Malware Threat Mitigation

Malwarelytics for Android provides several threat mitigation options in case a harmful app is detected on the device:

  • Killing the app that is integrating Malwarelytics
  • Uninstalling the harmful app that has been detected

Due to some Android operating system limitations, uninstalling a harmful app might not always be possible; in certain situations, the system does not allow this. Furthermore, aggressive malware with extensive permissions might be able to protect itself and thwart any uninstallation attempts.

Triggering Mitigations

When the app wants to call a mitigation directly, it has to do so via MitigationManager.

Killing the App

The app can be killed immediately by calling:

val mitigationManager = antivirus.getMitigationManager()
mitigationManager.killApplication()

Uninstalling Other Apps

The app can also make a request to uninstall another app, identified by its package name (application ID):

mitigationManager.uninstallApplication(context, packageName)

However, no callback with the outcome of the uninstall process is provided in this case.

If information about the outcome is required, the uninstallation request has to be made in a slightly more complicated manner, due to Android OS limitations. Only an Activity or a Fragment can be used to make the request as they can receive a callback via Activity Result APIs or onActivityResult() method (now deprecated for fragments).

Uninstall with Callback via ActivityResult APIs

ActivityResult APIs is a new Android approach to getting a result from another activity.

The uninstall can be triggered in a fragment or activity using Activity Result APIs. The approach consists of two steps:

  1. Registering for application uninstall result.
  2. Launching application uninstall.

Registering for application uninstall result has to be done as part of the fragment or activity initialization. This is typically done as a field initializer, or in onAttach() or onCreate() methods. For example:

val uninstallLauncher = antivirus.getMitigationManager().registerForApplicationUninstall(this@SomeFragment, uninstallCallback)

val uninstallCallback = ActivityResultCallback<ActivityResult> { result ->
    val resultCode = result?.resultCode
    if (resultCode == Activity.RESULT_OK) {
        // successfully uninstalled
    } else {
        // failure
    }
}

Later the uninstall of an app can be launched by calling:

antivirus.getMitigationManager().launchApplicationUninstall(uninstallLaucher, packageName)

Uninstall with callback via onActivityResult

The onActivityResult callback is currently available only in activities. Fragment implementation has been deprecated.

The uninstall can be triggered in an activity like this:

mitigationManager.uninstallApplicationWithActivityCallback(activity, packageName, requestCode)

Override the onActivityResult() system callback implementation so that the activity can receive the result via this callback. The requestCode obtained must be matched with the requestCode that was passed to the uninstall request. This approach is deprecated for AndroidX fragments.

Last updated on Nov 21, 2023 (13:06) View product
Search

develop

Malwarelytics for Android