Select release
Introduction

Home

Installation

Configuration

Initialization

Common Usage Scenarios

Recommended Responses to Security Issues

Google Play Prominent Disclosure

SafetyNet Google Play Warning

Device Fingerprinting

Troubleshooting

Release Notes

Migration to Version 1.2.x

Migration to Version 1.0.x

Runtime Protection

RASP Features Overview

Debugger Detection

Emulator Detection

Root Detection

Repackaging Detection

Blocking Screen Readers

Screen Sharing Detection

Blocking Screenshots

Tapjacking Protection

HTTP Proxy Detection

VPN Detection

Screen Lock Usage

Google Play Protect Status

Changing Process Name

Detection of ADB Status

Detection of Developer Options Status

Detection of Biometry Enrollment Status

Detection of Active Call

App Presence Detection

Activity protection

RASP Observer

Anti-Malware

Anti-Malware Use-Cases

Anti-Malware Feature Overview

Malware Threat Identification

Malware Threat Mitigation

Listening to App Changes

Installer identification

Smart Protection

Smart Protection UI Customization

Malware Threat Mitigation

View product develop

Malwarelytics for Android provides several threat mitigation options in case a harmful app is detected on the device:

  • Killing the app that is integrating Malwarelytics
  • Uninstalling the harmful app that has been detected

Due to some Android operating system limitations, uninstalling a harmful app might not always be possible; in certain situations, the system does not allow this. Furthermore, aggressive malware with extensive permissions might be able to protect itself and thwart any uninstallation attempts.

Triggering Mitigations

When the app wants to call a mitigation directly, it has to do so via MitigationManager.

Killing the App

The app can be killed immediately by calling:

val mitigationManager = antivirus.getMitigationManager()
mitigationManager.killApplication()

Uninstalling Other Apps

The app can also make a request to uninstall another app, identified by its package name (application ID):

mitigationManager.uninstallApplication(context, packageName)

However, no callback with the outcome of the uninstall process is provided in this case.

If information about the outcome is required, the uninstallation request has to be made in a slightly more complicated manner, due to Android OS limitations. Only an Activity or a Fragment can be used to make the request as they can receive a callback via Activity Result APIs or onActivityResult() method (now deprecated for fragments).

Uninstall with Callback via ActivityResult APIs

ActivityResult APIs is a new Android approach to getting a result from another activity.

The uninstall can be triggered in a fragment or activity using Activity Result APIs. The approach consists of two steps:

  1. Registering for application uninstall result.
  2. Launching application uninstall.

Registering for application uninstall result has to be done as part of the fragment or activity initialization. This is typically done as a field initializer, or in onAttach() or onCreate() methods. For example:

val uninstallLauncher = antivirus.getMitigationManager().registerForApplicationUninstall(this@SomeFragment, uninstallCallback)

val uninstallCallback = ActivityResultCallback<ActivityResult> { result ->
    val resultCode = result?.resultCode
    if (resultCode == Activity.RESULT_OK) {
        // successfully uninstalled
    } else {
        // failure
    }
}

Later the uninstall of an app can be launched by calling:

antivirus.getMitigationManager().launchApplicationUninstall(uninstallLaucher, packageName)

Uninstall with callback via onActivityResult

The onActivityResult callback is currently available only in activities. Fragment implementation has been deprecated.

The uninstall can be triggered in an activity like this:

mitigationManager.uninstallApplicationWithActivityCallback(activity, packageName, requestCode)

Override the onActivityResult() system callback implementation so that the activity can receive the result via this callback. The requestCode obtained must be matched with the requestCode that was passed to the uninstall request. This approach is deprecated for AndroidX fragments.

Last updated on Nov 21, 2023 (12:06) View product
On this page:
Search

develop

Malwarelytics for Android