Implementing Threat-Events – Best Practices

Last updated November 5, 2023 by Appdome

Best Practices for Implementing Appdome Threat-Events

Learn the the best practices for implementing Appdome Threat-Events in Android and iOS apps.

On Android mobile devices, security events are usually implemented by using Broadcasts and BroadcastReceiver, which by default are freely broadcasted to all applications on the device. This mechanism is the simplest Android communication system to implement.

This Knowledge Base article specifies two common issues with the implementation of threat events:

  • The Threat-Event BroadcastReceiver is registered in an activity context
  • The Threat-Event is handled on the UI thread

The Threat-Event BroadcastReceiver is Registered in an Activity Context

Issue

The Threat-Event BroadcastReceiver is registered in an activity context, which is only valid as long as the activity (login screen, introduction screen and so on) is displayed in the UI. As a result, the BroadcastReceiver needs to be registered and deregistered in each activity.

Recommendation

Move the Threat-Event BroadcastReceiver registration to the app’s application class.

This operation has the following advantages:

  • The BroadcastReceiver is registered in an Application context, which is valid throughout the entire lifecycle of the app, without any need for de-registration.
  • Registering the BroadcastReceiver only once means the developer can use a singleton to initiate the receiver class and access the singleton to query which Threat-Events have been sent to the app.

Threat-Event is Handled on the UI Thread

Issue

The Threat-Event is handled on the UI thread that is also used for sending the broadcast to the BroadcastReceiver. Therefore, while the Threat-Event is being parsed, the end-user may experience an unresponsive UI when performing user gestures such as tap or key events.

Recommendation

Ensure that the UI thread only handles UI operations such as displaying a toast or a dialog, while Threat-Event parsing is performed in a side thread.

Related Articles

How to Learn More

If you want to learn how to troubleshoot common issues with the implementation of Threat-Event, check out the KB article Implementing  Threat Events – Best Practices.

If you want to use Threat-Events to respond to threats detected by Appdome ONEShield, check out this KB article on ONEShield Threat-Events.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Or request a demo at any time.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Appdome

Want a Demo?

Threat-Events™ UX/UI Control

AlanWe're here to help
We'll get back to you in 24 hours to schedule your demo.