Select release
Introduction

Home

Installation

Configuration

Usage

Advanced Topics

RASP Module

Antivirus Module

Client Identification Change

Repackaging Detection

Configuration of the Antivirus UI

Demo Application

Android Native Library

Apple Native Library

RASP module

View product v1.0.2

RASP (runtime application self-protection) features to protect the app against several attack vectors. The Malwarelytics for React Native provides MalwarelyticsRasp class that implements all RASP-related functionality at one place. The object allows you to register your own listener that can listen to RASP events, or you can access the various information directly.

Listen to RASP events

To listen the RASP events you have to register the listener that implements MalwarelyticsRaspListener interface. For example:

await Malwarelytics.sharedInstance.rasp.setRaspListener({
    debuggerDetected: function (detected: boolean): void {
        console.log(`Debugger is ${detected ? 'connected' : 'disconnected'}`);
    },
    repackagingDetected: function (info: RepackagingInfo): void {
        console.log(`Repackage detected: ${JSON.stringify(info)}`);
    },
    systemIntegrityCompromised: function (info: SystemIntegrityInfo): void {
        if (info.isJailbroken) {
        console.log(`Device is jailbroken`);
        } else if (info.isRooted) {
        console.log(`Device is rooted`);
        }
    },
    httpProxyDetected: function (info: HttpProxyInfo): void {
        console.log(`HTTP proxy is ${info.isHttpProxyEnabled ? 'active' : 'inactive'}`);
    },
    screenSharingDetected: function (info: ScreenSharingInfo): void {
        console.log(`Screen is ${info.isScreenShared ? '' : 'NOT '}shared or captured`);
    },
    emulatorDetected: function (info: EmulatorInfo): void {
        // Reported only on Android
        console.log(`App is running in emulator. Type is ${info.detectedEmulatorType}`);
    },
    tapjackingDetected: function (info: TapjackingInfo): void {
        // Android specific
        console.log(`Tapjacking detected: ${JSON.stringify(info)}`);
    },
    adbStatusDetected: function (adbStatus: boolean): void {
        // Android specific
        console.log(`ADB is ${adbStatus ? 'connected' : 'disconnected'}`);
    },
    vpnDetected: function (active: boolean): void {
        console.log(`VPN is ${active ? 'active' : 'inactive'}`);
    },
    userScreenshotDetected: function (): void {
        // Apple specific
        console.log(`Screenshot detected`);
    },
    reverseEngineeringToolsDetected: function (): void {
        // Apple specific
        console.log(`Reverse Engineering tools detected`);
    },
    systemPasscodeConfigurationChanged: function (enabled: boolean): void {
        // Apple specific
        console.log(`System passcode is ${enabled ? 'set' : 'not set'}`);
    },
    systemBiometryConfigurationChanged: function (enabled: boolean): void {
        // Apple specific
        console.log(`Biometry is ${enabled ? 'enrolled' : 'not enrolled'}`);
    },
    isOnCallChanged: function (isOnCall: boolean): void {
        // Apple specific
        console.log(`Phone call is ${isOnCall ? 'active' : 'not active'}`);
    }
});

To remove previously set listener, use the follwing code:

Malwarelytics.sharedInstance.removeRaspListener();

Get current RASP signals

The following code example shows how to get the current information about RASP threats:

const rasp = Malwarelytics.sharedInstance.rasp

// Common signals
const systemIntegrity = await rasp.getSystemIntegrityInfo();
console.log(`Is jailbroken = ${systemIntegrity.isJailbroken}`);
console.log(`Is rooted = ${systemIntegrity.isRooted}`);
if (systemIntegrity.isJailbroken || systemIntegrity.isRooted) {
    console.log(`System integrity info = ${JSON.stringify(systemIntegrity)}`);
}

const isEmulator = await rasp.isRunningInEmulator()
console.log(`Running in emulator = ${isEmulator}`);
if (isEmulator) {
    console.log(`Emulator type = ${(await rasp.getEmulatorInfo()).detectedEmulatorType}`);
}

console.log(`Is debugger conencted = ${await rasp.isDebuggerConnected()}`);
console.log(`Rpackaging info = ${await rasp.getRepackagingInfo()}`);

const httpProxy = await rasp.getHttpProxyInfo();
console.log(`Is HTTP proxy = ${httpProxy.isHttpProxyEnabled}`);
if (httpProxy.isHttpProxyEnabled) {
    console.log(`HTTP proxy info = ${JSON.stringify(httpProxy)}`);
}

const screenSharing = await rasp.getScreenSharingInfo();
console.log(`Is Screen shared or captured = ${screenSharing.isScreenShared}`);
if (screenSharing.isScreenShared) {
console.log(`Screen sharing info: ${JSON.stringify(screenSharing)}`);
}

console.log(`Is VPN active = ${await rasp.isVpnActive()}`);

// Apple specific

if (Platform.OS == 'ios') {
    console.log(`Reverse engineering tools present = ${await rasp.isReverseEngineeringToolsPresent()}`);
    console.log(`System passcode is set = ${await rasp.isSystemPasscodeEnabled()}`);
    console.log(`Biometry is enrolled = ${await rasp.isSystemBiometryEnabled()}`);
    console.log(`Phone call = ${await rasp.isOnCall()}`);
}

// Android specific

if (Platform.OS == 'android') {
    console.log(`Tapjacking info = ${JSON.stringify(await rasp.getTapjackingInfo())}`);
    console.log(`ADB is ${(await rasp.getAdbStatus()) ? 'connected' : 'not connected'}`);
    console.log(`Screen lock is enabled = ${await rasp.isScreenLockEnabled()}`);
    console.log(`Play protect enabled = ${await rasp.isPlayProtectEnabled()}`);
    console.log(`Not allowed screen reader is enabled = ${await rasp.isNotAllowedScreenReaderEnabled()}`);
    console.log(`Bad Tapjacking capable app is present = ${await rasp.isBadTapjackingCapableAppPresent()}`);
    console.log(`Developer options enabled = ${await rasp.isDeveloperOptionsEnabled()}`);
}
Last updated on May 10, 2023 (09:33) View product
On this page:
Search

1.0.x

Malwarelytics for React Native