Android guide + SDK. Check Community repository for common information.

Talsec

Last update: Dec 21, 2022

Related tags

SDK android android-library

Overview

freeRASP for Android

freeRASP for Android is a part of security SDK for the app shielding and security monitoring. Learn more about provided features on the freeRASP's main repository first.

⚠️ Attention ⚠️ Update to the latest (v3.1.0+) version. Previous versions contain a bug that impacts logged data.

Usage

We will guide you step-by-step, but you can always check the expected result in the demo app. This is how final files should look like:

Step 1: Add Talsec to your Gradle

Set our nexus artifact repository in your project's build.gradle:

[build.gradle (NameOfProject)]
...

allprojects {
    repositories {
        google()
        jcenter()
        maven { url "https://nexus3-public.monetplus.cz/repository/ahead-talsec-free-rasp" }
    }
}

Set release and debug dependencies in your :app module's build.gradle:

[build.gradle (:app)]
...

dependencies {
    // Talsec Release
    releaseImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:3.1.0-release'
    // Talsec Debug
    debugImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:3.1.0-dev'
    ...

Dev vs. Release version

Dev version is used during the development of application. It separates development and production data and disables some checks which won't be triggered during development process:

Emulator-usage
Debugging
Signing

Step 2: Setup the Configuration for your App

Create arbitrary subclass of Application(), override it's onCreate() and implement interface of ThreatListener.ThreatDetected. You can of course use your Application subclass, if you already have one in your project.

[TalsecApplication.kt]

class TalsecApplication : Application(), ThreatListener.ThreatDetected {

    override fun onCreate() {
        super.onCreate()
    }

}

Add this new subclass to AndroidManifest.xml" inside tag:

[AndroidManifest.xml]

<application
    android:name=".TalsecApplication"
    ...

Setup the Configuration for your App. Set up with your values 😉 . You can uncomment prepared helper function Log.e(..) in the onCreate() to get expectedSigningCertificateHash easily (helper functions are in the Utils.kt):

[TalsecApplication.kt]

override fun onCreate() {
    super.onCreate()

    // Uncomment the following Log.e(...) to get your expectedSigningCertificateHash
    // Copy the result from logcat and assign to expectedSigningCertificateHash
    //Log.e("SigningCertificateHash", Utils.computeSigningCertificateHash(this))
    ...

The value of watcherMail is automatically used as target address for your security reports. Mail has a strict form '[email protected]'. You can assign just emptyArray() to supportedAlternativeStores if you publish on the Google Play Store and Huawei AppGallery as these are already included internally.

[TalsecApplication.kt]

companion object {
    private const val expectedPackageName = "com.aheaditec.talsec.demoapp" // Don't use Context.getPackageName!
    private const val expectedSigningCertificateHash = "mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k=" // Replace with your release (!) signing certificate hash
    private const val watcherMail = "[email protected]" // for Alerts and Reports
    private val supportedAlternativeStores = arrayOf(
        // Google Play Store and Huawei AppGallery are supported out of the box, you can pass empty array or null or add other stores like the Samsung's one:
        "com.sec.android.app.samsungapps" // Samsung Store
    )
}

[TalsecApplication.kt]

override fun onCreate() {
    ...

    // Uncomment the following Log.e(...) to get your expectedSigningCertificateHash
    // Copy the result from logcat and assign to expectedSigningCertificateHash and
    //Log.e("SigningCertificateHash", Utils.computeSigningCertificateHash(this))

    val config = TalsecConfig(
        expectedPackageName,
        expectedSigningCertificateHash,
        watcherMail,
        supportedAlternativeStores
    )

Initiate ThreatListener and start Talsec just by adding these two lines below the created config:

[TalsecApplication.kt]

override fun onCreate() {
    ...

    ThreatListener(this).registerListener(this)
    Talsec.start(this, config)
}

Step 3: Handle detected threats

Implement methods of ThreatListener.ThreatDetected. For example you can kill app, warn user or send the event to your backend service.

[TalsecApplication.kt]

override fun onRootDetected() {
    // Set your reaction
    TODO("Not yet implemented")
}

override fun onDebuggerDetected() {
    // Set your reaction
    TODO("Not yet implemented")
}

override fun onEmulatorDetected() {
    // Set your reaction
    TODO("Not yet implemented")
}

override fun onTamperDetected() {
    // Set your reaction
    TODO("Not yet implemented")
}

override fun onUntrustedInstallationSourceDetected() {
    // Set your reaction
    TODO("Not yet implemented")
}

override fun onHookDetected() {
    // Set your reaction
    TODO("Not yet implemented")
}

override fun onDeviceBindingDetected() {
    // Set your reaction
    TODO("Not yet implemented")
}

And you're done 🎉 ! You can open issue if you get stuck anywhere in the guide or show your appreciation by starring this repository ⭐ !

Comments

Able to recompile the APK

I am able to modify the manifest file (changed the backup to false ) and recompile the application. The application is getting successfully installed on the system..
waiting for response

opened by abhishekpalad 4
build error
I follow your instruction on my cordova app. When building, it generated error: `> Task :app:dataBindingMergeDependencyArtifactsDebug FAILED

FAILURE: Build failed with an exception.

What went wrong:

Execution failed for task ':app:dataBindingMergeDependencyArtifactsDebug'.

Could not resolve all files for configuration ':app:debugCompileClasspath'.

Could not find com.aheaditec.talsec.security:TalsecSecurity-Community:4.2.1-release.

Required by: project :app

` Could you let me know how to resolve this?
question
opened by shanlin2dltk 3

"Could not find com.aheaditec.talsec.security:TalsecSecurity-Community:3.1.0-dev." with 403 on pom file

Hi,

I tried following the instructions in #2 .

I reached a point where the compilation error was partially understandable.

Here is the important portion of my android/build.gradle file:

buildscript {
    ext.kotlin_version = '1.5.21'
    repositories {
        google()
        jcenter()
    }

    dependencies {
        classpath 'com.android.tools.build:gradle:4.2.2'
        classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
        classpath 'com.aheaditec.talsec.security:TalsecSecurity-Community:3.1.0-dev'
    }
}

allprojects {
    repositories {
        google()
        jcenter()
        {url "[https://nexus3-public.monetplus.cz/repository/ahead-talsec-free-rasp]" }
    }
}
...

And here is the complete unedited run output with the error message:

Launching lib/main.dart on SM A037F in debug mode...
Running Gradle task 'assembleDebug'...

FAILURE: Build failed with an exception.

* What went wrong:
A problem occurred configuring root project 'android'.
> Could not resolve all artifacts for configuration ':classpath'.
   > Could not find com.aheaditec.talsec.security:TalsecSecurity-Community:3.1.0-dev.
     Searched in the following locations:
       - https://dl.google.com/dl/android/maven2/com/aheaditec/talsec/security/TalsecSecurity-Community/3.1.0-dev/TalsecSecurity-Community-3.1.0-dev.pom
       - https://jcenter.bintray.com/com/aheaditec/talsec/security/TalsecSecurity-Community/3.1.0-dev/TalsecSecurity-Community-3.1.0-dev.pom
     Required by:
         project :

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 6s
Exception: Gradle task assembleDebug failed with exit code 1

When I try to open the pom file https://jcenter.bintray.com/com/aheaditec/talsec/security/TalsecSecurity-Community/3.1.0-dev/TalsecSecurity-Community-3.1.0-dev.pom directly, I get this output:

403 Forbidden
nginx

Is there a way to gain access to this file and any other relevant ones?

Or, is there a convenient way to use the aar files without creating a module?

opened by lcuis 3

Cannot Access the Library. Received Status Code 521 from Server
Hi,

I tried following the instructions in Free-RASP-Android But, when I rebuild the project, I got an error on build output:

Could not HEAD 'https://jitpack.io/com/aheaditec/talsec/security/TalsecSecurity-Community/4.2.1-dev/TalsecSecurity-Community-4.2.1-dev.pom'. Received status code 521 from server

Here is my project's build.gradle:

allprojects { repositories { google() mavenCentral() maven { url "https://maven.google.com/" } maven { url 'https://jitpack.io' } maven { url "https://nexus3-public.monetplus.cz/repository/ahead-talsec-free-rasp" } maven { url "https://developer.huawei.com/repo/" } } }

Here is my app build.gradle:

releaseImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:4.2.1-release' debugImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:4.2.1-dev'

Is there an issue with my implementation? Or is there a problem with the library?

Maybe there is a hint to resolve this issue.

Thank you.
opened by andikaputraputu22 2
Frida bypassing Antiroot

Hi, I've been installing freeRASP inside my Android project (it's a React-native project, but I've inserted freeRASP in order to detect rooted devices, primarily). import com.aheaditec.talsec_security.security.api.Talsec; import com.aheaditec.talsec_security.security.api.TalsecConfig; import com.aheaditec.talsec_security.security.api.ThreatListener;

public class MainApplication extends Application implements ReactApplication, ThreatListener.ThreatDetected { public void onCreate() { super.onCreate(); TalsecConfig config = new TalsecConfig("my.app.id","myAppHash", "[email protected]",null); Talsec.start(this,config); } @OverRide public void onRootDetected() { System.exit(0); }

@OverRide public void onDebuggerDetected() { System.exit(0); }

@OverRide public void onEmulatorDetected() { System.exit(0); }

@OverRide public void onTamperDetected() { System.exit(0); }

@OverRide public void onUntrustedInstallationSourceDetected() {

}

@OverRide public void onHookDetected() { System.exit(0); }

@OverRide public void onDeviceBindingDetected() { System.exit(0); } } I've tested in an emulator, with Frida, with the script frida --codeshare dzonerzy/fridantiroot -f my.app.id

The result is that I can install and run my app inside the emulator, which is not desired. An I doing something wrong?

Thanks in advance

opened by lfmorales 1
Android data in the security report seems to be broken

The current release v3.0.0 0bec3be24ddbb1c6aeb7b6542006f1c871de8ce2 seems to be malfunctioning. The report has no data for Android devices. Could you please take a look?

opened by SirionRazzer 1
Android Studio claims that "Library was not found"
Solution

Should you encounter such an issue during the integration process, try these steps:

Add our nexus repository to the list of repositories from which your dependencies are downloaded. You can do this by adding this line of code: { url "[https://nexus3-public.monetplus.cz/repository/ahead-talsec-free-rasp]" } to one of your build.gradle files.

Please also check that this website https://nexus3-public.monetplus.cz/#browse/browse:ahead-talsec-free-rasp is reachable from your internal network and that you can see actual artifacts in the repository.

The order of the repositories matters. Gradle will try to find dependencies in the first repository, and if it fails, it moves to the next one. You can try to put our repository at the top of the list.

Add the dependency to the list of your dependencies. You can do this by adding these lines of code:

releaseImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:3.1.0-release' debugImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:3.1.0-dev'

If the issue still persists, try standard notation, which is not dependent on the build variant of the project, by adding this line of code:

implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:3.1.0-dev'

You can also try to download the artifacts from the repository manually and add them as local dependencies.
opened by talsec-app 0
Maven repo change
maven repo nexus3-public.monetplus.cz is breaked

maven { url "https://nexus3-public.monetplus.cz/repository/ahead-talsec-free-rasp" }
Is there any plan to change maven repo to jitpack or maven Central Repository waiting for response
opened by big-thousand 1
Unable to detect noxplayer emulator

I've tried to run the app on the Nox emulator. It seems like the SDK is not able to detect the nox emulator. Below is the system information of the emulator:

Nox version: 7.0.3.3033-9.0900220715 Android version: Android 9(64 bit) System version: Windows10-64bit-4cpu Computer model: MSI-MS-7850 CPU: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz Total memory: 15.9 GB Available memory: 10.0 GB CPU VT: Enabled Rendering mode: OpenGL+ OpenGL version: 4.3.0 - Build 20.19.15.4624 OpenGL rendering: Intel(R) HD Graphics 4600 Discrete graphics: Enabled Graphics card1: Intel(R) HD Graphics 4600 Firewall: Enabled(Recommend to disable) Installation path: D:\Program Files\Nox\bin Log Path: C:\Users\KK\AppData\Local\Nox Emulator disk space: total 128G, available 116G
enhancement

opened by KKChong 2

Releases(v4.2.3)

v4.2.3(Aug 18, 2022)
freeRASP 4.2.3

We are constantly listening to our community to make freeRASP better. This update contains fixes to reported issues.

What's new in 4.2.3?

✔️ Fixed Duplicate class issue

Source code(tar.gz)
Source code(zip)
v4.2.1(Jul 29, 2022)
We are constantly working on improving your freeRASP experience, and today we're happy to announce a new round of improvements! Here's the list of the new things we included in the latest release.

What's improved?

In this update, we focused on upgrading and extending the critical tampering detection and improving the informational value provided by logs.

⚡ Extended tampering check (Native C) with new, more advanced detections

🔼 Added information about security patches to logs

🔼 Added information about Google Play Services, Huawei Mobile Services, SafetyNet Verify Apps

Source code(tar.gz)
Source code(zip)
v3.3.2(Feb 15, 2022)
Whats new in freeRASP

This version improves granularity of detected threat types with new 'onUnlockedDeviceDetected' callback and 'onHardwareBackedKeystoreNotAvailableDetected' check. We also improved documentation to make it more clear and easy to follow.

Added

We added support of device state to notifications, providing onUnlockedDeviceDetected and onHardwareBackedKeystoreNotAvailableDetected available using DeviceState listener in the ThreatListener class.

🔎 added new callback 'onUnlockedDeviceDetected'

🔎 added new check 'onHardwareBackedKeystoreNotAvailableDetected'

📄 added new section about testing of freeRASP reactions

📄 added explanation of expectedSigningCertificateHashBase64 with guide in the wiki

Changed

⚡ improved performance during library initialization

❌ sensitive content logging modification, package names of well-known dangerous applications (rooting apps, hooking frameworks, etc...) are no longer sent to Elastic, only a flag that device contains one of those applications is sent

Fixed

🆒 usage of deprecated API calls (DexFile) for Android 8.0 and above

🆒 issue with root prompt ("app asking for root permission") on rooted devices

Source code(tar.gz)
Source code(zip)
v3.1.0(Nov 8, 2021)
Whats new in freeRASP

This version fixes major issue with logging.

Fixed

[CRITICAL] Android data collection repaired (fixes issue #1 )

Due to a certificate change, Android logs weren't delivered to a web monitoring service. We fixed the issue by changing the certificate TrustStore for TLS. We urge everyone (Android & Flutter) to update to this freeRASP version. We're sorry for the caused issues.
Source code(tar.gz)
Source code(zip)
v3.0.0(Oct 25, 2021)
Whats new in freeRASP

This version improves granularity of detected threat types.

Added

added new threat callback 'onUntrustedInstallationSourceDetected', which was previously part of onTamperDetected callback

Changed

changed threat callback from 'onFingerprintDetected' to more understandable 'onDeviceBindingDetected'

increased min SDK version from 19 to 21

increased target/compile SDK version from 29 to 31

increased Kotlin and Gradle versions

Fixed

support for direct ADB side-loading (check TalsecApplication.kt -> supportedAlternativeStores)

fixed a bug in a native method which caused crash on a one specific device

fixed a false positive detection of an emulator (TECNO CD7)

fixed a bug with a negative timeMs during run time check computation (fixes a logging)

Source code(tar.gz)
Source code(zip)