Threat-Events™, In-App Threat Intelligence in Kotlin Apps
Last updated June 6, 2023 by AppdomeThis knowledge base article shows you how easy it is to use Appdome Threat-EventsTM to get in-app threat intelligence in Kotlin Apps and control the user experience in your Kotlin Apps when mobile attacks occur.
What are Threat-Events?
Appdome’s Threat-Events is a powerful threat-intelligence framework for Android & iOS apps, which is comprised of three elements: (1) a Threat-Event, (2) the data from each Threat-Event, and (3) the Threat-ScoreTM.
With Threat-Events, mobile developers can register, listen to, and consume real-time attack and threat data from Appdome’s mobile app security, anti-fraud, mobile anti-bot, and other protections within their mobile applications. This allows them to (1) ensure that mobile application workflows are aware of attacks and threats, (2) customize business logic and user experience based on the user’s risk profile and/or each attack or threat presented, and (3) pass the threat data to other systems of record such as app servers, mobile fraud analysis systems, SIEMs, and other data collection points.
The purpose of Threat-Events is to enable Android and iOS applications to adapt and respond to mobile app attacks and threats in real time. Using Threat-Events will ensure you delight users and keep users, data, and transactions safe.
Mobile Application Threat-Events vs. Threat-Scores
Appdome Threat-Events can be used as a stand-alone implementation in Kotlin Apps, or in combination with Threat-Scores. Threat-Events provide the mobile developer with the in-app notification of each attack or threat, as well as the metadata associated with the attack. Threat-Scores provide the mobile developer with the Threat-Event event score and the combined (aggregate) mobile end-user risk at the time of the notification.
The figure below shows where you can find Threat-Events and Threat-Scores for each of the runtime mobile app security, anti-fraud, anti-malware, mobile antibot, and other protections available on Appdome:

To enable Threat-Events with any runtime protection, select the check box next to Threat-Events for that feature. Doing so will enable (turn ON) Threat-Events for that feature. To enable Threat-Scores for any runtime protection, click the up/down arrow associated with Threat-Scores to assign a specific score to each protection.
Threat-Scores must have a value greater than zero (0) and less than ten thousand (10,000).
Threat-Events and Threat-Scores can be used with or in place of server-based mobile anti-fraud solutions.
Prerequisites for Using Threat-Events with Kotlin Apps
Here’s what you need to use Threat-Events with Kotlin Apps.
Code Snippet Required for Using Threat-Events with Kotlin Apps
Before consuming Threat-Events or Threat-Scores in your Kotlin Apps, confirm that the following conditions are met:
- Threat-Events and/or Threat-Scores have been enabled ( turned ON) for the specific protection
- You are using the correct identifiers for the Threat-Events for each protection.
You can find the specific identifiers for each Threat-Event and Threat-Score in the knowledge base article associated with each protection.
Add the following lines to your app which follow and receive Appdome Security Events:
private val TAG = "Appdome ThreatEvent"
private val BLOCKED_KEYBOARD = "BlockedKeyboardEvent"
private val BLOCKED_CLIPBOARD = "BlockedClipboardEvent"
private val SSL_VALIDATION_FAILED = "SslCertificateValidationFailed"
private val SSL_NON_SSL_CONNECTION = "SslNonSslConnection"
private val SSL_CERT_PINNING_FAILED = "SslServerCertificatePinningFailed"
private val ACCCES_OUTSIDE_WHITELIST = "UrlWhitelistFailed"
private val SSL_INCOMPATIBLE_CIPHER = "SslIncompatibleCipher"
private val SSL_INCOMPATIBLE_TLS = "SslIncompatibleVersion"
private val SSL_INVALID_CA_CHAIN = "SslInvalidCertificateChain"
private val SSL_INVALID_RSA_SIGNATURE = "SslInvalidMinRSASignature"
private val SSL_INVALID_ECC_SIGNATURE = "SslInvalidMinECCSignature"
private val SSL_INVALID_DIGEST = "SslInvalidMinDigest"
private var ROOTED_DEVICE = "RootedDevice"
private var TAMPERED_APP = "AppIntegrityError"/*Only When ONEShield Threat Events are enabled*/
var receiver = object: BroadcastReceiver()
{ override fun onReceive(context: Context, intent: Intent)
{ onEvent(intent) } }
}
fun init() {
this.registerReceiver(receiver, IntentFilter(BLOCKED_CLIPBOARD))
this.registerReceiver(receiver, IntentFilter(BLOCKED_KEYBOARD))
this.registerReceiver(receiver, IntentFilter(ROOTED_DEVICE))
this.registerReceiver(receiver, IntentFilter(SSL_VALIDATION_FAILED))
this.registerReceiver(receiver, IntentFilter(SSL_NON_SSL_CONNECTION))
this.registerReceiver(receiver, IntentFilter(SSL_INCOMPATIBLE_CIPHER))
this.registerReceiver(receiver, IntentFilter(SSL_CERT_PINNING_FAILED))
this.registerReceiver(receiver, IntentFilter(SSL_INCOMPATIBLE_TLS))
this.registerReceiver(receiver, IntentFilter(SSL_INVALID_CA_CHAIN))
this.registerReceiver(receiver, IntentFilter(ACCCES_OUTSIDE_WHITELIST))
this.registerReceiver(receiver, IntentFilter(SSL_INVALID_RSA_SIGNATURE))
this.registerReceiver(receiver, IntentFilter(SSL_INVALID_ECC_SIGNATURE))
this.registerReceiver(receiver, IntentFilter(SSL_INVALID_DIGEST))
this.registerReceiver(receiver, IntentFilter(TAMPERED_APP))
}
fun onEvent(intent: Intent) {
var action = intent.action
var clipboardAction: String;
var blocked: Boolean;
var timeStamp: String;
var reason: String;
var internalError: String;
var keyboard: String;
var deviceID: String;
var deviceModel: String;
var osVersion: String;
var kernelInfo: String;
var deviceManufacturer: String;
var fusedAppToken: String;
var carrierPlmn: String;
var defaultMessage: String;
var deveventDetailedErrorMessage: String;
var host: String;
var certificateSHA1: String;
var certificateCN: String;
var incompatibleCipherId: String;
var incompatibleSslVersion: String;
var message = "";
when (action) {
BLOCKED_CLIPBOARD -> {
if (!intent.hasExtra("action") || !intent.hasExtra("blocked") || !intent.hasExtra("timestamp") || !intent.hasExtra(
"deviceID"
) || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra(
"deviceManufacturer"
) || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn")
) {
Log.e(TAG, "illegal event recieved.");
Toast.makeText(this, TAG + "illegal event received. ", Toast.LENGTH_LONG).show()
return;
} else {
clipboardAction = intent.getStringExtra("action");//copy, paste, cut, selectAll or unknown
blocked = intent.getStringExtra("blocked").contentEquals("True");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
}
message = "clipboardAction :" + clipboardAction +
"blocked :" + blocked +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
BLOCKED_KEYBOARD -> {
if (!intent.hasExtra("timestamp") || !intent.hasExtra("defaultMessage") || !intent.hasExtra("keyboard") || !intent.hasExtra(
"blocked"
) || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra(
"kernelInfo"
) || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra(
"carrierPlmn"
)
) {
Log.e(TAG, "illegal event recieved.");
Toast.makeText(this, TAG + "illegal event received. ", Toast.LENGTH_LONG).show()
return;
} else {
timeStamp = intent.getStringExtra("timestamp");
defaultMessage = intent.getStringExtra("defaultMessage");
keyboard = intent.getStringExtra("keyboard");
blocked = intent.getStringExtra("blocked").contentEquals("True");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
}
message = "defaultMessage :" + defaultMessage +
"keyboard :" + keyboard +
"blocked :" + blocked +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
ROOTED_DEVICE -> {
if (!intent.hasExtra("timestamp") || !intent.hasExtra("internalError") || !intent.hasExtra("defaultMessage") || !intent.hasExtra("deviceID") || !intent.hasExtra(
"deviceModel"
) || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra(
"fusedAppToken"
) || !intent.hasExtra("carrierPlmn")
) {
Log.e(TAG, "illegal event recieved.");
Toast.makeText(this, TAG + "illegal event received. ", Toast.LENGTH_LONG).show()
return;
} else {
timeStamp = intent.getStringExtra("timestamp");
internalError = intent.getStringExtra("internalError");
defaultMessage = intent.getStringExtra("defaultMessage");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
}
message = "defaultMessage :" + defaultMessage +
"timeStamp :" + timeStamp +
"internalError:" + internalError +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
SSL_VALIDATION_FAILED -> {
if (!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra(
"host"
) || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra("timestamp") || !intent.hasExtra(
"deviceID"
) || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra(
"deviceManufacturer"
) || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn")
) {
Log.e(TAG, "illegal event recieved.");
return;
} else {
defaultMessage = intent.getStringExtra("defaultMessage");// message specified during fusion
deveventDetailedErrorMessage =
intent.getStringExtra("DeveventDetailedErrorMessage");// a detailed error message
host = intent.getStringExtra("host");// the host on which the error occurred
certificateSHA1 = intent.getStringExtra("certificateSHA1");// the certificate sha1 fingerprint
certificateCN = intent.getStringExtra("certificateCN");// the certificate CN (common name)
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
message = "defaultMessage : " + defaultMessage +
"deveventDetailedErrorMessage : " + deveventDetailedErrorMessage +
"host : " + host +
"certificateSHA1 : " + certificateSHA1 +
"certificateCN : " + certificateCN +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
}
SSL_NON_SSL_CONNECTION -> {
if (!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra(
"host"
) || !intent.hasExtra("timestamp") || !intent.hasExtra(
"deviceID"
) || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra(
"deviceManufacturer"
) || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn")
) {
Log.e(TAG, "illegal event recieved.");
return;
} else {
defaultMessage = intent.getStringExtra("defaultMessage");// message specified during fusion
deveventDetailedErrorMessage =
intent.getStringExtra("DeveventDetailedErrorMessage");// a detailed error message
host = intent.getStringExtra("host");// the host on which the error occurred
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
message = "defaultMessage : " + defaultMessage +
"deveventDetailedErrorMessage : " + deveventDetailedErrorMessage +
"host : " + host +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
}
SSL_CERT_PINNING_FAILED -> {
if (!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra(
"host"
) || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra("timestamp") || !intent.hasExtra(
"deviceID"
) || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra(
"deviceManufacturer"
) || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn")
) {
Log.e(TAG, "illegal event recieved.");
return;
} else {
defaultMessage = intent.getStringExtra("defaultMessage");// message specified during fusion
deveventDetailedErrorMessage =
intent.getStringExtra("DeveventDetailedErrorMessage");// a detailed error message
host = intent.getStringExtra("host");// the host on which the error occurred
certificateSHA1 = intent.getStringExtra("certificateSHA1");// the certificate sha1 fingerprint
certificateCN = intent.getStringExtra("certificateCN");// the certificate CN (common name)
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
message = "defaultMessage : " + defaultMessage +
"deveventDetailedErrorMessage : " + deveventDetailedErrorMessage +
"host : " + host +
"certificateSHA1 : " + certificateSHA1 +
"certificateCN : " + certificateCN +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
}
SSL_INCOMPATIBLE_CIPHER -> {
if (!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra(
"host"
) || !intent.hasExtra("incompatibleCipherId") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra(
"deviceModel"
) || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra(
"fusedAppToken"
) || !intent.hasExtra("carrierPlmn")
) {
Log.e(TAG, "illegal event recieved.");
return;
} else {
defaultMessage = intent.getStringExtra("defaultMessage");// message specified during fusion
deveventDetailedErrorMessage =
intent.getStringExtra("DeveventDetailedErrorMessage");// a detailed error message
host = intent.getStringExtra("host");// the host on which the error occurred
incompatibleCipherId = intent.getStringExtra("incompatibleCipherId");
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
message = "defaultMessage : " + defaultMessage +
"deveventDetailedErrorMessage : " + deveventDetailedErrorMessage +
"host : " + host +
"incompatibleCipherId : " + incompatibleCipherId +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
}
SSL_INCOMPATIBLE_TLS -> {
if (!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra(
"host"
) || !intent.hasExtra("incompatibleSslVersion") || !intent.hasExtra("timestamp") || !intent.hasExtra(
"deviceID"
) || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra(
"deviceManufacturer"
) || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn")
) {
Log.e(TAG, "illegal event recieved.");
return;
} else {
defaultMessage = intent.getStringExtra("defaultMessage");// message specified during fusion
deveventDetailedErrorMessage =
intent.getStringExtra("DeveventDetailedErrorMessage");// a detailed error message
host = intent.getStringExtra("host");// the host on which the error occurred
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
incompatibleSslVersion = intent.getStringExtra("incompatibleSslVersion");
message = "defaultMessage : " + defaultMessage +
"deveventDetailedErrorMessage : " + deveventDetailedErrorMessage +
"host : " + host +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn +
"incompatibleSslVersion :" + incompatibleSslVersion
}
}
SSL_INVALID_CA_CHAIN -> {
if (!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra(
"host"
) || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra(
"timestamp"
) || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra(
"kernelInfo"
) || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra(
"carrierPlmn"
)
) {
Log.e(TAG, "illegal event recieved.");
return;
} else {
defaultMessage = intent.getStringExtra("defaultMessage");// message specified during fusion
deveventDetailedErrorMessage =
intent.getStringExtra("DeveventDetailedErrorMessage");// a detailed error message
host = intent.getStringExtra("host");// the host on which the error occurred
certificateSHA1 = intent.getStringExtra("certificateSHA1");// the certificate sha1 fingerprint
certificateCN = intent.getStringExtra("certificateCN");// the certificate CN (common name)
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
message = "defaultMessage : " + defaultMessage +
"deveventDetailedErrorMessage : " + deveventDetailedErrorMessage +
"host : " + host +
"certificateSHA1 : " + certificateSHA1 +
"certificateCN : " + certificateCN +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
}
ACCCES_OUTSIDE_WHITELIST -> {
if (!intent.hasExtra("defaultMessage") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra(
"deviceModel"
) || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra(
"fusedAppToken"
) || !intent.hasExtra("carrierPlmn")
) {
Log.e(TAG, "illegal event recieved.");
return;
} else {
defaultMessage = intent.getStringExtra("defaultMessage");// message specified during fusion
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
message = "defaultMessage : " + defaultMessage +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
}
SSL_INVALID_RSA_SIGNATURE -> {
if (!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra(
"host"
) || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra(
"timestamp"
) || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra(
"kernelInfo"
) || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra(
"carrierPlmn"
)
) {
Log.e(TAG, "illegal event recieved.");
return;
} else {
defaultMessage = intent.getStringExtra("defaultMessage");// message specified during fusion
deveventDetailedErrorMessage =
intent.getStringExtra("DeveventDetailedErrorMessage");// a detailed error message
host = intent.getStringExtra("host");// the host on which the error occurred
certificateSHA1 = intent.getStringExtra("certificateSHA1");// the certificate sha1 fingerprint
certificateCN = intent.getStringExtra("certificateCN");// the certificate CN (common name)
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
message = "defaultMessage : " + defaultMessage +
"deveventDetailedErrorMessage : " + deveventDetailedErrorMessage +
"host : " + host +
"certificateSHA1 : " + certificateSHA1 +
"certificateCN : " + certificateCN +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
}
SSL_INVALID_ECC_SIGNATURE -> {
if (!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra(
"host"
) || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra(
"timestamp"
) || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra(
"kernelInfo"
) || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra(
"carrierPlmn"
)
) {
Log.e(TAG, "illegal event recieved.");
return;
} else {
defaultMessage = intent.getStringExtra("defaultMessage");// message specified during fusion
deveventDetailedErrorMessage =
intent.getStringExtra("DeveventDetailedErrorMessage");// a detailed error message
host = intent.getStringExtra("host");// the host on which the error occurred
certificateSHA1 = intent.getStringExtra("certificateSHA1");// the certificate sha1 fingerprint
certificateCN = intent.getStringExtra("certificateCN");// the certificate CN (common name)
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
message = "defaultMessage : " + defaultMessage +
"deveventDetailedErrorMessage : " + deveventDetailedErrorMessage +
"host : " + host +
"certificateSHA1 : " + certificateSHA1 +
"certificateCN : " + certificateCN +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
}
SSL_INVALID_DIGEST -> {
if (!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra(
"host"
) || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra("timestamp") || !intent.hasExtra(
"deviceID"
) || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra(
"deviceManufacturer"
) || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn")
) {
Log.e(TAG, "illegal event recieved.");
return;
} else {
defaultMessage = intent.getStringExtra("defaultMessage");// message specified during fusion
deveventDetailedErrorMessage =
intent.getStringExtra("DeveventDetailedErrorMessage");// a detailed error message
host = intent.getStringExtra("host");// the host on which the error occurred
certificateSHA1 = intent.getStringExtra("certificateSHA1");// the certificate sha1 fingerprint
certificateCN = intent.getStringExtra("certificateCN");// the certificate CN (common name)
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
message = "defaultMessage : " + defaultMessage +
"deveventDetailedErrorMessage : " + deveventDetailedErrorMessage +
"host : " + host +
"certificateSHA1 : " + certificateSHA1 +
"certificateCN : " + certificateCN +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
}
}
Log.e(TAG, "Got Threat-Event $message");
}
/* Only When ONEShield Threat Events are enabled*/
TAMPERED_APP -> {
if (!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra("reason") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn")
) {
Log.e(TAG, "illegal event recieved.");
return;
} else {
defaultMessage = intent.getStringExtra("defaultMessage");// message specified during fusion
deveventDetailedErrorMessage =intent.getStringExtra("DeveventDetailedErrorMessage");// a detailed error message
reason = intent.getStringExtra("reason");// the cause which triggered the Anti-Tampering protection
timeStamp = intent.getStringExtra("timestamp");
deviceID = intent.getStringExtra("deviceID");
deviceModel = intent.getStringExtra("deviceModel");
osVersion = intent.getStringExtra("osVersion");
kernelInfo = intent.getStringExtra("kernelInfo");
deviceManufacturer = intent.getStringExtra("deviceManufacturer");
fusedAppToken = intent.getStringExtra("fusedAppToken");
carrierPlmn = intent.getStringExtra("carrierPlmn");
message = "defaultMessage : " + defaultMessage +
"reason : " + reason +
"timeStamp :" + timeStamp +
"deviceID :" + deviceID +
"deviceModel :" + deviceModel +
"osVersion :" + osVersion +
"kernelInfo :" + kernelInfo +
"deviceManufacturer :" + deviceManufacturer +
"fusedAppToken :" + fusedAppToken +
"carrierPlmn :" + carrierPlmn
}
}
Special Considerations for using Threat-Events with Kotlin Apps.
None.
Meta-Data for Mobile Application Threat-Events and Threat-Scores
Below is the list of metadata that can be associated with each mobile application Threat-Event and Threat-Score in Kotlin Apps.
[Insert list of values and descriptions]
Some or all of the meta-data for each mobile application Threat-Event and Threat-Score can be consumed in Kotlin Apps at the discretion of the mobile developer and used, in combination with other mobile application data, to adapt the business logic or user experience when one or more attacks or threats are present.
Using Conditional Enforcement for Mobile Application Threat-Events and Threat-Scores
Conditional Enforcement is an extension to Appdome’s mobile application Threat-Event framework. By using conditional enforcement, developers can control when Appdome enforcement of each mobile application protection takes place or invoke backup, failsafe, enforcement to any in-app enforcement used by the mobile developer.
For more information on using conditional enforcement with your Threat-Event implementation, please contact support@appdome.com.