Threat-Events™, In-App Threat Intelligence in Java Apps

Last updated November 5, 2023 by Appdome

This Knowledge Base article provides instructions and recommendations (best practices) for implementing Appdome Threat-Events in Java.

To implement Threat-Events:

  1. Create a class that extends from the Application class.
    
    public class MyApplication extends Application {
        @Override
        public void onCreate() {
            …
        }
    }
    
  2. Declare the newly created class above as the Application class name inside the AndroidManifest.xml file.

    
    <application android:name=".MyApplication">
        <activity android:name=".MainActivity" android:exported="true">
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>
    </application>
    
  3. Create a class named ThreatEventReceiver.
    The class should extend from android.content.BroadcastReceiver.

    
    public class ThreatEventReceiver extends BroadcastReceiver {
        @Override	
        public void onReceive(Context context, Intent intent) {
            …
        }
    }
    

    The class implementation should follow the guidelines below:

    •  The logic of handling threat event broadcast runs on a side thread, to avoid keeping the UI thread busy and possibly having the UI hanging.
    •  If the app needs to run on the UI thread due to an incoming threat event, the app explicitly runs the logic on the main thread, otherwise, the app may crash.
    • The Threat Event has general context keys that appear in all event types and may have context keys specific to an event.
      Follow the Knowledge Base article describing each protection to learn more.
  4. Register ThreatEventReceiver in MyApplication class. You are advised is to initialize ThreatEventReceiver with the application context.
    Unlike activity context, the application context will not be destroyed throughout the entire lifetime of the app.
    Create a class member of the ThreatEventReceiver class type to ensure that a reference to the ThreatEvent handler is held during the entire app life cycle. If you fail to do so the garbage collection process can destroy the object, and as a result, broadcast will not be received after leaving the onCreate method scope.

    
    public class MyApplication extends Application {
    
        private static final String TAG = "MyApplication";
        private ThreatEventReceiver threatEventReceiver = null; 
    
        @Override
        public void onCreate() {
            super.onCreate();
    
            // Creating ThreatEventReceiver Instance with Application Context.
            threatEventReceiver = new ThreatEventReceiver(getApplicationContext());
    
            // Registration for "RootedDevice" Threat Events.
            Log.i(TAG, "register for RootedDevice ThreatEvent");
            IntentFilter intentFilter = new IntentFilter();
            intentFilter.addAction("RootedDevice");
            registerReceiver(threatEventReceiver, intentFilter);
        }
    }
    

    You have completed all steps for implementing Threat Events in your app.

    Below you can find an implementation example of the ThreatEventReceiver class mentioned above that follows the guidelines above. The example below covers the handling of Root Prevention Threat Events. For more information see the Knowledge Base article How to Build Root Detection.

    
    import android.content.BroadcastReceiver;
    import android.content.Context;
    import android.content.Intent;
    import android.os.Handler;
    import android.util.Log;
    import android.widget.Toast;
    
    public class ThreatEventReceiver extends BroadcastReceiver {
    
        private static final String TAG = "ThreatEventReceiver";
        private final Context applicationContext;
    
        public ThreatEventReceiver(Context applicationContext) {
            this.applicationContext = applicationContext;
        }
    
        @Override
        public void onReceive(Context context, Intent intent) {
            new Thread(new Runnable() {
                @Override
                public void run() {
                    onEvent(intent);
                }
            }).start();
        }
    
        private void safeShowToast(String message) {
            Log.i(TAG, "Will show the following message as a toast on the UI thread. Message: " + 
    message);
            Handler mainHandler = new Handler(applicationContext.getMainLooper());
            Runnable myRunnable = new Runnable() {
                @Override
                public void run() {
                    Log.i(TAG, "Running on the UI thread. Showing the message");
                    Toast.makeText(applicationContext, message, Toast.LENGTH_SHORT).show();
                }
            };
            mainHandler.post(myRunnable);
        }
    
        // ******************* Side Thread Start ******************* //
        private void onEvent(Intent intent) {
            if (intent != null) {
                Log.i(TAG, "onReceive - action = " + intent.getAction());
                String eventID = intent.getAction();
    
                if (eventID.equals("RootedDevice")) {
                    String message = null; // Message shown to the user
                    String reasonData = null; // Threat detection cause
                    String reasonCode = null; // Event reason code
                    String currentThreatEventScore = null; // Current threat event score
                    String threatEventsScore = null; // Total threat events score
                    String contextKey = null; // Any other event specific context key
    
                    if (intent.hasExtra("message")) {
                        message = intent.getStringExtra("message");
                    }
    
                    if (intent.hasExtra("reasonData")) {
                        reasonData = intent.getStringExtra("reasonData");
                    }
    
                    if (intent.hasExtra("reasonCode")) {
                        reasonCode = intent.getStringExtra("reasonCode");
                    }
    
                    if (intent.hasExtra("currentThreatEventScore")) {
                        currentThreatEventScore = intent.getStringExtra("currentThreatEventScore");
                    }
    
                    if (intent.hasExtra("threatEventsScore")) {
                        threatEventsScore = intent.getStringExtra("threatEventsScore");
                    }
    
                    if (intent.hasExtra("contextKey")) {
                        contextKey = intent.getStringExtra("contextKey");
                    }
    
                    Log.i(TAG, "ThreatEvents has been received: " + intent.getAction()
                            + " message = " + message
                            + " reasonData = " + reasonData
                            + " reasonCode = " + reasonCode
                            + " currentThreatEventScore = " + currentThreatEventScore
                            + " threatEventsScore = " + threatEventsScore
                            + " contextKey = " + contextKey
                    );
    
                    // Present Toast using helper method that performs UI operations on the
                    // UI thread
                    safeShowToast(message);
                }
            }
        }
       // ******************* Side Thread End ******************* //
    }
    

    Related Articles:

    How Do I Learn More?

    If you want to learn how to troubleshoot common issues with the implementation of threat events, check out the KB article Implementing  Threat Events – Best Practices.

    If you want to use Threat-Events to respond to threats detected by Appdome ONEShield, check out this KB article on ONEShield Threat Events.

    To zoom out on this topic, visit the Mobile App Security page on our website.

    Check out the full menu of features in the Appdome Mobile Security Suite.

    If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

    Or request a demo at any time.

    Thank you!

    Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Appdome

Want a Demo?

Threat-Events™ UX/UI Control

AlanWe're here to help
We'll get back to you in 24 hours to schedule your demo.