RASP module
RASP (runtime application self-protection) features to protect the app against several attack vectors. The Malwarelytics for React Native provides MalwarelyticsRasp
class that implements all RASP-related functionality at one place. The object allows you to register your own listener that can listen to RASP events, or you can access the various information directly.
Listen to RASP events
To listen the RASP events you have to register the listener that implements MalwarelyticsRaspListener
interface. For example:
await Malwarelytics.sharedInstance.rasp.setRaspListener({
debuggerDetected: function (detected: boolean): void {
console.log(`Debugger is ${detected ? 'connected' : 'disconnected'}`);
},
repackagingDetected: function (info: RepackagingInfo): void {
console.log(`Repackage detected: ${JSON.stringify(info)}`);
},
systemIntegrityCompromised: function (info: SystemIntegrityInfo): void {
if (info.isJailbroken) {
console.log(`Device is jailbroken`);
} else if (info.isRooted) {
console.log(`Device is rooted`);
}
},
httpProxyDetected: function (info: HttpProxyInfo): void {
console.log(`HTTP proxy is ${info.isHttpProxyEnabled ? 'active' : 'inactive'}`);
},
screenSharingDetected: function (info: ScreenSharingInfo): void {
console.log(`Screen is ${info.isScreenShared ? '' : 'NOT '}shared or captured`);
},
emulatorDetected: function (info: EmulatorInfo): void {
// Reported only on Android
console.log(`App is running in emulator. Type is ${info.detectedEmulatorType}`);
},
tapjackingDetected: function (info: TapjackingInfo): void {
// Android specific
console.log(`Tapjacking detected: ${JSON.stringify(info)}`);
},
adbStatusDetected: function (adbStatus: boolean): void {
// Android specific
console.log(`ADB is ${adbStatus ? 'connected' : 'disconnected'}`);
},
activeCallDetected: function (info: ActiveCallInfo): void {
// Android specific
console.log(`Active call info: ${JSON.stringify(info)}`);
},
appPresenceChangeDetected: function (info: AppPresenceInfo): void {
// Android specific
console.log(`App presence info: ${JSON.stringify(info)}`);
},
vpnDetected: function (active: boolean): void {
console.log(`VPN is ${active ? 'active' : 'inactive'}`);
},
userScreenshotDetected: function (): void {
// Apple specific
console.log(`Screenshot detected`);
},
reverseEngineeringToolsDetected: function (): void {
// Apple specific
console.log(`Reverse Engineering tools detected`);
},
systemPasscodeConfigurationChanged: function (enabled: boolean): void {
// Apple specific
console.log(`System passcode is ${enabled ? 'set' : 'not set'}`);
},
systemBiometryConfigurationChanged: function (enabled: boolean): void {
// Apple specific
console.log(`Biometry is ${enabled ? 'enrolled' : 'not enrolled'}`);
},
isOnCallChanged: function (isOnCall: boolean): void {
// Apple specific
console.log(`Phone call is ${isOnCall ? 'active' : 'not active'}`);
}
});
To remove previously set listener, use the follwing code:
Malwarelytics.sharedInstance.removeRaspListener();
Get current RASP signals
The following code example shows how to get the current information about RASP threats:
const rasp = Malwarelytics.sharedInstance.rasp
// Common signals
const systemIntegrity = await rasp.getSystemIntegrityInfo();
console.log(`Is jailbroken = ${systemIntegrity.isJailbroken}`);
console.log(`Is rooted = ${systemIntegrity.isRooted}`);
if (systemIntegrity.isJailbroken || systemIntegrity.isRooted) {
console.log(`System integrity info = ${JSON.stringify(systemIntegrity)}`);
}
const isEmulator = await rasp.isRunningInEmulator()
console.log(`Running in emulator = ${isEmulator}`);
if (isEmulator) {
console.log(`Emulator type = ${(await rasp.getEmulatorInfo()).detectedEmulatorType}`);
}
console.log(`Is debugger conencted = ${await rasp.isDebuggerConnected()}`);
console.log(`Rpackaging info = ${await rasp.getRepackagingInfo()}`);
const httpProxy = await rasp.getHttpProxyInfo();
console.log(`Is HTTP proxy = ${httpProxy.isHttpProxyEnabled}`);
if (httpProxy.isHttpProxyEnabled) {
console.log(`HTTP proxy info = ${JSON.stringify(httpProxy)}`);
}
const screenSharing = await rasp.getScreenSharingInfo();
console.log(`Is Screen shared or captured = ${screenSharing.isScreenShared}`);
if (screenSharing.isScreenShared) {
console.log(`Screen sharing info: ${JSON.stringify(screenSharing)}`);
}
console.log(`Is VPN active = ${await rasp.isVpnActive()}`);
console.log(`Phone call = ${await rasp.isOnCall()}`);
// Apple specific
if (Platform.OS == 'ios') {
console.log(`Reverse engineering tools present = ${await rasp.isReverseEngineeringToolsPresent()}`);
console.log(`System passcode is set = ${await rasp.isSystemPasscodeEnabled()}`);
console.log(`Biometry is enrolled = ${await rasp.isSystemBiometryEnabled()}`);
}
// Android specific
if (Platform.OS == 'android') {
console.log(`Tapjacking info = ${JSON.stringify(await rasp.getTapjackingInfo())}`);
console.log(`ADB is ${(await rasp.getAdbStatus()) ? 'connected' : 'not connected'}`);
console.log(`Screen lock is enabled = ${await rasp.isScreenLockEnabled()}`);
console.log(`Play protect enabled = ${await rasp.isPlayProtectEnabled()}`);
console.log(`Not allowed screen reader is enabled = ${await rasp.isNotAllowedScreenReaderEnabled()}`);
console.log(`Bad Tapjacking capable app is present = ${await rasp.isBadTapjackingCapableAppPresent()}`);
console.log(`Developer options enabled = ${await rasp.isDeveloperOptionsEnabled()}`);
console.log(`Active call info = ${JSON.stringify(await rasp.getActiveCallInfo())}`);
console.log(`App presence info = ${JSON.stringify(await rasp.getAppPresenceInfo())}`);
}
Activity protection on Android
By default, Malwarelytics for React-Native, when initialized on Android, automatically protects the current application’s activity and any subsequent activities against various threats, including tapjacking. However, if your application created any Activity
objects before initializing the Malwarelytics module, you will need to register them manually for protection. For example:
import com.wultra.android.malwarelytics.reactnative.MalwarelyticsNativeHelper;
public class AnotherActivity extends ReactActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
MalwarelyticsNativeHelper.getInstance().registerActivityForProtection(this);
}
}
You can read more about activity protection in Android Native Library’s documentation.