RASP module

RASP (runtime application self-protection) features to protect the app against several attack vectors. The Malwarelytics for React Native provides the MalwarelyticsRasp class that implements all RASP-related functionality in one place. The object allows you to register your listener to listen to RASP events, or you can access the various information directly.

Listen to RASP events

To listen to the RASP events, it’s necessary to register a listener that implements the MalwarelyticsRaspListener interface. For example:

await Malwarelytics.sharedInstance.rasp.setRaspListener({
    debuggerDetected: function (detected: boolean): void {
        console.log(`Debugger is ${detected ? 'connected' : 'disconnected'}`);
    },
    repackagingDetected: function (info: RepackagingInfo): void {
        console.log(`Repackage detected: ${JSON.stringify(info)}`);
    },
    systemIntegrityCompromised: function (info: SystemIntegrityInfo): void {
        if (info.isJailbroken) {
        console.log(`Device is jailbroken`);
        } else if (info.isRooted) {
        console.log(`Device is rooted`);
        }
    },
    httpProxyDetected: function (info: HttpProxyInfo): void {
        console.log(`HTTP proxy is ${info.isHttpProxyEnabled ? 'active' : 'inactive'}`);
    },
    screenSharingDetected: function (info: ScreenSharingInfo): void {
        console.log(`Screen sharing detected: ${JSON.stringify(info)}`);
    },
    emulatorDetected: function (info: EmulatorInfo): void {
        // Android specific
        console.log(`App is running in emulator. Type is ${info.detectedEmulatorType}`);
    },
    screenReaderDetected(info: ScreenReaderInfo): void {
        // Android specific
        console.log(`Screen reader detected: ${JSON.stringify(info)}`)
    },
    screenshotDetected(info: ScreenshotInfo): void {
        // Android specific, Android 14+ only
        console.log(`Screenshot detected: ${JSON.stringify(info)}`)
    },
    tapjackingDetected: function (info: TapjackingInfo): void {
        // Android specific
        console.log(`Tapjacking detected: ${JSON.stringify(info)}`);
    },
    adbStatusDetected: function (adbStatus: boolean): void {
        // Android specific
        console.log(`ADB is ${adbStatus ? 'connected' : 'disconnected'}`);
    },
    activeCallDetected: function (info: ActiveCallInfo): void {
        // Android specific
        console.log(`Active call info: ${JSON.stringify(info)}`);
    },
    appPresenceChangeDetected: function (info: AppPresenceInfo): void {
        console.log(`App presence info: ${JSON.stringify(info)}`);
    },
    vpnDetected: function (active: boolean): void {
        console.log(`VPN is ${active ? 'active' : 'inactive'}`);
    },
    userScreenshotDetected: function (): void {
        // Apple specific
        console.log(`Screenshot detected`);
    },
    reverseEngineeringToolsDetected: function (): void {
        // Apple specific
        console.log(`Reverse Engineering tools detected`);
    },
    systemPasscodeConfigurationChanged: function (enabled: boolean): void {
        // Apple specific
        console.log(`System passcode is ${enabled ? 'set' : 'not set'}`);
    },
    systemBiometryConfigurationChanged: function (enabled: boolean): void {
        // Apple specific
        console.log(`Biometry is ${enabled ? 'enrolled' : 'not enrolled'}`);
    },
    isOnCallChanged: function (isOnCall: boolean): void {
        // Apple specific
        console.log(`Phone call is ${isOnCall ? 'active' : 'not active'}`);
    }
});

To remove the previously set listener, use the following code:

Malwarelytics.sharedInstance.rasp.removeRaspListener();

Get current RASP signals

The following code example shows how to get the current information about RASP threats:

const rasp = Malwarelytics.sharedInstance.rasp

// Common signals
const systemIntegrity = await rasp.getSystemIntegrityInfo();
console.log(`Is jailbroken = ${systemIntegrity.isJailbroken}`);
console.log(`Is rooted = ${systemIntegrity.isRooted}`);
if (systemIntegrity.isJailbroken || systemIntegrity.isRooted) {
    console.log(`System integrity info = ${JSON.stringify(systemIntegrity)}`);
}

const isEmulator = await rasp.isRunningInEmulator()
console.log(`Running in emulator = ${isEmulator}`);
if (isEmulator) {
    console.log(`Emulator type = ${(await rasp.getEmulatorInfo()).detectedEmulatorType}`);
}

console.log(`Is debugger conencted = ${await rasp.isDebuggerConnected()}`);
console.log(`Rpackaging info = ${await rasp.getRepackagingInfo()}`);

const httpProxy = await rasp.getHttpProxyInfo();
console.log(`Is HTTP proxy = ${httpProxy.isHttpProxyEnabled}`);
if (httpProxy.isHttpProxyEnabled) {
    console.log(`HTTP proxy info = ${JSON.stringify(httpProxy)}`);
}

const screenSharing = await rasp.getScreenSharingInfo();
console.log(`Is Screen shared or captured = ${screenSharing.isScreenShared}`);
if (screenSharing.isScreenShared) {
console.log(`Screen sharing info: ${JSON.stringify(screenSharing)}`);
}

console.log(`Is VPN active = ${await rasp.isVpnActive()}`);
console.log(`Phone call = ${await rasp.isOnCall()}`);
console.log(`App presence info = ${JSON.stringify(await rasp.getAppPresenceInfo())}`);

// Apple specific

if (Platform.OS == 'ios') {
    console.log(`Reverse engineering tools present = ${await rasp.isReverseEngineeringToolsPresent()}`);
    console.log(`System passcode is set = ${await rasp.isSystemPasscodeEnabled()}`);
    console.log(`Biometry is enrolled = ${await rasp.isSystemBiometryEnabled()}`);
}

// Android specific

if (Platform.OS == 'android') {
    console.log(`Tapjacking info = ${JSON.stringify(await rasp.getTapjackingInfo())}`);
    console.log(`ADB is ${(await rasp.getAdbStatus()) ? 'connected' : 'not connected'}`);
    console.log(`Screen lock is enabled = ${await rasp.isScreenLockEnabled()}`);
    console.log(`Play protect enabled = ${await rasp.isPlayProtectEnabled()}`);
    console.log(`Not allowed screen reader is enabled = ${await rasp.isNotAllowedScreenReaderEnabled()}`);
    console.log(`Bad Tapjacking capable app is present = ${await rasp.isBadTapjackingCapableAppPresent()}`);
    console.log(`Developer options enabled = ${await rasp.isDeveloperOptionsEnabled()}`);
    console.log(`Active call info = ${JSON.stringify(await rasp.getActiveCallInfo())}`);
    console.log(`Spoofed location info = ${JSON.stringify(await rasp.getSpoofedLocationInfo())}`);
}

Activity protection on Android

By default, Malwarelytics for React-Native, when initialized on Android, automatically protects the current application’s activity and any subsequent activities against various threats, including tapjacking. However, if your application created any Activity objects before initializing the Malwarelytics module, you will need to register them manually for protection. For example:

import com.wultra.android.malwarelytics.reactnative.MalwarelyticsNativeHelper;

public class AnotherActivity extends ReactActivity {
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        MalwarelyticsNativeHelper.getInstance().registerActivityForProtection(this);
    }
}

You can read more about activity protection in Android Native Library’s documentation.

Last updated on Oct 25, 2024 (14:24) View product
Search

develop

Malwarelytics for React Native