Smart Protection
Various customization degrees are possible when integrating Malwarelytics into an app. For full control over its behavior, raw APIs — observers and method calls — can be used. An entirely different approach is a hassle-free SDK integration using the built-in Smart Protection system.
Smart Protection is a set of behavior patterns that are enabled by default. These patterns include a periodic evaluation of apps installed on the device, suggestion updates, initial scans, and an automatic evaluation of app changes.
There are two basic modes of operation:
-
Silent mode — default option. It does not show any UI but simply keeps the data up to date with the remote console.
-
Non-silent mode — facilitates automatic mitigation of detected threats. The available options are:
- Display an app screen with a list of dangerous apps.
- Display a notification about a dangerous app.
Configuration
Smart Protection can be configured to some extent using the SmartProtectionConfig
settings in the AntivirusConfig.Builder
.
val smartProtectionConfig = AntivirusConfig.SmartProtectionConfig.Builder()
.smartProtectionEnabled(true)
.silentModeEnabled(true)
.smartProtectionIntervalHours(72)
.performInitialFirstUpdate(true)
.build()
val antivirusConfig = AntivirusConfig.Builder()
// other Anti-Malware feature configuration
.smartProtectionConfig(smartProtectionConfig)
.build()
Learn about UI customization of Smart Protection elements in this article.
Information about Updates and Troubleshooting
Smart Protection performs automatic updates that are hidden from the integrating app. In some cases, the app wants to react to freshly updated data, get some update information, or the app developers need to investigate a problem.
For this reason, the SDK offers:
- Update observer.
- Info data about the last successful and unsuccessful updates.
Registering an Update Observer
The application can register UpdateObserver
to get notified about performed updates. The observer callback provides info data about the finished update. The observer configuration:
val updateObserver = object : UpdateObserver {
override fun onSuggestionUpdated(observedUpdateInfo: ObservedUpdateInfo) {
// handle observedUpdateInfo
}
}
The observer can be registered in UpdateManager
which is accessible via the Antivirus
class.
val updateManager = AppProtection.getInstance().getAntivirus().getUpdateManager()
updateManager.registerUpdateObserver(updateObserver)
When it is no longer needed, the observer can be unregistered again.
updateManager.unregisterUpdateObserver(updateObserver)
The ObservedUpdateInfo
data class has the following properties:
Property | Description |
---|---|
updateResult: UpdateResult |
Update result. One of SUCCESS , PARTIAL_SUCCESS , or FAILURE . |
updateType: UpdateType |
Type of update. Either FULL or PARTIAL |
checkedApps: List<String> |
List of apps that were checked in the update. The apps are identified by their application IDs (package names). |
updatedApps: List<String> |
List of apps that were updated in the update. The apps are identified by their application IDs (package names). |
failureReason: String? |
String representation of an error that occurred during processing of the update. |
The performed updates can have one of these results:
UpdateResult | Description |
---|---|
SUCCESS |
Successful update. All apps (that were checked in the update) were successfully updated without any error. |
PARTIAL_SUCCESS |
Partially successful update. Some apps were successfully updated but not all of them. The update of some apps failed for some reason. |
FAILURE |
Failed update. The update failed completely for some reason. |
The performed updates can be of these types:
UpdateType | Description |
---|---|
FULL |
Updates data for all apps on the device. |
PARTIAL |
Updates data for apps that were observed as changed - newly installed or updated. |
Information about Past Updates
The SDK stores some information about past updates. This information can be obtained by calling:
val antivirus = AppProtection.getInstance().getAntivirus
val updateInfo = antivirus.getUpdateManager.getLastUpdateInfo()
The UpdateInfo
data class has the following properties:
Property | Description |
---|---|
successfulUpdates: Map<UpdateType, UpdateInfoSuccess> |
Map of success info data for each UpdateType . |
failedUpdates: Map<UpdateType, UpdateInfoFailure> |
Map of failure info data for each UpdateType . |
Updates with the result UpdateResult.PARTIAL_SUCCESS
are counted as failed updates here.
The UpdateInfoSuccess
data class contains the following properties:
Property | Description |
---|---|
lastSuccessTimestamp: Long? |
Unix timestamp of the last successful update, or null if there has been no successful update yet. |
lastSuccessCheckCount: Int |
Number of checked apps in the last successful update, or 0 if there has been no successful update yet. |
lastSuccessUpdatedCount: Int |
Number of updated apps in the last successful update, or 0 if there has been no successful update yet. |
The UpdateInfoFailure
data class contains the following properties:
Property | Description |
---|---|
lastFailureTimestamp: Long? |
Unix timestamp of the last failed update, or null if there has been no failed update yet. |
lastFailureReason: String? |
String representation of a failure reason of the last failed update, or null if there has been no failed update yet. |
Troubleshooting with Manual Updates
Malwarelytics for Android provides API for performing manual updates. However, this API is not recommended to be used in production. It’s recommended to use the self-updating behavior of Smart Protection instead.
Manual updates should be used only in development to troubleshoot proper configuration or data inconsistencies.
A manual update can be done either full or partial. A full manual update can be performed by calling the updateSuggestions()
method:
// run on a worker thread only
val updateResult = antivirus.getUpdateManager.updateSuggestions()
Full updates are throttled. The SDK allows only a limited number of full updates during a period of time.
A partial manual update can be done by calling the updateSuggestionsForApps(Collection<String>)
method with a collection of app package names (application IDs):
// run on a worker thread only
val appsToUpdate = listOf("com.example.app", "com.example.anotherapp")
val updateResult = antivirus.getUpdateManager.updateSuggestionsForApps(appsToUpdate)
The update result indicates whether the update was successful. The possible result values are:
Value | Meaning |
---|---|
UpdateResult.SUCCESS |
Update was successful. |
UpdateResult.PARTIAL_SUCCESS |
Update was partially successful. Some apps couldn’t be successfully updated for some reason. |
UpdateResult.FAILURE |
Update failed for some reason. |