Select release
Introduction

Home

Installation

Configuration

Google Play Prominent Disclosure

Release Notes

Advanced Topics

RASP Feature Overview

Client Identification Change

Repackaging Detection

Android Anti-Malware Feature

Configuration of the Anti-Malware UI

Native Libraries

Malwarelytics for Android

Malwarelytics for Apple

Android Anti-Malware Feature

Edit on Github Send Feedback v5.2.1

Malwarelytics for Cordova supports both mainstream mobile platforms - Android and iOS. The solution for the Android platform offers an Anti-Malware feature which is not available for iOS.

Smart Protection

An app can integrate Malwarelytics for Android in various degrees of customization. As one extreme, it can use its raw APIs - observers and method calls - and implement all the app behaviors. As the other extreme, it can integrate the SDK “hassle-free” and use the built-in Smart Protection.

Smart Protection is a set of automatic behaviors, that are enabled by default. They involve timed evaluations of the installed apps, suggestion updates, initial scans, and automatic evaluation of app changes.

There are two basic modes of operation:

  1. Silent mode - Turned on by default. Does not show any UI. It simply keeps the data up-to-date with the remote console.

  2. Non-silent mode - Involves automatic mitigations of detected threats.

Available automatic threat mitigations:

  • Displaying the app screen with a list of dangerous apps.
  • Displaying notifications about a dangerous app.

Configuring Smart Protection

Smart Protection can be configured in the initial Cordova SDK initialization:

await window.plugins.malwarelytics.initialize({
    // Configuration for the Android platform
    androidConfig: {
        antivirusConfig: { // Configuration of the antivirus component
            enableAntivirus: true, // Whether to disable AV feature
            enableSilentMode: false, // Silent mode enabled = no UI
            onlineCheckIntervalHours: 48, // Check for updates every 48 hours
            updateOnInitialize: true // The virus database will be updated on the startup
        }
    }
}

Triggering Smart Protection

Smart protection feature can be triggered manually by calling:

await window.plugins.malwarelytics.android.antivirus.triggerSmartProtection();

Smart protection feature can be triggered in an offline mode that skips the online update. This way only locally cached data are used. Offline smart protection can be triggered by calling:

await window.plugins.malwarelytics.android.antivirus.triggerSmartProtection(false);

Method triggerSmartProtection(Boolean) returns SmartProtectionResult containing information about performed actions:

  • Whether any UI (app screen or notification) was displayed.
  • Whether a successful online update was performed.
  • Whether the evaluation of apps on the device succeeded.

Manual Threat Fetching

A list of threats can be fetched manually via:

// obtain list of threats
const list = await window.plugins.malwarelytics.android.antivirus.getThreatList();
// filter and print out apps that are highly dangerous or malware
list.items.filter(i => i.threatIndex == "MALWARE" || i.threatIndex == "HIGHLY_DANGEROUS").forEach( async apk => {
    let apkInfo = await window.plugins.malwarelytics.android.antivirus.getApkInfo(apk.packageName);
    console.log(apkInfo);
});

Threat mitigation UI of the smart protection can be customized in the malwarelytics.xml.

Getting Info About Updates

There are two ways to obtain an info about data updates:

  • Getting the last update info
  • Using an update observer to be notified about performed updates

These update info data are useful primarily for troubleshooting.

Getting Last Update Info

Last update info can be obtained via:

const lastUpdateInfo = await window.plugins.malwarelytics.android.antivirus.getLastUpdateInfo()

The returned object contains info about successful and unsuccessful updates for each type of update (UpdateType.FULL and UpdateType.PARTIAL).

Using Update Observer

Update observer can be set via:

let updateObserver: MalwarelyticsAndroidUpdateObserver = {
    onSuggestionUpdated(observedUpdateInfo: ObservedUpdateInfo) {
        console.log("Update observer data: " + JSON.stringify(observedUpdateInfo));
    }
}       
window.plugins.malwarelytics.android.antivirus.setUpdateObserver(updateObserver);

The ObservedUpdateInfo contains information about the result, type of update, list of apps that were checked, list of apps that received update data, and failure reason.

When the updates are no longer desired, the observer can be cleared with:

window.plugins.malwarelytics.android.antivirus.clearUpdateObserver();

Checking AV Feature Status

After configuration, it’s possible to check the status (whether it’s enabled or disabled) of the AV feature by using the isAvEnabled() method on the MalwarelyticsAndroidAntivirus:

window.plugins.malwarelytics.android.antivirus.isAvEnabled();
Last updated on Jun 21, 2024 (17:53) Edit on Github Send Feedback
On this page:
Search

5.2.x

Malwarelytics for Cordova