Android Anti-Malware Feature
Malwarelytics for Cordova supports both mainstream mobile platforms - Android and iOS. Android platform provides Anti-Malware feature which is not available for iOS.
Smart Protection
An app can integrate Malwarelytics for Android in various degrees of customization. On one extreme it can use its raw APIs - observers and method calls - and implement all the app behaviors. On the other extreme, it can integrate the SDK “hassle-free” and use the built-in Smart Protection.
Smart Protection is a set of automatic behaviors, that are enabled by default. They involve timed evaluations of the installed apps, suggestion updates, initial scans, and automatic evaluation of app changes.
There are two basic modes of operation:
-
Silent mode - Turned on by default. Does not show any UI. It simply keeps the data up-to-date with the remote console.
-
Non-silent mode - Involves automatic mitigations of detected threats.
Available automatic threat mitigations:
- Displaying app screen with a list of dangerous apps.
- Displaying notification about a dangerous app.
Configuring Smart Protection
Smart Protection can be configured in the initial cordova SDK initialization:
await window.plugins.malwarelytics.initialize({
// Configuration for the Android platform
androidConfig: {
antivirusConfig: { // Configuration of the antivirus component
enableSilentMode: false, // Silent mode enabled = no UI
onlineCheckIntervalHours: 48, // check for update every 48 hours
updateOnInitialize: true // the virus database will be updated on the startup
}
}
}
Triggering Smart Protection
Smart protection feature can be triggered manually by calling:
await window.plugins.malwarelytics.android.antivirus.triggerSmartProtection();
Smart protection feature can be triggered in an offline mode that skips the online update. This way only locally cached data are used. Offline smart protection can be triggered by calling:
await window.plugins.malwarelytics.android.antivirus.triggerSmartProtection(false);
Method triggerSmartProtection(Boolean) returns SmartProtectionResult containing information about performed actions:
- Whether any UI (app screen or notification) was displayed.
- Whether a successful online update was performed.
- Whether evaluation of apps on the device succeeded.
Manual Threat Fetching
List of threats can be fetched manually via:
// obtain list of threats
const list = await window.plugins.malwarelytics.android.antivirus.getThreatList();
// filter and print out apps that are higli dangerous or malware
list.items.filter(i => i.threatIndex == "MALWARE" || i.threatIndex == "HIGHLY_DANGEROUS").forEach( async apk => {
let apkInfo = await window.plugins.malwarelytics.android.antivirus.getApkInfo(apk.packageName);
console.log(apkInfo);
});
Threat mitigation UI of the smart protection can be customized
in the malwarelytics.xml.
Getting Info About Updates
There are two ways to obtain an info about data updates:
- Getting the last update info
- Using an update observer to be notified about performed updates
These update info data are useful primarily for troubleshooting.
Getting Last Update Info
Last update info can be obtained via:
const lastUpdateInfo = await window.plugins.malwarelytics.android.antivirus.getLastUpdateInfo()
The returned object contains info about successful and unsuccessful updates for each type of update (UpdateType.FULL and UpdateType.PARTIAL).
Using Update Observer
Update observer can be set via:
let updateObserver: MalwarelyticsAndroidUpdateObserver = {
onSuggestionUpdated(observedUpdateInfo: ObservedUpdateInfo) {
console.log("Update observer data: " + JSON.stringify(observedUpdateInfo));
}
}
window.plugins.malwarelytics.android.antivirus.setUpdateObserver(updateObserver);
The ObservedUpdateInfo contains information about the result, type of update, list of apps that were checked, list of apps that received update data, and failure reason.
When the updates are no longer desired, the observer can be cleared with:
window.plugins.malwarelytics.android.antivirus.clearUpdateObserver();