not recommended to use the Anti-Malware feature in offline mode due to a significant number of false positive and false negative detections.

Using RASP Feature Only

The RASP (runtime application self-protection) feature can be used separately from the Anti-Malware feature. To use the RASP feature only, it’s necessary to disable the Anti-Malware feature in the configuration.

val config = AppProtectionConfig.Builder(appContext)
    .antivirusConfig(
        AntivirusConfig.Builder()
            .enableAntivirus(false)
            .build()
    )
    // other configuration items
    .build()

A few features might be affected by missing data caused by the missing Anti-Malware feature, namely tapjacking protection and app presence detection.

Tapjacking Protection in RASP Only

Tapjacking protection uses malware threat identification and listening to app changes provided by the Anti-Malware feature. With the Anti-Malware feature being disabled, the blockTapjackingSensitivity configuration cannot be used. In the case of the usage of offline RASP only, tapjacking protection cannot distinguish which apps are problematic and all apps capable of creating overlays are marked as “problematic”. In this case, it’s recommended not to use tapjacking protection because of a significant risk of false positives.

Tapjacking protection can be disabled in the configuration with:

val raspConfig = RaspConfig.Builder()
    .tapjacking(
        TapjackingBlockConfig.Builder()
            .action(BlockConfig.NoAction)
            .build()
    )
    // configuration of other RASP features
    .build()

App Presence Detection in RASP Only

App presence detection uses listening to app changes provided by the Anti-Malware feature. In this case, the app presence detection doesn’t react to app changes - installs, uninstalls, and updates. A manual check for the presence of unwanted apps is still possible by calling raspManager.getAppPresenceDetection().

RASP Feature in Offline Mode

RASP feature in offline mode provides the full set of features as in the online mode with the only exception of tapjacking protection. Tapjacking protection uses malware threat identification feature that suffers from more false positives and false negatives when the SDK is used in offline mode as mentioned in Anti-Malware Feature in Offline Mode.

Last updated on Nov 16, 2023 (08:41) View product
Search

1.2.x

Malwarelytics for Android