Anti-Malware Feature Overview
Anti-Malware feature of Malwarelytics for Android provides a malware detection engine that evaluates other apps that are installed on the mobile device.
- Malware Threat Identification
- Malware Threat Mitigation
- Listening to App Changes
- Smart Protection
- Smart Protection UI Customization
Configuring Anti-Malware Component
In order to use the Anti-Malware component, it has to be configured first.
It is configured via
AntivirusConfig that is a part of
var config = AppProtectionConfig.Builder(appContext) .antivirusConfig( AntivirusConfig.Builder() // … .build() ) // … .build()
The configuration offers several items:
val antivirusConfig = AntivirusConfig.Builder() .useDefaultSuggestions(Boolean) .smartProtectionConfig(smartProtectionConfig) .setThreatMitigationUIConfig(threatMitigationUIConfig) .setForegroundServiceNotificationFactory(notificationFactory) .build()
Suggestions are backend-provided evaluations. They greatly improve limited local evaluation and help to avoid false-positives and false-negatives.
useDefaultSuggestions(Boolean) tells the engine to apply list of built-in local
suggestions right after the initialization. This is a very short list of suggestions
that mitigate some the high profile false-positives.
Smart protection is a set of automatic detection behaviours. Their configuration is
smartProtectionConfig(SmartProtectionConfig) config item.
They are described in more detail in section Smart Protection.
Smart Protection UI Customization
Malwarelytics for Android offers config items to change the look of its smart protection components.
The UI customization of smart protection elements is done through
setThreatMitigationUIConfig(ThreatMitigationUiConfig) and it’s described in section
Smart Protection UI Customization.
Foreground Service Notifications
Android OS requires apps to be visible to users. In case of a background processing that means an app has to create a notification. Evaluation of other apps takes a non-zero amount of time and in some cases, it’s necessary to create such notification.
NotificationFactory is an interface for creating notifications. It’s recommended to
create an implementation and provide it through
Then when a notification is necessary the SDK invokes
createNotification(Context) method of the
provided notification factory. That way the looks of the notification is in the hands of the app
After initialization the main access point for all anti-malware features is instance of
Antivirus class. One can obtain it by calling:
val antivirus = appProtection.getAntivirus()
Antivirus provides methods for threat identification and getters for obtaining
managers handling various sub-topics of anti-malware such as smart protection,
suggestions and mitigations.
In order to allow extra calls to smart protection there’s
SmartProtectionManager that can
be obtained from
val smartProtectionManager = antivirus.getSmartProtectionManager()
The manager allows the app to perform extra smart protection update. The update will be performed according to the configuration used in the SDK initialization.
val performOnlineUpdate = true smartProtectionManager.performSingleSmartProtectionUpdate(performOnlineUpdate)
The optional argument indicates that we wish (or not) to update suggestions from the backend server to get the latest and the most precise data.
The manager also offers to change the default localization of UI components through method
More on the topic in section Smart Protection UI Customization.
In certain cases it’s handy to be able to adjust suggestions locally.
You can do this through
SuggestionManager which can be obtained from
val suggestionManager = antivirus.getSuggestionManager()
Then you can set suggestion for a certain app identified by its package name (application ID) and signature hash:
suggestionManager.setAppSuggestedThreatIndex(packageName, certSha1Hash, suggestedThreatIndex)
or you can set suggestion for a group off apps with the same signature hash:
Threat mitigations are accessible via
MitigationManager that can be obtained from
val mitigationManager = antivirus.getMitigationManager()
Mitigations are described in more detail in section Malware Threat Mitigation.