RASP module
RASP (runtime application self-protection) features to protect the app against several attack vectors. The Malwarelytics for React Native provides the MalwarelyticsRasp
class that implements all RASP-related functionality in one place. The object allows you to register your listener to listen to RASP events, or you can access the various information directly.
Listen to RASP events
To listen to the RASP events, it’s necessary to register a listener that implements the MalwarelyticsRaspListener
interface. For example:
await Malwarelytics.sharedInstance.rasp.setRaspListener({
debuggerDetected: function (detected: boolean): void {
console.log(`Debugger is ${detected ? 'connected' : 'disconnected'}`);
},
repackagingDetected: function (info: RepackagingInfo): void {
console.log(`Repackage detected: ${JSON.stringify(info)}`);
},
systemIntegrityCompromised: function (info: SystemIntegrityInfo): void {
if (info.isJailbroken) {
console.log(`Device is jailbroken`);
} else if (info.isRooted) {
console.log(`Device is rooted`);
}
},
httpProxyDetected: function (info: HttpProxyInfo): void {
console.log(`HTTP proxy is ${info.isHttpProxyEnabled ? 'active' : 'inactive'}`);
},
screenSharingDetected: function (info: ScreenSharingInfo): void {
console.log(`Screen sharing detected: ${JSON.stringify(info)}`);
},
emulatorDetected: function (info: EmulatorInfo): void {
// Android specific
console.log(`App is running in emulator. Type is ${info.detectedEmulatorType}`);
},
screenReaderDetected(info: ScreenReaderInfo): void {
// Android specific
console.log(`Screen reader detected: ${JSON.stringify(info)}`)
},
screenshotDetected(info: ScreenshotInfo): void {
// Android specific, Android 14+ only
console.log(`Screenshot detected: ${JSON.stringify(info)}`)
},
tapjackingDetected: function (info: TapjackingInfo): void {
// Android specific
console.log(`Tapjacking detected: ${JSON.stringify(info)}`);
},
adbStatusDetected: function (adbStatus: boolean): void {
// Android specific
console.log(`ADB is ${adbStatus ? 'connected' : 'disconnected'}`);
},
activeCallDetected: function (info: ActiveCallInfo): void {
// Android specific
console.log(`Active call info: ${JSON.stringify(info)}`);
},
appPresenceChangeDetected: function (info: AppPresenceInfo): void {
console.log(`App presence info: ${JSON.stringify(info)}`);
},
vpnDetected: function (active: boolean): void {
console.log(`VPN is ${active ? 'active' : 'inactive'}`);
},
userScreenshotDetected: function (): void {
// Apple specific
console.log(`Screenshot detected`);
},
reverseEngineeringToolsDetected: function (): void {
// Apple specific
console.log(`Reverse Engineering tools detected`);
},
systemPasscodeConfigurationChanged: function (enabled: boolean): void {
// Apple specific
console.log(`System passcode is ${enabled ? 'set' : 'not set'}`);
},
systemBiometryConfigurationChanged: function (enabled: boolean): void {
// Apple specific
console.log(`Biometry is ${enabled ? 'enrolled' : 'not enrolled'}`);
},
isOnCallChanged: function (isOnCall: boolean): void {
// Apple specific
console.log(`Phone call is ${isOnCall ? 'active' : 'not active'}`);
}
});
To remove the previously set listener, use the following code:
Malwarelytics.sharedInstance.rasp.removeRaspListener();
Get current RASP signals
The following code example shows how to get the current information about RASP threats:
const rasp = Malwarelytics.sharedInstance.rasp
// Common signals
const systemIntegrity = await rasp.getSystemIntegrityInfo();
console.log(`Is jailbroken = ${systemIntegrity.isJailbroken}`);
console.log(`Is rooted = ${systemIntegrity.isRooted}`);
if (systemIntegrity.isJailbroken || systemIntegrity.isRooted) {
console.log(`System integrity info = ${JSON.stringify(systemIntegrity)}`);
}
const isEmulator = await rasp.isRunningInEmulator()
console.log(`Running in emulator = ${isEmulator}`);
if (isEmulator) {
console.log(`Emulator type = ${(await rasp.getEmulatorInfo()).detectedEmulatorType}`);
}
console.log(`Is debugger conencted = ${await rasp.isDebuggerConnected()}`);
console.log(`Rpackaging info = ${await rasp.getRepackagingInfo()}`);
const httpProxy = await rasp.getHttpProxyInfo();
console.log(`Is HTTP proxy = ${httpProxy.isHttpProxyEnabled}`);
if (httpProxy.isHttpProxyEnabled) {
console.log(`HTTP proxy info = ${JSON.stringify(httpProxy)}`);
}
const screenSharing = await rasp.getScreenSharingInfo();
console.log(`Is Screen shared or captured = ${screenSharing.isScreenShared}`);
if (screenSharing.isScreenShared) {
console.log(`Screen sharing info: ${JSON.stringify(screenSharing)}`);
}
console.log(`Is VPN active = ${await rasp.isVpnActive()}`);
console.log(`Phone call = ${await rasp.isOnCall()}`);
console.log(`App presence info = ${JSON.stringify(await rasp.getAppPresenceInfo())}`);
// Apple specific
if (Platform.OS == 'ios') {
console.log(`Reverse engineering tools present = ${await rasp.isReverseEngineeringToolsPresent()}`);
console.log(`System passcode is set = ${await rasp.isSystemPasscodeEnabled()}`);
console.log(`Biometry is enrolled = ${await rasp.isSystemBiometryEnabled()}`);
}
// Android specific
if (Platform.OS == 'android') {
console.log(`Tapjacking info = ${JSON.stringify(await rasp.getTapjackingInfo())}`);
console.log(`ADB is ${(await rasp.getAdbStatus()) ? 'connected' : 'not connected'}`);
console.log(`Screen lock is enabled = ${await rasp.isScreenLockEnabled()}`);
console.log(`Play protect enabled = ${await rasp.isPlayProtectEnabled()}`);
console.log(`Not allowed screen reader is enabled = ${await rasp.isNotAllowedScreenReaderEnabled()}`);
console.log(`Bad Tapjacking capable app is present = ${await rasp.isBadTapjackingCapableAppPresent()}`);
console.log(`Developer options enabled = ${await rasp.isDeveloperOptionsEnabled()}`);
console.log(`Active call info = ${JSON.stringify(await rasp.getActiveCallInfo())}`);
console.log(`Spoofed location info = ${JSON.stringify(await rasp.getSpoofedLocationInfo())}`);
}
Activity protection on Android
By default, Malwarelytics for React-Native, when initialized on Android, automatically protects the current application’s activity and any subsequent activities against various threats, including tapjacking. However, if your application created any Activity
objects before initializing the Malwarelytics module, you will need to register them manually for protection. For example:
import com.wultra.android.malwarelytics.reactnative.MalwarelyticsNativeHelper;
public class AnotherActivity extends ReactActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
MalwarelyticsNativeHelper.getInstance().registerActivityForProtection(this);
}
}
You can read more about activity protection in Android Native Library’s documentation.