Merge pull request #9 from talsec/feat-add-onUnlockedDeviceDetected-and-onHardwareBackedKeystoreNotAvailableDetected

Add device state listeners to Android

Author: msikyna

CHANGELOG.md

@@ -0,0 +1,15 @@
+## 1.1.0
+
+#### Android
+
+- 🆕 Android now has support for device state callbacks:
+  - 📲 **Secure Hardware Not Available**: fires when hardware-backed KeyStore is not available
+  - 📲 **Passcode**: fires when freeRASP detects unlocked bootloader on the device
+
+#### iOS
+
+- ⛙ `Missing Secure Enclave` detection becomes **`Secure Hardware Not Available`** to match the newly added Android callback. The functionality remains unchanged.
+
+## 1.0.0
+
+- Initial release of freeRASP.

README.md

@@ -238,22 +238,22 @@ const actions = {
   'device binding': () => {
     console.log('device binding');
   },
+  // Android & iOS
+  'secureHardwareNotAvailable': () => {
+    console.log('secureHardwareNotAvailable');
+  },
+  // Android & iOS
+  'passcode': () => {
+    console.log('passcode');
+  },
   // iOS only
   'deviceID': () => {
     console.log('deviceID');
   },
   // iOS only
-  'missingSecureEnclave': () => {
-    console.log('missingSecureEnclave');
-  },
-  // iOS only
   'passcodeChange': () => {
     console.log('passcodeChange');
   },
-  // iOS only
-  'passcode': () => {
-    console.log('passcode');
-  },
 };
 
 useFreeRasp(config, actions);
@@ -290,7 +290,7 @@ The Security Report is a weekly summary describing the application's security st
 
 The report provides a quick overview of the security incidents, their dynamics, app integrity, and reverse engineering attempts. It contains info about the security of devices, such as OS version or the ratio of devices with screen locks and biometrics. Each visualization also comes with a concise explanation.
 
-To receive Security Reports, fill out the _watcherMail_ field in [config](#step-3-setup-the-configuration-for-your-app).
+To receive Security Reports, fill out the _watcherMail_ field in [config](#configuration).
 
 ![dashboard](https://raw.githubusercontent.com/talsec/Free-RASP-Community/master/visuals/dashboard.png)
 
@@ -423,6 +423,7 @@ Learn more about commercial features at [https://talsec.app](https://talsec.app/
             <td>no</td>
             <td>yes</td>
         </tr>
+        <tr>
          <td colspan=5><strong>Fair usage policy</strong></td>
         </tr>
         <tr>

android/src/main/java/com/freeraspreactnative/FreeraspDeviceStateListener.kt

@@ -0,0 +1,25 @@
+package com.freeraspreactnative
+
+import com.aheaditec.talsec_security.security.api.ThreatListener
+
+internal object FreeraspDeviceStateListener: ThreatListener.DeviceState {
+
+  internal var listener: DeviceStateListener? = null
+
+  override fun onUnlockedDeviceDetected() {
+    "unlockedDevice".let {
+      listener?.deviceStateChangeDetected("passcode")
+    }
+  }
+
+  override fun onHardwareBackedKeystoreNotAvailableDetected() {
+    "hardwareBackedKeystoreNotAvailable".let {
+      listener?.deviceStateChangeDetected("secureHardwareNotAvailable")
+    }
+  }
+
+  internal interface DeviceStateListener {
+    fun deviceStateChangeDetected(threatType: String)
+  }
+
+}

android/src/main/java/com/freeraspreactnative/FreeraspReactNativeModule.kt

@@ -12,9 +12,9 @@ import com.facebook.react.bridge.ReadableMap
 import com.facebook.react.modules.core.DeviceEventManagerModule
 
 class FreeraspReactNativeModule(val reactContext: ReactApplicationContext) :
-  ReactContextBaseJavaModule(reactContext), ThreatListener.ThreatDetected {
+  ReactContextBaseJavaModule(reactContext), ThreatListener.ThreatDetected, FreeraspDeviceStateListener.DeviceStateListener {
 
-  private val listener = ThreatListener(this)
+  private val listener = ThreatListener(this, FreeraspDeviceStateListener)
 
   override fun getName(): String {
     return NAME
@@ -27,6 +27,7 @@ class FreeraspReactNativeModule(val reactContext: ReactApplicationContext) :
 
     try {
       val config = parseTalsecConfig(options)
+      FreeraspDeviceStateListener.listener = this
       listener.registerListener(reactContext)
       Talsec.start(reactContext, config)
       sendOngoingPluginResult("started", null)
@@ -77,6 +78,10 @@ class FreeraspReactNativeModule(val reactContext: ReactApplicationContext) :
     sendOngoingPluginResult("device binding", null)
   }
 
+  override fun deviceStateChangeDetected(threatType: String) {
+    sendOngoingPluginResult(threatType, null)
+  }
+
   private fun sendOngoingPluginResult(eventName: String, params: WritableMap?) {
     reactContext
       .getJSModule(DeviceEventManagerModule.RCTDeviceEventEmitter::class.java)

example/src/App.tsx

@@ -89,39 +89,39 @@ const App = () => {
         )
       );
     },
-    // iOS only
-    'deviceID': () => {
+    // Android & iOS
+    'secureHardwareNotAvailable': () => {
       setAppChecks((currentState) =>
         currentState.map((threat) =>
-          threat.name === 'Device ID' ? { ...threat, status: 'nok' } : threat
+          threat.name === 'Secure Hardware Not Available'
+            ? { ...threat, status: 'nok' }
+            : threat
         )
       );
     },
-    // iOS only
-    'missingSecureEnclave': () => {
+    // Android & iOS
+    'passcode': () => {
       setAppChecks((currentState) =>
         currentState.map((threat) =>
-          threat.name === 'Missing Secure Enclave'
-            ? { ...threat, status: 'nok' }
-            : threat
+          threat.name === 'Passcode' ? { ...threat, status: 'nok' } : threat
         )
       );
     },
     // iOS only
-    'passcodeChange': () => {
+    'deviceID': () => {
       setAppChecks((currentState) =>
         currentState.map((threat) =>
-          threat.name === 'Passcode Change'
-            ? { ...threat, status: 'nok' }
-            : threat
+          threat.name === 'Device ID' ? { ...threat, status: 'nok' } : threat
         )
       );
     },
     // iOS only
-    'passcode': () => {
+    'passcodeChange': () => {
       setAppChecks((currentState) =>
         currentState.map((threat) =>
-          threat.name === 'Passcode' ? { ...threat, status: 'nok' } : threat
+          threat.name === 'Passcode Change'
+            ? { ...threat, status: 'nok' }
+            : threat
         )
       );
     },

example/src/checks.ts

@@ -6,11 +6,11 @@ export const commonChecks = [
   { name: 'Unofficial Store', status: 'ok' },
   { name: 'Hooks', status: 'ok' },
   { name: 'Device Binding', status: 'ok' },
+  { name: 'Secure Hardware Not Available', status: 'ok' },
+  { name: 'Passcode', status: 'ok' },
 ];
 
 export const iosChecks = [
   { name: 'Device ID', status: 'ok' },
-  { name: 'Missing Secure Enclave', status: 'ok' },
   { name: 'Passcode Change', status: 'ok' },
-  { name: 'Passcode', status: 'ok' },
 ];

index.d.ts

@@ -0,0 +1 @@
+declare module '*.png';

ios/FreeraspReactNative.swift

@@ -41,13 +41,17 @@ class FreeraspReactNative: RCTEventEmitter {
     }
 
     override func supportedEvents() -> [String]! {
-        return ["initializationError", "started", "privilegedAccess", "debug", "simulator", "appIntegrity", "unofficialStore", "hooks", "device binding", "deviceID", "missingSecureEnclave", "passcodeChange", "passcode"]
+        return ["initializationError", "started", "privilegedAccess", "debug", "simulator", "appIntegrity", "unofficialStore", "hooks", "device binding", "deviceID", "secureHardwareNotAvailable", "passcodeChange", "passcode"]
     }
 }
 
 extension SecurityThreatCenter: SecurityThreatHandler {
     public func threatDetected(_ securityThreat: TalsecRuntime.SecurityThreat) {
         // It is better to implement security reactions (e.g. killing the app) here.
-        FreeraspReactNative.shared!.sendEvent(withName: securityThreat.rawValue, body: securityThreat.rawValue)
+        if (securityThreat.rawValue == "missingSecureEnclave") {
+            FreeraspReactNative.shared!.sendEvent(withName: "secureHardwareNotAvailable", body: "secureHardwareNotAvailable")
+        } else {
+            FreeraspReactNative.shared!.sendEvent(withName: securityThreat.rawValue, body: securityThreat.rawValue)
+        }
     }
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "freerasp-react-native",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "React Native plugin for improving app security and threat monitoring on Android and iOS mobile devices.",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",

src/index.tsx

@@ -27,9 +27,9 @@ type NativeEventEmitterActions = {
   'hooks'?: () => any;
   'device binding'?: () => any;
   'deviceID'?: () => any;
-  'missingSecureEnclave'?: () => any;
   'passcodeChange'?: () => any;
   'passcode'?: () => any;
+  'secureHardwareNotAvailable'?: () => any;
   'started'?: () => any;
   'initializationError'?: (reason: { message: string }) => any;
 };