Select release
Introduction

Home

Installation

Configuration

Initialization

Common Usage Scenarios

Recommended Responses to Security Issues

Google Play Prominent Disclosure

SafetyNet Google Play Warning

Device Fingerprinting

Troubleshooting

Release Notes

Migration to Version 1.2.x

Migration to Version 1.0.x

Runtime Protection

RASP Features Overview

Debugger Detection

Emulator Detection

Root Detection

Repackaging Detection

Screen Sharing Detection

Blocking Screen Readers

Screenshot Blocking and Detection

Tapjacking Protection

HTTP Proxy Detection

VPN Detection

Screen Lock Usage

Google Play Protect Status

Changing Process Name

Detection of ADB Status

Detection of Developer Options Status

Detection of Biometry Enrollment Status

Detection of Active Call

App Presence Detection

Spoofed Location Detection

Activity protection

RASP Observer

Anti-Malware

Anti-Malware Use-Cases

Anti-Malware Feature Overview

Malware Threat Identification

Malware Threat Mitigation

Listening to App Changes

Installer identification

Smart Protection

Smart Protection UI Customization

Active Call Detection

View product develop

Social engineering scams pose a serious problem for today’s banking and fintech apps. Malicious actors try to trick users into sending money away or into performing other harmful activities such as approving access to their accounts. This is often performed by direct phone calls. The actor first gains the user’s trust and then instructs him/her directly to perform a harmful action. For this reason, active call detection is an integral part of a financial app. The app can use the detection to prevent the user from doing sensitive operations while off-hook.

Malwarelytics for Android is able to detect active calls. It can detect phone ringing, ongoing phone calls, and idle devices. In some cases, it can detect even more - ongoing audio/video VoIP calls, call redirects, and call screenings. Detection of these details depends on the version of Android OS and the apps handling the non-telephony calls.

Configuration

This feature can be configured during the Malwarelytics initialization phase:

val raspConfig = RaspConfig.Builder()
    .activeCall(SimpleDetectionConfig)
    // configuration of other RASP features
    .build()

Available values of SimpleDetectionConfig:

Value Description
NoAction indicates that active calls will not be automatically detected. A manual check is still possible.
Notify indicates that active calls will be automatically detected and observers will be notified.

Active call detection defaults to SimpleDetectionConfig.Notify.

Usage

After initialization, the active call detection feature can be accessed via RaspManager. This can be used to register an observer or to trigger a manual active call detection check.

Registering an Observer

Active call detection can trigger a certain action. To achieve that, an observer needs to be configured and registered.

Observer configuration:

val raspObserver = object : RaspObserver {
    override fun onActiveCallDetected(activeCallDetection: ActiveCallDetection) {
        // handle active call detection
    }
    // handle detection of other RASP features
}

The observer can be registered in RaspManager. When it is no longer needed, it can be unregistered again.

raspManager.registerRaspObserver(raspObserver)
raspManager.unregisterRaspObserver(raspObserver)

The ActiveCallDetection data class contains the following properties:

Property Description
callState: CallState indicates the state of the ongoing call.

The data class also contains the following functions:

Function Description
isCallActive(): Boolean indicates whether the detection data indicates an active ongoing call at the moment.

Available values of CallState:

Value Description
IDLE Idle state: the device is not ringing and no call is established.
RINGING Device is ringing. An incoming call is being signaled.
ACTIVE_CALL In call. A telephony call is established.
ACTIVE_COMMUNICATION In communication. An audio/video chat or VoIP call is established.
CALL_SCREENING Call screening is in progress. The call is connected, and audio is accessible to call screening applications, but other audio use cases are still possible.
ACTIVE_CALL_REDIRECT A telephony call is established, and its audio is redirected to another device.
ACTIVE_COMMUNICATION_REDIRECT An audio/video chat or VoIP call is established, and its audio is redirected to another device.
UNKNOWN Unknown state.

Triggering a Manual Check

Active call detection check can be triggered manually in RaspManager. Two methods are available - isCallActive() gives a simple boolean answer, whereas getActiveCallDetection() provides more details.

val isCallActive: Boolean = raspManager.isCallActive()
val activeCallDetection: ActiveCallDetection = raspManager.getActiveCallDetection()

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on Feb 13, 2025 (17:46) View product
On this page:
Search

develop

Malwarelytics for Android