VPN Detection

A VPN (virtual private network) can be used to tunnel all traffic from the device through a remote server. Although VPNs are primarily used to add a level of security, they can also pose a danger when the device connects to a dubious network. For example, some free VPN services might use invasive advertising or sell browsing data to third parties. Last but not least usage of a VPN might be restricted or illegal in some countries.

Malwarelytics for Apple is able to detect that the app is using a VPN and can be configured to terminate the app in that case.

Configuration

let raspConfig = AppProtectionRaspConfig(
    vpnDetection: DetectionConfig
    // configuration of other RASP features
)

Available values of DetectionConfig:

Value Description
.noAction indicates that the VPN will not be automatically detected. A manual check is still possible.
.notify indicates that the VPN will be automatically detected and the delegates will be notified via the vpnChanged(Bool) method.
.exit(
exitUrl: String?)
indicates that the VPN will be automatically detected and the app will be terminated when the VPN is automatically detected.

VPN detection defaults to .notify.

List of available parameters for some config values:

Parameter Description
exitUrl: String? defines the URL to be opened when the app is terminated because of the automatic detection. Defaults to nil.

Usage

After service creation, the VPN detection feature can be accessed via AppProtectionRasp. This can be used to add a delegate or to trigger a manual VPN detection check.

Observing Detection

VPN detection can trigger a certain action. To achieve that, a delegate needs to be added.

Delegate configuration:

class RaspDelegate: AppProtectionRaspDelegate {

    // other delegate code

    func vpnChanged(active: Bool) {
        // handle VPN detection
    }
}

The delegate can be added in AppProtectionRasp. When it is no longer needed, it can be removed again.

let raspDelegate = RaspDelegate()
appProtection.rasp.addDelegate(raspDelegate)
appProtection.rasp.removeDelegate(raspDelegate)

Triggering a Manual Check

VPN detection check can be triggered manually in AppProtectionRasp by getting the isVpnActive property value. A simple Bool answer is given.

let isVpnActive = appProtection.rasp.isVpnActive

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on Apr 11, 2024 (08:13) View product
Search

develop

Malwarelytics for Apple