Android Antivirus - Smart Protection

An app can integrate Malwarelytics for Android in various degrees of customization. On one extreme it can use its raw APIs - observers and method calls - and implement all the app behaviors. On the other extreme, it can integrate the SDK “hassle-free” and use the built-in Smart Protection.

Smart Protection is a set of automatic behaviors, that are enabled by default. They involve timed evaluations of the installed apps, suggestion updates, initial scans, and automatic evaluation of app changes.

There are two basic modes of operation:

  1. Silent mode - Turned on by default. Does not show any UI. It simply keeps the data up-to-date with the remote console.

  2. Non-silent mode - Involves automatic mitigations of detected threats.

Available automatic threat mitigations:

  • Displaying app screen with a list of dangerous apps.
  • Displaying notification about a dangerous app.

Configuring Smart Protection

Smart Protection can be configured in the initial cordova SDK initialization:

await window.plugins.malwarelytics.initialize({
    // Configuration for the Android platform
    androidConfig: {
        antivirus: { // Configuration of the antivirus component
            enableSilentMode: false, // Silent mode enabled = no UI
            onlineCheckIntervalHours: 48, // check for update every 48 hours
            updateOnInitialize: true // the virus database will be updated on the startup
        }
    }
}

Triggering Smart Protection

Smart protection feature can be triggered manually by calling:

await window.plugins.malwarelytics.android.antivirus.triggerSmartProtection();

Smart protection feature can be triggered in an offline mode that skips the online update. This way only locally cached data are used. Offline smart protection can be triggered by calling:

await window.plugins.malwarelytics.android.antivirus.triggerSmartProtection(false);

Method triggerSmartProtection(Boolean) returns SmartProtectionResult containing information about performed actions:

  • Whether any UI (app screen or notification) was displayed.
  • Whether a successful online update was performed.
  • Whether evaluation of apps on the device succeeded.

Manual Threat Fetching

List of threats can be fetched manually via:

// obtain list of threats
const list = await window.plugins.malwarelytics.android.antivirus.getThreatList();
// filter and print out apps that are higli dangerous or malware
list.items.filter(i => i.threatIndex == "MALWARE" || i.threatIndex == "HIGHLY_DANGEROUS").forEach( async apk => {
    let apkInfo = await window.plugins.malwarelytics.android.antivirus.getApkInfo(apk.packageName);
    console.log(apkInfo);
});

Threat mitigation UI of the smart protection can be customized in the malwarelytics.xml.

Last updated on Nov 16, 2022 (17:30) Edit on Github Send Feedback
Search

4.2.x

Malwarelytics for Cordova