Threat-Events™, In-App Threat Intelligence in Native Android Apps
Last updated August 20, 2024 by Appdome
This knowledge base article shows you how easy it is to use Appdome Threat-Events™ to get in-app threat intelligence in native Android apps and control the user experience in your native Android apps when mobile attacks occur.
What are Threat-Events?
Appdome Threat-Events is a powerful threat-intelligence framework for Android & iOS apps, which is comprised of three elements: (1) a Threat-Event, (2) the data from each Threat-Event, and (3) the Threat-Score™.
With Threat-Events, mobile developers can register, listen to, and consume real-time attack and threat data from Appdome’s mobile app security, anti-fraud, mobile anti-bot, and other protections within their mobile applications. This allows them to (1) ensure that mobile application workflows are aware of attacks and threats, (2) customize business logic and user experience based on the user’s risk profile and/or each attack or threat presented, and (3) pass the threat data to other systems of record such as app servers, mobile fraud analysis systems, SIEMs, and other data collection points.
The purpose of Threat-Events is to enable Android and iOS applications to adapt and respond to mobile app attacks and threats in real-time. Using Threat-Events will ensure you keep users, data, and transactions safe.
Mobile Application Threat-Events vs. Threat-Scores
Appdome Threat-Events can be used as a stand-alone implementation in Native Android Apps, or in combination with Threat-Scores. Threat-Events provide the mobile developer with the in-app notification of each attack or threat, as well as the metadata associated with the attack. Threat-Scores provide the mobile developer with the Threat-Event event score and the combined (aggregate) mobile end-user risk at the time of the notification.
The figure below shows where you can find Threat-Events and Threat-Scores for each of the runtime mobile app security, anti-fraud, anti-malware, mobile antibot, and other protections available on Appdome:
To enable Threat-Events with any runtime protection, select the check box next to Threat-Events for that feature. Doing so will enable (turn ON) Threat-Events for that feature. To enable Threat-Scores for any runtime protection, click the up/down arrow associated with Threat-Scores to assign a specific score to each protection.
Threat-Scores must have a value greater than zero (0) and less than a thousand (1,000).
Threat-Events and Threat-Scores can be used with or in place of server-based mobile anti-fraud solutions.
Prerequisites for Using Threat-Events with Native Android Apps
Here’s what you need to use Threat-Events with native Android apps:
Signing Credentials (e.g., signing certificates and provisioning profile) – see Signing Secure Android apps.
Code Snippet Required for Using Threat-Events with Native Android Apps
Before consuming Threat-Events or Threat-Scores in your Native Apps, confirm that the following conditions are met:
Threat-Events and/or Threat-Scores have been enabled ( turned ON) for the specific protection
You are using the correct identifiers for the Threat-Events for each protection.
You can find the specific identifiers for each Threat-Event and Threat-Score in the knowledge base article associated with each protection.
Below is the code snippet required for using Threat-Events™ and Threat-Scores™ in Native Android Apps:
private final static String TAG = "Appdome ThreatEvent";
private final static String BLOCKED_KEYBOARD = "BlockedKeyboardEvent";
private final static String BLOCKED_CLIPBOARD = "BlockedClipboardEvent";
private final static String ROOTED_DEVICE = "RootedDevice";
private final static String UNKNOWN_SOURCES = "UnknownSourcesEnabled";
private final static String DEVELOPER_OPTIONS = "DeveloperOptionsEnabled";
private final static String SSL_VALIDATION_FAILED = "SslCertificateValidationFailed";
private final static String SSL_NON_SSL_CONNECTION = "SslNonSslConnection";
private final static String SSL_CERT_PINNING_FAILED = "SslCertificatePinningFailed";
private final static String ACCESS_OUTSIDE_WHITELIST = "UrlWhitelistFailed";
private final static String SSL_INCOMPATIBLE_CIPHER = "SslIncompatibleCipher";
private final static String SSL_INCOMPATIBLE_TLS = "SslIncompatibleVersion";
private final static String SSL_INVALID_CA_CHAIN = "SslInvalidCertificateChain";
private final static String SSL_INVALID_RSA_SIGNATURE = "SslInvalidMinRSASignature";
private final static String SSL_INVALID_ECC_SIGNATURE = "SslInvalidMinECCSignature";
private final static String SSL_INVALID_DIGEST = "SslInvalidMinDigest";
private final static String BLOCKED_MANUFACTURER = "BannedManufacturer";
// Only available when ONEShield Threat Events are enabled
private final static String TAMPERED_APP = "AppIntegrityError";
private BroadcastReceiver receiver;
private Context context;
// Explicitly state that the ThreatEvents BroadcastReceiver should not be exported
private void registerReceiverWithFlags(IntentFilter intentFilter) {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
context.registerReceiver(receiver, intentFilter, Context.RECEIVER_NOT_EXPORTED);
} else {
context.registerReceiver(receiver, intentFilter);
}
}
public void init(Context context) {
this.context = context;
receiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
onEvent(intent);
}
};
registerReceiverWithFlags(new IntentFilter(BLOCKED_KEYBOARD));
registerReceiverWithFlags(new IntentFilter(BLOCKED_CLIPBOARD));
registerReceiverWithFlags(new IntentFilter(ROOTED_DEVICE));
registerReceiverWithFlags(new IntentFilter(UNKNOWN_SOURCES));
registerReceiverWithFlags(new IntentFilter(DEVELOPER_OPTIONS));
registerReceiverWithFlags(new IntentFilter(SSL_VALIDATION_FAILED));
registerReceiverWithFlags(new IntentFilter(SSL_NON_SSL_CONNECTION));
registerReceiverWithFlags(new IntentFilter(SSL_CERT_PINNING_FAILED));
registerReceiverWithFlags(new IntentFilter(ACCESS_OUTSIDE_WHITELIST));
registerReceiverWithFlags(new IntentFilter(SSL_INCOMPATIBLE_CIPHER));
registerReceiverWithFlags(new IntentFilter(SSL_INCOMPATIBLE_TLS));
registerReceiverWithFlags(new IntentFilter(SSL_INVALID_CA_CHAIN));
registerReceiverWithFlags(new IntentFilter(SSL_INVALID_RSA_SIGNATURE));
registerReceiverWithFlags(new IntentFilter(SSL_INVALID_ECC_SIGNATURE));
registerReceiverWithFlags(new IntentFilter(SSL_INVALID_DIGEST));
registerReceiverWithFlags(new IntentFilter(BLOCKED_MANUFACTURER));
// Only available when ONEShield Threat Events are enabled
registerReceiverWithFlags(new IntentFilter(TAMPERED_APP));
}
// This method should be called during the Activity.onPause() if the context used when calling the init() method is an Activity context
public void stop() {
context.unregisterReceiver(receiver);
}
private void onEvent(Intent intent) {
String action = intent.getAction();
String defaultMessage;
String internalError;
String threatEventDetailedMessage;
String host;
String reason;
String certificateSHA1;
String certificateCN;
String incompatibleCipherId;
String incompatibleSslVersion;
String timeStamp;
String deviceID;
String deviceModel;
String osVersion;
String kernelInfo;
String deviceManufacturer;
String fusedAppToken;
String carrierPlmn;
String deviceBrand;
String deviceBoard;
String buildHost;
String buildUser;
String sdkVersion;
switch (action) {
case BLOCKED_KEYBOARD:
// Package name of the keyboard
String keyboardID = intent.getStringExtra("keyboard");
// "true" or "false"
String keyboardBlocked = intent.getStringExtra("blocked");
// message specified in the fusion set
defaultMessage = intent.getStringExtra("defaultMessage");
// UNIX timestamp of detection
timeStamp = intent.getStringExtra("timestamp");
// Unique device identifier
deviceID = intent.getStringExtra("deviceID");
// Mobile device model
deviceModel = intent.getStringExtra("deviceModel");
// Mobile device OS version
osVersion = intent.getStringExtra("osVersion");
// Kernel information
kernelInfo = intent.getStringExtra("kernelInfo");
// Mobile device manufacturer
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
// Build ID
fusedAppToken = intent.getStringExtra("fusedAppToken");
// Carrier identity number (PLMN code)
carrierPlmn = intent.getStringExtra("carrierPlmn");
// Device Brand
deviceBrand = intent.getStringExtra("deviceBrand");
// Device Board
deviceBoard = intent.getStringExtra("deviceBoard");
// Build Host
buildHost = intent.getStringExtra("buildHost");
// Build User
buildUser = intent.getStringExtra("buildUser");
// SDK Version
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case BLOCKED_CLIPBOARD:
// "copy", "paste", "cut", "selectAll" or "unknown"
String clipboardAction = intent.getStringExtra("action");
// "true" or "false"
String clipboardBlocked = intent.getStringExtra("blocked");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case ROOTED_DEVICE:
// Opaque identifier of root detection method
internalError = intent.getStringExtra("internalError");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case UNKNOWN_SOURCES:
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
break;
case DEVELOPER_OPTIONS:
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case SSL_VALIDATION_FAILED:
// A detailed message describing the detection
threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage");
// The host that triggered the detection
host = intent.getStringExtra("host");
// The certificate sha1 fingerprint
certificateSHA1 = intent.getStringExtra("certificateSHA1");
// The certificate CN (common name)
certificateCN = intent.getStringExtra("certificateCN");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case SSL_NON_SSL_CONNECTION:
// A detailed message describing the detection
threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage");
// The host that triggered the detection
host = intent.getStringExtra("host");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case SSL_CERT_PINNING_FAILED:
// A detailed message describing the detection
threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage");
// The host that triggered the detection
host = intent.getStringExtra("host");
// The certificate sha1 fingerprint
certificateSHA1 = intent.getStringExtra("certificateSHA1");
// The certificate CN (common name)
certificateCN = intent.getStringExtra("certificateCN");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case ACCESS_OUTSIDE_WHITELIST:
// The host that triggered the detection
host = intent.getStringExtra("host");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case SSL_INCOMPATIBLE_CIPHER:
// The Incompatible Cipher Id
incompatibleCipherId = intent.getStringExtra("incompatibleCipherId");
// The host that triggered the detection
host = intent.getStringExtra("host");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case SSL_INCOMPATIBLE_TLS:
// The host that triggered the detection
host = intent.getStringExtra("host");
// The Incompatible SSL/TLS version
incompatibleSslVersion = intent.getStringExtra("incompatibleSslVersion");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case SSL_INVALID_CA_CHAIN:
// A detailed message describing the detection
threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage");
// The host that triggered the detection
host = intent.getStringExtra("host");
// The certificate sha1 fingerprint
certificateSHA1 = intent.getStringExtra("certificateSHA1");
// The certificate CN (common name)
certificateCN = intent.getStringExtra("certificateCN");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case SSL_INVALID_RSA_SIGNATURE:
// A detailed message describing the detection
threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage");
// The host that triggered the detection
host = intent.getStringExtra("host");
// The certificate sha1 fingerprint
certificateSHA1 = intent.getStringExtra("certificateSHA1");
// The certificate CN (common name)
certificateCN = intent.getStringExtra("certificateCN");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case SSL_INVALID_ECC_SIGNATURE:
// A detailed message describing the detection
threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage");
// The host that triggered the detection
host = intent.getStringExtra("host");
// The certificate sha1 fingerprint
certificateSHA1 = intent.getStringExtra("certificateSHA1");
// The certificate CN (common name)
certificateCN = intent.getStringExtra("certificateCN");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case SSL_INVALID_DIGEST:
// A detailed message describing the detection
threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage");
// The host that triggered the detection
host = intent.getStringExtra("host");
// The certificate sha1 fingerprint
certificateSHA1 = intent.getStringExtra("certificateSHA1");
// The certificate CN (common name)
certificateCN = intent.getStringExtra("certificateCN");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
case BLOCKED_MANUFACTURER:
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
// Only available when ONEShield Threat Events are enabled
case TAMPERED_APP:
// The detected tampered component
reason = intent.getStringExtra("reason");
defaultMessage = intent.getStringExtra("defaultMessage");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
deviceBrand= intent.getStringExtra("deviceBrand");
deviceBoard = intent.getStringExtra("deviceBoard");
buildHost = intent.getStringExtra("buildHost");
buildUser = intent.getStringExtra("buildUser");
sdkVersion = intent.getStringExtra("sdkVersion");
//
// Respond to mobile app attacks and threats here
//
break;
default:
Log.e(TAG, "unknown event received " + action);
break;
}
}
Threat-Event Failsafe Enforcement
Failsafe Enforcement provides app developers with the ability to manage when Appdome enforces specific detections. To utilize this feature, follow the steps below:
Set the Threat Event of the selected feature to “In-App Detection” mode.
Enable the Threat-Event Failsafe Enforcement option.
Once you have received the Threat Event and performed the necessary internal logic, you should post a notification named “EnforceThreatEvent” using Android’s Broadcast API with the userInfo received from the Threat Event. Below is the code snippet required for using Threat Event in Failsafe Enforcement configuration, with the RootedDevice event as an example:
String action = intent.getAction();
switch (action) {
case ROOTED_DEVICE:
//
// Respond to mobile app attacks and threats here, as seen above
//
// Notify Appdome to enforce the Threat Event after Threat Event is handled
Intent newIntent = new Intent("EnforceThreatEvent");
newIntent.putExtras(intent.getExtras());
newIntent.setPackage(context.getPackageName());
context.sendBroadcast(newIntent);
}
Special Considerations for Using Threat-Events with Native Android Apps
None.
Compatibility with Android 14
Following a security update introduced in Android 14 (API level 34), apps targeting Android 14 are required to explicitly specify whether a registered receiver should be exported to all other apps on the device. A SecurityException will be raised if a context-registered broadcast receiver is registered without passing either Context.RECEIVER_NOT_EXPORTED or Context.RECEIVER_EXPORTED. The receiver flags were introduced in Android 13 as part of "Safer exporting of context-registered receivers", as seen here: [https://developer.android.com/about/versions/13/features#runtime-receivers]. Therefore when registering a broadcast receiver for Threat Events, the call to register a a context-registered BroadcastReceiver registration should include the Context.RECEIVER_NOT_EXPORTED receiver flag when the app targeting Android 13 and above in order to ensure that the receiver will only accept broadcasts sent from within the protected app. For additional details, please follow this Android guide: [https://developer.android.com/guide/components/broadcasts#context-registered-receivers]
Meta-Data for Mobile Application Threat-Events and Threat-Scores
Below is the list of metadata that can be associated with each mobile application Threat-Event and Threat-Score in native Android apps.
Threat-Event Context Keys
message
Message displayed for the user on event
failSafeEnforce
Timed enforcement against the identified threat
externalID
The external ID of the event which can be listened via Threat Events
osVersion
OS version of the current device
deviceModel
Current device model
deviceManufacturer
The manufacturer of the current device
fusedAppToken
The task ID of the Appdome fusion of the currently running app
kernelInfo
Info about the kernel: system name, node name, release, version and machine.
carrierPlmn
PLMN of the device. Only available for Android devices.
deviceID
Current device ID
reasonCode
Reason code of the occurred event
buildDate
Appdome fusion date of the current application
devicePlatform
OS name of the current device
carrierName
Carrier name of the current device. Only available for Android.
updatedOSVersion
Is the OS version up to date
deviceBrand
Brand of the device
deviceBoard
Board of the device
buildUser
Build user
buildHost
Build host
sdkVersion
Sdk version
timeZone
Time zone
deviceFaceDown
Is the device face down
locationLong
Location longitude conditioned by location permission
locationLat
Location latitude conditioned by location permission
locationState
Location state conditioned by location permission
wifiSsid
Wifi SSID
wifiSsidPermissionStatus
Wifi SSID permission status
Some or all of the meta-data for each mobile application Threat-Event and Threat-Score can be consumed in Native Android Apps at the discretion of the mobile developer and used, in combination with other mobile application data, to adapt the business logic or user experience when one or more attacks or threats are present.
Using Conditional Enforcement for Mobile Application Threat-Events and Threat-Scores
Conditional Enforcement is an extension to Appdome's mobile application Threat-Event framework. By using conditional enforcement, developers can control when Appdome enforcement of each mobile application protection takes place or invoke backup, failsafe, and enforcement to any in-app enforcement used by the mobile developer.
For more information on using conditional enforcement with your Threat-Event implementation, please contact support.appdome.com.
Verifying Threat-Events in Native Android Apps
After you have implemented the required Threat-Event code in your native Android apps, you can confirm that your Threat-Event implementation(s) is properly recognized by the Appdome protections in the native Android apps. To do that, review the Certified Secure™ DevSecOps certificate for your build on Appdome.
In the Certified Secure DevSecOps certificate, a correct implementation of Threat-Events in your mobile application looks as seen below.
In the Certified Secure DevSecOps certificate, an incorrect implementation of Threat-Events in your mobile application looks as seen below.
Questions Using Threat-Events™ in Native Android Apps?
If you have specific questions about implementing Threat-Events or Threat-Scores in native Android apps, please fill out the inquiry form on the right-hand side of this knowledge base article or contact support.appdome.com. That is it – Enjoy Appdome with Threat-Events™ in your app!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.
Want a Demo?
Threat-Events™ UX/UI Control
TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.
