Threat-Events™, In-App Threat Intelligence in MAUI Apps
This knowledge base article shows you how easy it is to use Appdome Threat-EventsTM to get in-app threat intelligence in MAUI Apps and control the user experience in your MAUI Apps when mobile attacks occur.
What are Threat-Events?
Appdome Threat-Events is a powerful threat-intelligence framework for Android & iOS apps, which is comprised of three elements: (1) a Threat-Event, (2) the data from each Threat-Event, and (3) the Threat-ScoreTM.
With Threat-Events, mobile developers can register, listen to, and consume real-time attack and threat data from Appdome’s mobile app security, anti-fraud, mobile anti-bot, and other protections within their mobile applications. This allows them to (1) ensure that mobile application workflows are aware of attacks and threats, (2) customize business logic and user experience based on the user’s risk profile and/or each attack or threat presented, and (3) pass the threat data to other systems of record such as app servers, mobile fraud analysis systems, SIEMs, and other data collection points.
The purpose of Threat-Events is to enable Android and iOS applications to adapt and respond to mobile app attacks and threats in real time. Using Threat-Events will ensure you keep users, data, and transactions safe.
Mobile Application Threat-Events vs. Threat-Scores
Appdome Threat-Events can be used as a stand-alone implementation in MAUI Apps, or in combination with Threat-Scores. Threat-Events provide the mobile developer with the in-app notification of each attack or threat, as well as the metadata associated with the attack. Threat-Scores provide the mobile developer with the Threat-Event event score and the combined (aggregated) mobile end-user risk at the time of the notification.
The figure below shows where you can find Threat-Events and Threat-Scores for each of the runtime mobile app security, anti-fraud, anti-malware, mobile antibot, and other protections available on Appdome:
To enable Threat-Events with any runtime protection, select the check box next to Threat-Events for that feature. Doing so will enable (turn ON) Threat-Events for that feature. To enable Threat-Scores for any runtime protection, click the up/down arrow associated with Threat-Scores to assign a specific score to each protection.
Threat-Scores must have a value greater than zero (0) and less than ten thousand (10,000).
Threat-Events and Threat-Scores can be used with or in place of server-based mobile anti-fraud solutions.
Prerequisites for Using Threat-Events with MAUI Apps
Here’s what you need to use Threat-Events with MAUI Apps.
- Appdome account (If you do not yet have an account, create a free Appdome account).
- Appdome account class – Appdome DEV or higher.
- Mobile Application Source Code.
- Signing Credentials (e.g., signing certificates and provisioning profile) – see Signing Secure Android apps and Signing Secure iOS apps.
Code Snippet Required for Using Threat-Events with MAUI Apps
Before consuming Threat-Events or Threat-Scores in your MAUI Apps, confirm that the following conditions are met:
- Threat-Events and/or Threat-Scores have been enabled (turned ON) for the specific protection
- You are using the correct identifiers for the Threat-Events for each protection.
You can find the specific identifiers for each Threat-Event and Threat-Score in the knowledge base article associated with each protection.
Below we provide concise steps and code snippets to help you integrate Threat-Events into your mobile application on both iOS and Android platforms Please follow the platform-specific instructions that best suit your needs, whether it’s iOS or Android.
Below is the code snippet required for using Threat-Events™ and Threat-Scores™ in Android MAUI Apps:
1. Create a new file by the name MainApplication.cs if don’t have an application class in your project already.
-
- Add to this file a class that extends Application and implement public MainApplication ():
[Application]
public class MainApplication : MauiApplication
{
public MainApplication(IntPtr javaReference, JniHandleOwnership transfer)
: base(javaReference, transfer)
{
...
}
public override void OnCreate()
{
base.OnCreate();
}
protected override MauiApp CreateMauiApp() => MauiProgram.CreateMauiApp();
}
2. Create a new file by the name ThreatEventReceiver.cs.
-
- Add the following lines to implement the Appdome Android Threat-Events listener:
public class ThreatEventReceiver : BroadcastReceiver
{
public override void OnReceive(Context context, Intent intent)
{
String message = intent.getStringExtra("message"); // Message shown to the user
String reasonData = intent.getStringExtra("reasonData"); // Threat detection cause
String reasonCode = intent.getStringExtra("reasonCode"); // Event reason code
String currentThreatEventScore = intent.getStringExtra("currentThreatEventScore"); // Current threat event score
String threatEventsScore = intent.getStringExtra("threatEventsScore"); // Total threat events score
String variable = intent.getStringExtra("<Context Key>"); // Any other event specific context key
// Your logic goes here (Send data to Splunk/Dynatrace/Show Popup...)
}
}
3. Inside your cs file, locate the OnCreate method that we mentioned in the previous steps.
-
- Within this method, add the following lines to initialize the Threat-Events receiver:
public override void OnCreate()
{
base.OnCreate();
RegisterReceiver(new ThreatEventReceiver(), new IntentFilter("EmulatorFound")); // Threat-Event Identifier
}
Below is the code snippet required for using Threat-Events™ and Threat-Scores™ in IOS Apps:
In the file AppDelegate.cs, add the following lines in the overridden FinishedLaunching method :
public override bool FinishedLaunching(UIApplication app, NSDictionary options)
{
NSNotificationCenter.DefaultCenter.AddObserver(
(NSString)"JailbrokenDevice", // Threat-Event Identifier
delegate (NSNotification notification)
{
var message = notification.UserInfo.ObjectForKey("message"); // Message shown to the user
var reasonData = notification.UserInfo.ObjectForKey("reasonData"); // Threat detection cause
var reasonCode = notification.UserInfo.ObjectForKey("reasonCode"); // Event reason code
var currentThreatEventScore = notification.UserInfo.ObjectForKey("currentThreatEventScore"); // Current threat event score
var threatEventsScore = notification.UserInfo.ObjectForKey("threatEventsScore"); // Total threat events score
var variable = notification.UserInfo.ObjectForKey("<Context Keys>"); // Any other event specific context key
// Your logic goes here (Send data to Splunk/Dynatrace/Show Popup...)
});
return base.FinishedLaunching(app, options);
}
Special Considerations for using Threat-Events with MAUI Apps
MAUI apps leverage the native BroadcastReceiver or NSNotificationsCenter through a C# interface provided by the MAUI framework. Consequently, it’s crucial to implement the appropriate listeners for each platform your app targets.
In the code examples provided, we’ve used a specific event identifier for demonstration purposes. You can easily replace this identifier with any other event identifier mentioned in the Appdome knowledge base, depending on your unique threat detection and notification requirements. Feel free to customize the event identifier to align with your application’s specific needs and threat-event configurations.
It’s also worth noting that you have the flexibility to stack multiple listeners for various events, ensuring comprehensive threat detection and response capabilities within your application.
Some or all of the meta-data for each mobile application Threat-Event and Threat-Score can be consumed in MAUI Apps at the discretion of the mobile developer and used, in combination with other mobile application data, to adapt the business logic or user experience when one or more attacks or threats are present.
Meta-Data for Mobile Application Threat-Events and Threat-Scores
Below is the list of metadata that can be associated with each mobile application Threat-Event and Threat-Score in MAUI Apps.
Threat-Event Context Keys | |
---|---|
message | Message displayed for the user on event |
failSafeEnforce | Timed enforcement against the identified threat |
externalID | The external ID of the event which can be listened via Threat Events |
osVersion | OS version of the current device |
deviceModel | Current device model |
deviceManufacturer | The manufacturer of the current device |
fusedAppToken | The task ID of the Appdome fusion of the currently running app |
kernelInfo | Info about the kernel: system name, node name, release, version and machine. |
carrierPlmn | PLMN of the device. Only available for Android devices. |
deviceID | Current device ID |
reasonCode | Reason code of the occurred event |
buildDate | Appdome fusion date of the current application |
devicePlatform | OS name of the current device |
carrierName | Carrier name of the current device. Only available for Android. |
updatedOSVersion | Is the OS version up to date |
deviceBrand | Brand of the device |
deviceBoard | Board of the device |
buildUser | Build user |
buildHost | Build host |
sdkVersion | Sdk version |
timeZone | Time zone |
deviceFaceDown | Is the device face down |
locationLong | Location longitude conditioned by location permission |
locationLat | Location latitude conditioned by location permission |
locationState | Location state conditioned by location permission |
wifiSsid | Wifi SSID |
wifiSsidPermissionStatus | Wifi SSID permission status |
threatCode | The last six characters of the threat code specify the OS, allowing the Threat Resolution Center to address the attack on the affected device. |
Some or all of the meta-data for each mobile application Threat-Event and Threat-Score can be consumed in MAUI Apps at the discretion of the mobile developer and used, in combination with other mobile application data, to adapt the business logic or user experience when one or more attacks or threats are present.
Using Conditional Enforcement for Mobile Application Threat-Events and Threat-Scores
Conditional Enforcement is an extension to Appdome’s mobile application Threat-Event framework. By using conditional enforcement, developers can control when Appdome enforcement of each mobile application protection takes place or invoke backup, failsafe, and enforcement to any in-app enforcement used by the mobile developer.
For more information on using conditional enforcement with your Threat-Event implementation, please contact support@appdome.com.
Verifying Threat-Events in MAUI Apps
After you have implemented the required Threat-Event code in your MAUI Apps, you can confirm that your Threat-Event implementation(s) is properly recognized by the Appdome protections in the MAUI Apps. To do that, review the Certified Secure™ DevSecOps certificate for your build on Appdome.
In the Certified Secure DevSecOps certificate, a correct implementation of Threat-Events in your mobile application looks as seen below.
In the Certified Secure DevSecOps certificate, an incorrect implementation of Threat-Events in your mobile application looks as seen below.
For information on how to view and/or retrieve the Certified Secure DevSecOps certification for your mobile application on Appdome, please visit the knowledge base article Using Certified Secure™ Android & iOS Apps Build Certification in DevOps CI/CD
Questions Using Threat-Events™ in MAUI Apps?
If you have specific questions about implementing Threat-Events or Threat-Scores in Kotlin Apps, fill out the inquiry form on the right-hand side of this knowledge base article or contact support@appdome.com. That is it – Enjoy Appdome with Threat-Events™ in your app.
Related Articles
- Threat-Events™, In-App Threat Intelligence in Kotlin Apps
- Threat-Events™, In-App Threat Intelligence in Native iOS Apps
- Threat-Events™, In-App Threat Intelligence in React Native Apps
- Threat-Events™, In-App Threat Intelligence in Cordova Apps
- Threat-Events™, In-App Threat Intelligence in Native Android Apps
- Threat-Events™, In-App Threat Intelligence in Swift Apps
- Implementing Threat Events – Best Practices
- How To Implement Threat-Events in Java