Mobile In-App Protection
Product Description
May 04, 2025
Product Overview
Mobile in-app protection by Wultra, also branded as Malwarelytics, is a sophisticated mobile security solution designed to provide robust protection against malware and fraud for mobile applications. It focuses on detecting potential security threats in real time, ensuring that mobile applications and user data are shielded from a wide array of digital attacks.
With advanced protection mechanisms like Runtime Application Self-Protection (RASP) and comprehensive malware protection, in-app protection serves industries where mobile app security is paramount, such as banking, fintech, and enterprise sectors.
Solution High-Level Architecture
Wultra’s in-app protection solution consists of backend components and SDKs that can be easily integrated into mobile applications. These components work together to provide a secure mobile environment. The SDK is capable of RASP protection in the device itself, and the backend components act as an evaluation engine for applications installed on the device. The backend component also stores events from the device. In-app protection offers out-of-the-box integration with the customer backend via Integration API to forward the events.
Components
The in-app protection architecture is built on a modular and flexible design, allowing for integration with diverse mobile applications. The solution consists of:
- Client SDKs for Android and iOS platforms, enabling real-time malware detection and threat mitigation within mobile applications. Wultra provides SDKs for native platforms, along with React Native and Cordova bridges.
- Backend Servers are where threat intelligence data is processed and analyzed.
- Management Console offers an intuitive dashboard for monitoring and managing security alerts, malware activity, and app health.
- Integration APIs that enable seamless communication between the in-app protection platform and the client’s mobile applications, backends, and external systems.
Solution Functionalities
In-app protection provides a variety of functionalities, including:
| Functionality | Description |
|---|---|
| Malware Detection | Identifies and reports malware in real time. |
| Threat Intelligence | Utilizes global threat intelligence feeds to enhance detection capabilities. |
| Security Alerts | Pushes notifications to administrators or security teams upon identifying threats or vulnerabilities. |
| Application Health Monitoring | Tracks and reports the health status of the protected applications. |
| Customizable Actions | This feature allows the configuration of actions when a threat is detected, such as logging out the user, blocking actions, or alerting administrators. |
Device Activation
In-app protection is activated by integrating the mobile application with the In-App Protection SDK, which can be configured for various protection scenarios. In-app protection can be used online or offline. The RASP functionalities do not depend on the online connection; the malware detection functions require online device registration.
The device activation process involves registering each device uniquely with in-app protection to ensure consistent tracking and monitoring. Once activated, the device establishes a secure communication channel with the in-app protection backend, allowing real-time threat updates and management actions.
Runtime Application Self-Protection (RASP)
RASP is one of the core features of in-app protection, providing self-protective capabilities that help the application detect and respond to potential threats in real time. The specific RASP capabilities depend on the mobile platform.
The RASP features on iOS:
| Feature | Description |
|---|---|
| Active Call Detection | Detects if the device is engaged in an active call, which may signal potential security risks. |
| App Presence Detection | Identifies the presence of specified high-risk or blacklisted apps on the device. |
| Debugger Detection | Monitors for debugging attempts that could expose app vulnerabilities. |
| HTTP Proxy Detection | Detects HTTP proxies to protect against man-in-the-middle attacks. |
| Jailbreak Detection | Recognizes if the device is jailbroken, which increases vulnerability to attacks. |
| Repackaging Detection | Detects if the app has been tampered with or repackaged maliciously. |
| Reverse Engineering Tools Detection | Identifies tools commonly used for reverse engineering apps, signaling potential tampering. |
| Screen Capture Detection | Monitors for attempts to capture the app screen, safeguarding sensitive information. |
| System Passcode Detection | This checks if the device has a passcode set as an additional layer of user security. |
| System Biometry Detection | This checks whether biometrics (e.g., Face ID, Touch ID) are enabled on the device for secure access. |
| User Screenshot Detection | This feature detects when the user takes a screenshot within the app, which may involve sensitive information. |
| VPN Detection | Identifies whether the device is using a VPN, which could indicate potential privacy or security risks. |
The RASP features on Android:
| Feature | Description |
|---|---|
| Activity Protection | Guards specific app activities against unauthorized access and overlays, protecting user data. |
| Blocking Screen Readers from Reading App Screens | Prevents screen readers from accessing sensitive information within the app. |
| Changing App Process Name | This alters the app’s process name to make it harder for malicious tools to detect. |
| Detection of ADB Status | Monitors Android Debug Bridge (ADB) status, which could expose the device to external commands. |
| Detection of Active Call | This identifies if the device is on an active call, which may indicate security concerns. |
| Detection of App Repackaging | Identifies if the app has been altered or repackaged, signaling potential tampering. |
| Detection of Application Presence | Detects the presence of specified apps on the device to monitor potential risks. |
| Detection of Attached Debuggers | Monitors for debuggers attached to the app, which could expose sensitive data. |
| Detection of Biometry Enrollment Status | Verifies if biometric authentication is enabled for secure access. |
| Detection of Developer Options Status | Checks if developer options are enabled, potentially signaling a security vulnerability. |
| Detection of Emulators | Detects if the app runs in an emulated environment to prevent security bypass. |
| Detection of HTTP Proxy | This detects whether the device uses an HTTP proxy, which can be a security risk. |
| Detection of Rooted Devices | Identifies if a device is rooted, which weakens its security. |
| Detection of Screen Sharing (Screen Mirroring) | Detects if the screen is being shared or mirrored to prevent unauthorized viewing. |
| Detection of Spoofed Location | Identifies if the device’s location has been spoofed, which can indicate fraud. |
| Detection of Usage of System Screen Lock | Verifies if the device has a screen lock enabled, adding a layer of user security. |
| Detection of VPN | Detects VPN usage, which could indicate potential privacy concerns or location masking. |
| Obtaining Play Protect Status | This checks the device’s Google Play Protect status to ensure additional malware defense. |
| Screenshot Blocking and Detection | Blocks or detects attempts to take screenshots, safeguarding sensitive content. |
| Tapjacking Protection | Prevents unauthorized overlays from intercepting user taps, protecting user actions. |
RASP ensures that applications can autonomously identify and mitigate risks before they become critical vulnerabilities.
Malware Protection
Malware protection is offered only on the Android Platform due to the nature and limitations of the iOS ecosystem.
The anti-malware features:
| Feature | Description |
|---|---|
| Installer Identification | Identifies the installer source of apps, providing insights into potentially untrustworthy sources. |
| Listening to App Changes | This function monitors device app changes, including new installations or removals, to detect potentially harmful applications. |
| Malware Threat Identification | This feature detects known and emerging malware threats on the device to protect user data and app integrity. |
| Malware Threat Mitigation | Offers mitigation options to restrict app functionality or alert users when malware is detected. |
| Smart Protection | Uses advanced heuristics and threat intelligence to provide proactive malware protection on the device. |
| Smart Protection UI Customization | This feature allows users to customize the user interface for Smart Protection alerts to align with app branding and improve user experience. |
Documentation
All components are documented on the Wultra Developer Portal.
The documentation contains:
- Configuration – configuration of the product setup.
- API Description – documentation of provided API. Including the data provided in the integration API and callbacks.
The documentation is versioned for each minor product release.
