Merge pull request #68 from talsec/rc/17.0.0

freeRASP and dependencies updated

Author: xprikryl2

FreeRASPDemoApp/app/build.gradle

@@ -6,9 +6,9 @@ plugins {
 android {
     defaultConfig {
         applicationId "com.aheaditec.talsec.demoapp"
-        minSdk 23
-        compileSdk 35
-        targetSdk 35
+        minSdkVersion 23
+        compileSdkVersion 36
+        targetSdkVersion 36
         versionCode 1
         versionName "1.0"
 
@@ -36,11 +36,11 @@ android {
 
 dependencies {
     // freeRASP SDK
-    implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:16.0.1'
+    implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:17.0.0'
 
     implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
-    implementation 'androidx.core:core-ktx:1.12.0'
-    implementation 'androidx.appcompat:appcompat:1.6.1'
-    implementation 'com.google.android.material:material:1.11.0'
-    implementation 'androidx.constraintlayout:constraintlayout:2.1.4'
+    implementation 'androidx.core:core-ktx:1.17.0'
+    implementation 'androidx.appcompat:appcompat:1.7.1'
+    implementation 'com.google.android.material:material:1.13.0'
+    implementation 'androidx.constraintlayout:constraintlayout:2.2.1'
 }

FreeRASPDemoApp/app/src/main/AndroidManifest.xml

@@ -2,9 +2,18 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
     package="com.aheaditec.talsec.demoapp">
 
+    <!-- Optional for Screen Protection features -->
     <uses-permission android:name="android.permission.DETECT_SCREEN_CAPTURE" />
     <uses-permission android:name="android.permission.DETECT_SCREEN_RECORDING" />
 
+    <!-- Optional for location spoofing feature -->
+    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
+    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
+
+    <!-- Optional for unsecure WiFi detection feature -->
+    <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
+    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
+
     <application
         android:name=".TalsecApplication"
         android:allowBackup="true"

FreeRASPDemoApp/app/src/main/java/com/aheaditec/talsec/demoapp/MainActivity.kt

@@ -1,12 +1,37 @@
 package com.aheaditec.talsec.demoapp
 
-import androidx.appcompat.app.AppCompatActivity
+import android.Manifest
+import android.content.pm.PackageManager
 import android.os.Bundle
+import androidx.appcompat.app.AppCompatActivity
+import androidx.core.app.ActivityCompat
+import androidx.core.content.ContextCompat
 
 class MainActivity : AppCompatActivity() {
 
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
         setContentView(R.layout.activity_main)
+        requestFineLocationPermission()
+    }
+
+    private fun requestFineLocationPermission() {
+        if (ContextCompat.checkSelfPermission(
+                this,
+                FINE_LOCATION_PERMISSION
+            ) != PackageManager.PERMISSION_GRANTED
+        ) {
+            // Permission is not granted, request it
+            ActivityCompat.requestPermissions(
+                this,
+                arrayOf(COARSE_LOCATION_PERMISSION, FINE_LOCATION_PERMISSION),
+                100
+            )
+        }
+    }
+
+    private companion object {
+        private const val FINE_LOCATION_PERMISSION = Manifest.permission.ACCESS_FINE_LOCATION
+        private const val COARSE_LOCATION_PERMISSION = Manifest.permission.ACCESS_COARSE_LOCATION
     }
 }

FreeRASPDemoApp/app/src/main/java/com/aheaditec/talsec/demoapp/TalsecApplication.kt

@@ -2,26 +2,15 @@ package com.aheaditec.talsec.demoapp
 
 import android.app.Activity
 import android.app.Application
-import android.os.Build
 import android.os.Bundle
-import android.util.Log
-import android.view.WindowManager.SCREEN_RECORDING_STATE_VISIBLE
+import com.aheaditec.talsec_security.security.api.ScreenProtector
 import com.aheaditec.talsec_security.security.api.SuspiciousAppInfo
 import com.aheaditec.talsec_security.security.api.Talsec
 import com.aheaditec.talsec_security.security.api.TalsecConfig
 import com.aheaditec.talsec_security.security.api.ThreatListener
-import java.util.function.Consumer
 
 class TalsecApplication : Application(), ThreatListener.ThreatDetected {
 
-    private var currentActivity: Activity? = null
-    private var screenCaptureCallback: Activity.ScreenCaptureCallback? = null
-    private val screenRecordCallback: Consumer<Int> = Consumer<Int> { state ->
-        if (state == SCREEN_RECORDING_STATE_VISIBLE) {
-            Talsec.onScreenRecordingDetected()
-        }
-    }
-
     override fun onCreate() {
         super.onCreate()
 
@@ -35,68 +24,33 @@ class TalsecApplication : Application(), ThreatListener.ThreatDetected {
             .watcherMail(watcherMail)
             .supportedAlternativeStores(supportedAlternativeStores)
             .prod(isProd)
+            .killOnBypass(true) // determines if the app should be killed within the SDK if the callbacks are hooked/modified by an attacker
             .build()
 
-        ThreatListener(this, deviceStateListener).registerListener(this)
+        ThreatListener(this, deviceStateListener, raspExecutionStateListener).registerListener(this)
         Talsec.start(this, config)
 
         registerActivityLifecycleCallbacks(object : ActivityLifecycleCallbacks {
             override fun onActivityCreated(activity: Activity, bundle: Bundle?) {
-
-                // Set to 'true' to block screen capture
                 Talsec.blockScreenCapture(activity, false)
             }
 
-            override fun onActivityStarted(activity: Activity) {
-                unregisterCallbacks()
-                currentActivity = activity
-                registerCallbacks(activity)
-            }
-
-            override fun onActivityResumed(activity: Activity) {}
-            override fun onActivityPaused(activity: Activity) {}
+            override fun onActivityStarted(activity: Activity) {}
 
-            override fun onActivityStopped(activity: Activity) {
-                if (activity == currentActivity) {
-                    unregisterCallbacks()
-                    currentActivity = null
-                }
+            override fun onActivityResumed(activity: Activity) {
+                ScreenProtector.INSTANCE.registerScreenCallbacks(activity)
             }
 
-            override fun onActivitySaveInstanceState(activity: Activity, bundle: Bundle) {}
-            override fun onActivityDestroyed(activity: Activity) {}
-        })
-    }
-
-    private fun registerCallbacks(activity: Activity) {
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
-            screenCaptureCallback = Activity.ScreenCaptureCallback {
-                Talsec.onScreenshotDetected()
+            override fun onActivityPaused(activity: Activity) {
+                ScreenProtector.INSTANCE.unregisterScreenCallbacks(activity)
             }
-            activity.registerScreenCaptureCallback(
-                baseContext.mainExecutor, screenCaptureCallback!!
-            )
-        }
 
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.VANILLA_ICE_CREAM) {
-            val initialState = activity.windowManager.addScreenRecordingCallback(
-                mainExecutor, screenRecordCallback
-            )
-            screenRecordCallback.accept(initialState)
-        }
-    }
+            override fun onActivityStopped(activity: Activity) {}
 
-    private fun unregisterCallbacks() {
-        currentActivity?.let { activity ->
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE && screenCaptureCallback != null) {
-                activity.unregisterScreenCaptureCallback(screenCaptureCallback!!)
-                screenCaptureCallback = null
-            }
+            override fun onActivitySaveInstanceState(activity: Activity, bundle: Bundle) {}
 
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.VANILLA_ICE_CREAM) {
-                activity.windowManager.removeScreenRecordingCallback(screenRecordCallback)
-            }
-        }
+            override fun onActivityDestroyed(activity: Activity) {}
+        })
     }
 
     override fun onRootDetected() {
@@ -143,23 +97,44 @@ class TalsecApplication : Application(), ThreatListener.ThreatDetected {
         println("onObfuscationIssuesDetected")
     }
 
-    override fun onMalwareDetected(p0: MutableList<SuspiciousAppInfo>?) {
+    override fun onMalwareDetected(suspiciousApps: List<SuspiciousAppInfo>) {
         // Set your reaction
         println("onMalwareDetected")
+        suspiciousApps.forEach {
+            println("Suspicious app: ${it.packageInfo.packageName}, reason: ${it.reason}")
+        }
     }
 
     override fun onScreenshotDetected() {
+        // Set your reaction
         println("onScreenshotDetected")
     }
 
     override fun onScreenRecordingDetected() {
+        // Set your reaction
         println("onScreenRecordingDetected")
     }
 
     override fun onMultiInstanceDetected() {
+        // Set your reaction
         println("onMultiInstanceDetected")
     }
 
+    override fun onUnsecureWifiDetected() {
+        // Set your reaction
+        println("onUnsecureWifiDetected")
+    }
+
+    override fun onTimeSpoofingDetected() {
+        // Set your reaction
+        println("onTimeSpoofingDetected")
+    }
+
+    override fun onLocationSpoofingDetected() {
+        // Set your reaction
+        println("onLocationSpoofingDetected")
+    }
+
     // This is optional. Use only if you are interested in device state information like device lock and HW backed keystore state
     private val deviceStateListener = object : ThreatListener.DeviceState {
         override fun onUnlockedDeviceDetected() {
@@ -173,18 +148,28 @@ class TalsecApplication : Application(), ThreatListener.ThreatDetected {
         }
 
         override fun onDeveloperModeDetected() {
+            // Set your reaction
             println("onDeveloperModeDetected")
         }
 
         override fun onADBEnabledDetected() {
+            // Set your reaction
             println("onADBEnabledDetected")
         }
 
         override fun onSystemVPNDetected() {
+            // Set your reaction
             println("onSystemVPNDetected")
         }
     }
 
+    // This is optional. Use only if you are interested in RASP execution state information
+    private val raspExecutionStateListener = object : ThreatListener.RaspExecutionState() {
+        override fun onAllChecksFinished() {
+            println("onAllChecksFinished")
+        }
+    }
+
     companion object {
         private const val expectedPackageName = "com.aheaditec.talsec.demoapp" // Don't use Context.getPackageName!
         private val expectedSigningCertificateHashBase64 = arrayOf(
@@ -196,6 +181,6 @@ class TalsecApplication : Application(), ThreatListener.ThreatDetected {
             // Google Play Store and Huawei AppGallery are supported out of the box, you can pass empty array or null or add other stores like the Samsung's one:
             "com.sec.android.app.samsungapps" // Samsung Store
         )
-        private val isProd = true
+        private const val isProd = true
     }
 }

FreeRASPDemoApp/build.gradle

@@ -6,7 +6,7 @@ buildscript {
         mavenCentral()
     }
     dependencies {
-        classpath "com.android.tools.build:gradle:8.7.3"
+        classpath 'com.android.tools.build:gradle:8.13.0'
         classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
 
         // NOTE: Do not place your application dependencies here; they belong

FreeRASPDemoApp/gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists