Configuration
The minimum configuration for the AppProtection is setting up the username, password, and public key for the service. However, we recommend configuring all features that are present in the SDK.
The Username, Password and Signature Public Key can be obtained in the Malwarelytics console. Note that these credentials are bound to your application Bundle ID. If you need to support multiple environments (Bundle IDs), you need different credentials for each environment.
Configuring the Service
To enable Malwarelytics in your app, you need to create a properly configured instance of the AppProtectionService class and set the AppProtectionRaspDelegate to obtain callbacks.
You should implement the following three configurations:
AppProtectionConfig- Configures generic parameters, such as service credentials or app user ID.AppProtectionRaspConfig- Configures which RASP features are enabled and default actions for the detections.AppProtectionEventConfig- Configures which RASP events are emitted and sent to the back-end services.
Based on the configuration, the AppProtectionRaspDelegate then receives updates about various RASP events.
Sample Integration
The AppSecurity swift class is a sample implementation over the AppProtectionService.
import Foundation
import AppProtection
class AppSecurity: AppProtectionRaspDelegate {
private let appProtection: AppProtectionService
/// Creates AppSecurity instance
/// - Parameter clientId: ID of the user
init(clientId: String?) {
// Prepare the RASP feature configuration
let raspConfig = AppProtectionRaspConfig(
jailbreak: .exit("https://myurl.com/jalibreak-explained"), // exit on jailbroken phone
debugger: .block, // block debugger
reverseEngineeringTools: .notify, // let me know when user installed revers engineering tools
httpProxy: .notify, // notify me via delegate when http proxy is enabled
repackage:.exit([AppProtectionTrustedCert(withBase64EncodedString: "BASE_64_ENCODED_CERT")!], "https://myurl.com/repackage-explained"), // follow documentation how to obtain certificate string
screenCapture: .notify // notify me via delegate when user takes a screenshot
)
// Prepare the configuration for events
let eventConfig = AppProtectionEventConfig(
enableEventCollection: true, // enable event collection in general
enableScreenshotTakenCollection: true // /track screenshot events in the Malwarelytics console on the server
)
// Prepare a configuration for service
let config = AppProtectionConfig(
username: "$USERNAME",
password: "$PASSWORD",
signaturePublicKey: "$PUBKEY",
clientAppUserId: clientId,
raspConfig: raspConfig,
eventsConfig: eventConfig
)
// Create the Service
self.appProtection = AppProtectionService(config: config)
// Set the delegate to obtain RASP callbacks
self.appProtection.rasp.addDelegate(self)
}
deinit {
// When our AppSecurity class is being "destroyed", we want
// to stop all features of the AppProtectionService.
// To do so, we need to release all its assets before
// the only reference that "holds it" is removed.
self.appProtection.release()
}
/// Report in-app incident
/// - Parameter incident: Incident that happened inside the app
func reportIncident(_ incident: RaspIncident) {
self.appProtection.events.log(incident.appProtectionValue)
}
/// Call when client id changes (paired/unpaired the app).
/// - Parameter clientId: Client id
func setClientId(_ clientId: String?) {
self.appProtection.clientAppUserId = clientId
}
/// AppProtection resets the device indicator and starts registering it as a new device.
func resetServiceId() {
self.appProtection.resetInstanceId()
}
// MARK: - AppProtectionRaspDelegate
func debuggerDetected() {
// react to debugger
}
func jailbreakDetected() {
// react to jailbreak
}
func repackageDetected() {
// react to repackage
}
func httpProxyEnabled() {
// react to http proxy enabled
}
func userScreenshotDetected() {
// react to user screenshot
}
func reverseEngineeringToolsDetected() {
// react to reverse engineering tools
}
func systemPasscodeConfigurationChanged(enabled: Bool) {
// react to system passcode change
}
func systemBiometryConfigurationChanged(enabled: Bool) {
// react to biometry configuration changed
}
func screenCapturedChanged(isCaptured: Bool) {
// react to screen capturing (casting to different device)
}
}
enum RaspIncident {
case sslInvalidCert
case deviceUnpaired
case devicePaired
case deviceBlocked
case userIgnoredWeakPassphrase
case passphraseChanged
case biometryEnabled
case biometryDisabled
case authenticationFailed
case authenticationSuccess
var appProtectionValue: AppProtectionEvent {
switch self {
case .sslInvalidCert: return AppProtectionEvent.Network.sslInvalidCertificate
case .deviceUnpaired: return AppProtectionEvent.Authentication.deviceUnpaired
case .devicePaired: return AppProtectionEvent.Authentication.devicePaired
case .deviceBlocked: return AppProtectionEvent.Authentication.deviceBlocked
case .userIgnoredWeakPassphrase: return AppProtectionEvent.Authentication.userIgnoredWeakPassphrase
case .passphraseChanged: return AppProtectionEvent.Authentication.passphraseChanged
case .biometryEnabled: return AppProtectionEvent.Authentication.biometryEnabled
case .biometryDisabled: return AppProtectionEvent.Authentication.biometryDisabled
case .authenticationFailed: return AppProtectionEvent.Authentication.authenticationFailed
case .authenticationSuccess: return AppProtectionEvent.Authentication.authenticationSuccess
}
}
}
Be aware that creation of 2 instances of AppProtectionService is considered to be logical error and will result in application crash.
Before deiniting (removing all references to) the AppProtectionService object, you need to call release() that will stop all its functionality. Deiniting without release will result in application crash