Blocking Emulated Input
For a banking app, blocking of emulated input - the input events not created by the user of the device - is an important security feature. The main reason is the increasing risk of automated fraud attacks. Synthetic input events - such as programmatically injected touches or clicks - can be used by malicious actors to simulated legitimate user interactions, bypass UI-based security checks, or automate fraudulent transactions.
Malwarelytics for Android is able to distinguish and block most of emulated input touches and clicks caused by accessibility services and ADB commands.
Limitations
Emulated input can be injected by several different tools. Unfortunately, not all synthetic input events can be reliably distinguished as synthetic and a part of such events might not be blocked.
Configuration
This feature can be configured during the Malwarelytics initialization phase.
val raspConfig = RaspConfig.Builder()
.emulatedInput(BlockConfig.Block)
.build()
Available values of BlockConfig
:
Value | Description |
---|---|
NoAction |
indicates that the emulated input will not be blocked. |
Block |
indicates that the emulated input will be automatically blocked. |
Configuration of the emulated input blocking feature defaults to BlockConfig.Block
.
More information on general RASP feature configuration and usage can be found in this overview.