Select release
Introduction

Home

Installation

Configuration

Initialization

Common Usage Scenarios

Recommended Responses to Security Issues

Google Play Prominent Disclosure

SafetyNet Google Play Warning

Device Fingerprinting

Troubleshooting

Release Notes

Migration to Version 1.4.x

Migration to Version 1.3.x

Migration to Version 1.2.x

Migration to Version 1.0.x

Runtime Protection

RASP Features Overview

Debugger Detection

Emulator Detection

Root Detection

Repackaging Detection

Screen Sharing Detection

Blocking Screen Readers

Screenshot Blocking and Detection

Tapjacking Protection

HTTP Proxy Detection

VPN Detection

Screen Lock Usage

Google Play Protect Status

Changing Process Name

Detection of ADB Status

Detection of Developer Options Status

Detection of Biometry Enrollment Status

Detection of Active Call

App Presence Detection

Spoofed Location Detection

Android Auto Detection

Blocking Emulated Input

Activity protection

RASP Observer

Anti-Malware

Anti-Malware Use-Cases

Anti-Malware Feature Overview

Malware Threat Identification

Malware Threat Mitigation

Listening to App Changes

Installer identification

Smart Protection

Smart Protection UI Customization

Obtaining App Info

Blocking Emulated Input

View product develop

For a banking app, blocking of emulated input - the input events not created by the user of the device - is an important security feature. The main reason is the increasing risk of automated fraud attacks. Synthetic input events - such as programmatically injected touches or clicks - can be used by malicious actors to simulated legitimate user interactions, bypass UI-based security checks, or automate fraudulent transactions.

Malwarelytics for Android is able to distinguish and block most of emulated input touches and clicks caused by accessibility services and ADB commands.

Limitations

Emulated input can be injected by several different tools. Unfortunately, not all synthetic input events can be reliably distinguished as synthetic and a part of such events might not be blocked.

Configuration

This feature can be configured during the Malwarelytics initialization phase.

val raspConfig = RaspConfig.Builder()
    .emulatedInput(BlockConfig.Block)
    .build()

Available values of BlockConfig:

Value Description
NoAction indicates that the emulated input will not be blocked.
Block indicates that the emulated input will be automatically blocked.

Configuration of the emulated input blocking feature defaults to BlockConfig.Block.

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on May 15, 2025 (10:25) View product
On this page:
Search

develop

Malwarelytics for Android