Threat-Events™, In-App Threat Intelligence in Kotlin Apps

Last updated August 10, 2023 by Appdome

This knowledge base article shows you how easy it is to use Appdome Threat-Events™ to get in-app threat intelligence in Kotlin Apps and control the user experience in your Kotlin Apps when mobile attacks occur.

What are Threat-Events?

Appdome Threat-Events is a powerful threat-intelligence framework for Android & iOS apps, which is comprised of three elements: (1) a Threat-Event, (2) the data from each Threat-Event, and (3) the Threat-Score™.

With Threat-Events, mobile developers can register, listen to, and consume real-time attack and threat data from Appdome’s mobile app security, anti-fraud, mobile anti-bot, and other protections within their mobile applications. This allows them to (1) ensure that mobile application workflows are aware of attacks and threats, (2) customize business logic and user experience based on the user’s risk profile and/or each attack or threat presented, and (3) pass the threat data to other systems of record such as app servers, mobile fraud analysis systems, SIEMs, and other data collection points.

The purpose of Threat-Events is to enable Android and iOS applications to adapt and respond to mobile app attacks and threats in real-time. Using Threat-Events will ensure you keep users, data, and transactions safe.

Mobile Application Threat-Events vs. Threat-Scores

Appdome Threat-Events can be used as a stand-alone implementation in Kotlin Apps, or in combination with Threat-Scores. Threat-Events provide the mobile developer with the in-app notification of each attack or threat, as well as the metadata associated with the attack. Threat-Scores provide the mobile developer with the Threat-Event event score and the combined (aggregate) mobile end-user risk at the time of the notification.

The figure below shows where you can find Threat-Events and Threat-Scores for each of the runtime mobile app security, anti-fraud, anti-malware, mobile antibot, and other protections available on Appdome:

Roottoggle Threateventsscore

To enable Threat-Events with any runtime protection, select the check box next to Threat-Events for that feature. Doing so will enable (turn ON) Threat-Events for that feature. To enable Threat-Scores for any runtime protection, click the up/down arrow associated with Threat-Scores to assign a specific score to each protection.
Threat-Scores must have a value greater than zero (0) and less than a thousand (1,000).

Threat-Events and Threat-Scores can be used with or in place of server-based mobile anti-fraud solutions.

Prerequisites for Using Threat-Events with Kotlin Apps

Here’s what you need to use Threat-Events with Kotlin Apps.

Code Snippet Required for Using Threat-Events with Kotlin Apps

Before consuming Threat-Events or Threat-Scores in your Kotlin Apps, confirm that the following conditions are met:

  • Threat-Events and/or Threat-Scores have been enabled ( turned ON) for the specific protection
  • You are using the correct identifiers for the Threat-Events for each protection.
    You can find the specific identifiers for each Threat-Event and Threat-Score in the knowledge base article associated with each protection.

Below is the code snippet required for using Threat-Events™ and Threat-Scores™ in Kotlin Apps:


private val TAG = "Appdome ThreatEvent"
private val BLOCKED_KEYBOARD = "BlockedKeyboardEvent"
private val BLOCKED_CLIPBOARD = "BlockedClipboardEvent"
private val SSL_VALIDATION_FAILED = "SslCertificateValidationFailed"
private val SSL_NON_SSL_CONNECTION = "SslNonSslConnection"
private val SSL_CERT_PINNING_FAILED = "SslServerCertificatePinningFailed"
private val ACCESS_OUTSIDE_WHITELIST = "UrlWhitelistFailed"
private val SSL_INCOMPATIBLE_CIPHER = "SslIncompatibleCipher"
private val SSL_INCOMPATIBLE_TLS = "SslIncompatibleVersion"
private val SSL_INVALID_CA_CHAIN = "SslInvalidCertificateChain"
private val SSL_INVALID_RSA_SIGNATURE = "SslInvalidMinRSASignature"
private val SSL_INVALID_ECC_SIGNATURE = "SslInvalidMinECCSignature"
private val SSL_INVALID_DIGEST = "SslInvalidMinDigest"
private var ROOTED_DEVICE = "RootedDevice"
// Only available when ONEShield Threat Events are enabled
private var TAMPERED_APP = "AppIntegrityError"
private var mContext: Context
private var receiver = object: BroadcastReceiver() {
     override fun onReceive(context: Context, intent: Intent)
    { 
        onEvent(intent) 
    }
}

private fun registerReceiverWithFlags(intentFilter: IntentFilter) {
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
        registerReceiver(this.receiver, intentFilter, Context.RECEIVER_NOT_EXPORTED)
    } else {
        registerReceiver(this.receiver, intentFilter)
    }
}

fun init(context: Context) {
    this.mContext = context
    this.registerReceiverWithFlags(IntentFilter(BLOCKED_CLIPBOARD))
    this.registerReceiverWithFlags(IntentFilter(BLOCKED_KEYBOARD))
    this.registerReceiverWithFlags(IntentFilter(ROOTED_DEVICE))
    this.registerReceiverWithFlags(IntentFilter(SSL_VALIDATION_FAILED))
    this.registerReceiverWithFlags(IntentFilter(SSL_NON_SSL_CONNECTION))
    this.registerReceiverWithFlags(IntentFilter(SSL_INCOMPATIBLE_CIPHER))
    this.registerReceiverWithFlags(IntentFilter(SSL_CERT_PINNING_FAILED))
    this.registerReceiverWithFlags(IntentFilter(SSL_INCOMPATIBLE_TLS))
    this.registerReceiverWithFlags(IntentFilter(SSL_INVALID_CA_CHAIN))
    this.registerReceiverWithFlags(IntentFilter(ACCESS_OUTSIDE_WHITELIST))
    this.registerReceiverWithFlags(IntentFilter(SSL_INVALID_RSA_SIGNATURE))
    this.registerReceiverWithFlags(IntentFilter(SSL_INVALID_ECC_SIGNATURE))
    this.registerReceiverWithFlags(IntentFilter(SSL_INVALID_DIGEST))
    // Only available when ONEShield Threat Events are enabled
    this.registerReceiverWithFlags(IntentFilter(TAMPERED_APP))
}

fun onEvent(intent: Intent) {
    var action = intent.action
    var clipboardAction: String
    var blocked: Boolean;
    var timeStamp: String
    var reason: String
    var internalError: String
    var keyboard: String
    var deviceID: String
    var deviceModel: String
    var osVersion: String
    var kernelInfo: String
    var deviceManufacturer: String
    var fusedAppToken: String
    var carrierPlmn: String
    var defaultMessage: String
    var threatEventDetailedMessage: String
    var host: String
    var certificateSHA1: String
    var certificateCN: String
    var incompatibleCipherId: String
    var incompatibleSslVersion: String
    var deviceBrand: String
    var deviceBoard: String
    var buildHost: String
    var buildUser: String
    var sdkVersion: String

    when (action) {
        BLOCKED_CLIPBOARD-> {
            // "copy", "paste", "cut", "selectAll" or "unknown"
            clipboardAction = intent.getStringExtra("action")
            // "true" or "false"
            blocked = intent.getStringExtra("blocked")
            // message specified in the fusion set
            defaultMessage = intent.getStringExtra("defaultMessage")
            // UNIX timestamp of detection
            timeStamp = intent.getStringExtra("timestamp")
            // Unique device identifier
            deviceID = intent.getStringExtra("deviceID")
            // Mobile device model
            deviceModel = intent.getStringExtra("deviceModel")
            // Mobile device OS version
            osVersion = intent.getStringExtra("osVersion")
            // Kernel information
            kernelInfo = intent.getStringExtra("kernelInfo")
            // Mobile device manufacturer
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            // Build ID
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            // Carrier identity number (PLMN code)
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            // Device Brand
            deviceBrand = intent.getStringExtra("deviceBrand")
            // Device Board
            deviceBoard = intent.getStringExtra("deviceBoard")
            // Build Host
            buildHost = intent.getStringExtra("buildHost")
            // Build User
            buildUser = intent.getStringExtra("buildUser")
            // SDK Version
            sdkVersion = intent.getStringExtra("sdkVersion")

            //
            // Respond to mobile app attacks and threats here
            //

        }
        BLOCKED_KEYBOARD-> {
            // Package name of the keyboard
            keyboard = intent.getStringExtra("keyboard")
            // "true" or "false"
            blocked = intent.getStringExtra("blocked")
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")

            //
            // Respond to mobile app attacks and threats here
            //
        }

        ROOTED_DEVICE-> {
            // Opaque identifier of root detection method
            internalError = intent.getStringExtra("internalError")
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")

            //
            // Respond to mobile app attacks and threats here
            //
        }

        SSL_VALIDATION_FAILED-> {
            // A detailed message describing the detection
            threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage")
            // The host that triggered the detection
            host = intent.getStringExtra("host")
            // The certificate sha1 fingerprint
            certificateSHA1 = intent.getStringExtra("certificateSHA1")
            // The certificate CN (common name)
            certificateCN = intent.getStringExtra("certificateCN")
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")
            //
            // Respond to mobile app attacks and threats here
            //
        }

        SSL_NON_SSL_CONNECTION-> {
            // A detailed message describing the detection
            threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage")
            // The host that triggered the detection
            host = intent.getStringExtra("host")
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")
            //
            // Respond to mobile app attacks and threats here
            //
        }
        
        SSL_CERT_PINNING_FAILED-> {
            // A detailed message describing the detection
            threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage")
            // The host that triggered the detection
            host = intent.getStringExtra("host")
            // The certificate sha1 fingerprint                              
            certificateSHA1 = intent.getStringExtra("certificateSHA1")
            // The certificate CN (common name)
            certificateCN = intent.getStringExtra("certificateCN")
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")
            //
            // Respond to mobile app attacks and threats here
            //
        }

        SSL_INCOMPATIBLE_CIPHER-> {
            // The Incompatible Cipher Id
            incompatibleCipherId = intent.getStringExtra("incompatibleCipherId")
            // The host that triggered the detection
            host = intent.getStringExtra("host")
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")
            //
            // Respond to mobile app attacks and threats here
            //
        }

        SSL_INCOMPATIBLE_TLS-> {
            // The host that triggered the detection
            host = intent.getStringExtra("host")
            // The Incompatible SSL/TLS version
            incompatibleSslVersion = intent.getStringExtra("incompatibleSslVersion")
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")
            //
            // Respond to mobile app attacks and threats here
            //
        }

        SSL_INVALID_CA_CHAIN-> {
            // A detailed message describing the detection
            threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage")
            // The host that triggered the detection
            host = intent.getStringExtra("host")
            // The certificate sha1 fingerprint
            certificateSHA1 = intent.getStringExtra("certificateSHA1")
            // The certificate CN (common name)
            certificateCN = intent.getStringExtra("certificateCN")
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")
            //
            // Respond to mobile app attacks and threats here
            //
        }

        ACCESS_OUTSIDE_WHITELIST-> {
            // The host that triggered the detection
            host = intent.getStringExtra("host")
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")
            //
            // Respond to mobile app attacks and threats here
            //
        }

        SSL_INVALID_RSA_SIGNATURE-> {
            // A detailed message describing the detection
            threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage")
            // The host that triggered the detection
            host = intent.getStringExtra("host")
            // The certificate sha1 fingerprint
            certificateSHA1 = intent.getStringExtra("certificateSHA1")
            // The certificate CN (common name)
            certificateCN = intent.getStringExtra("certificateCN")
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")
            //
            // Respond to mobile app attacks and threats here
            //
        }

        SSL_INVALID_ECC_SIGNATURE-> {
            // A detailed message describing the detection
            threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage")
            // The host that triggered the detection
            host = intent.getStringExtra("host")
            // The certificate sha1 fingerprint
            certificateSHA1 = intent.getStringExtra("certificateSHA1")
            // The certificate CN (common name)
            certificateCN = intent.getStringExtra("certificateCN")                                     
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")
            //
            // Respond to mobile app attacks and threats here
            //
        }
        SSL_INVALID_DIGEST-> {
            // A detailed message describing the detection
            threatEventDetailedMessage = intent.getStringExtra("DeveventDetailedErrorMessage")
            // The host that triggered the detection
            host = intent.getStringExtra("host")
            // The certificate sha1 fingerprint
            certificateSHA1 = intent.getStringExtra("certificateSHA1")
            // The certificate CN (common name)
            certificateCN = intent.getStringExtra("certificateCN")          
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")
            //
            // Respond to mobile app attacks and threats here
            //
        }
        /* Only When ONEShield Threat Events are enabled*/
        TAMPERED_APP-> {
            // The detected tampered component
            reason = intent.getStringExtra("reason")
            defaultMessage = intent.getStringExtra("defaultMessage")
            timeStamp = intent.getStringExtra("timestamp")
            deviceID = intent.getStringExtra("deviceID")
            deviceModel = intent.getStringExtra("deviceModel")
            osVersion = intent.getStringExtra("osVersion")
            kernelInfo = intent.getStringExtra("kernelInfo")
            deviceManufacturer = intent.getStringExtra("deviceManufacturer")
            fusedAppToken = intent.getStringExtra("fusedAppToken")
            carrierPlmn = intent.getStringExtra("carrierPlmn")
            deviceBrand = intent.getStringExtra("deviceBrand")
            deviceBoard = intent.getStringExtra("deviceBoard")
            buildHost = intent.getStringExtra("buildHost")
            buildUser = intent.getStringExtra("buildUser")
            sdkVersion = intent.getStringExtra("sdkVersion")
            //
            // Respond to mobile app attacks and threats here
            //
        }
    }
}

Threat-Event Failsafe Enforcement

Failsafe Enforcement provides app developers with the ability to manage when Appdome enforces specific detections. To utilize this feature, follow the steps below:

  1. Set the Threat Event of the selected feature to “In-App Detection” mode.
  2. Enable the Threat-Event Failsafe Enforcement option.

Once you have received the Threat Event and performed the necessary internal logic, you should post a notification named “EnforceThreatEvent” using Android’s Broadcast API with the userInfo received from the Threat Event. Below is the code snippet required for using Threat Event in Failsafe Enforcement configuration, with the RootedDevice event as an example:

 

val action = intent.action
when (action) {
    ROOTED_DEVICE -> {
        //
        // Respond to mobile app attacks and threats here, as seen above
        //

        // Notify Appdome to enforce the Threat Event after Threat Event is handled
        val newIntent = Intent("EnforceThreatEvent").apply {
            putExtras(intent.extras)
        }
        context.sendBroadcast(newIntent)
    }
}

To learn more, please read this article.

Special Considerations for using Threat-Events with Kotlin Apps

None.

Compatibility with Android 14

Following a security update introduced in Android 14 (API level 34), apps targeting Android 14 are required to explicitly specify whether a registered receiver should be exported to all other apps on the device. A SecurityException will be raised if a context-registered broadcast receiver is registered without passing either Context.RECEIVER_NOT_EXPORTED or Context.RECEIVER_EXPORTED. The receiver flags were introduced in Android 13 as part of  “Safer exporting of context-registered receivers”, as seen here. Therefore when registering a broadcast receiver for Threat Events, the call to register a a context-registered  BroadcastReceiver registration should include the Context.RECEIVER_NOT_EXPORTED receiver flag when the app targeting Android 13 and above in order to ensure that the receiver will only accept broadcasts sent from within the protected app. For additional details, please follow this Android guide.

Meta-Data for Mobile Application Threat-Events and Threat-Scores

Below is the list of metadata that can be associated with each mobile application Threat-Event and Threat-Score in Kotlin Apps.

Threat-Event Context Keys
message Message displayed for the user on event
externalID The external ID of the event which can be listened via Threat Events
osVersion OS version of the current device
deviceModel Current device model
deviceManufacturer The manufacturer of the current device
fusedAppToken The task ID of the Appdome fusion of the currently running app
kernelInfo Info about the kernel: system name, node name, release, version and machine.
carrierPlmn PLMN of the device
deviceID Current device ID
reasonCode Reason code of the occured event
buildDate Appdome fusion date of the current application
devicePlatform OS name of the current device
carrierName Carrier name of the current device
updatedOSVersion Is the OS version up to date
deviceBrand Brand of the device
deviceBoard Board of the device
buildUser Build user
buildHost Build host
sdkVersion Sdk version
timeZone Time zone
deviceFaceDown Is the device face down
locationLong Location long
locationLat Location lat
locationState Location state
wifiSsid Wifi SSID
wifiSsidPermissionStatus Wifi SSID permission status

Some or all of the meta-data for each mobile application Threat-Event and Threat-Score can be consumed in Kotlin Apps at the discretion of the mobile developer and used, in combination with other mobile application data, to adapt the business logic or user experience when one or more attacks or threats are present.

Using Conditional Enforcement for Mobile Application Threat-Events and Threat-Scores

Conditional Enforcement is an extension to Appdome’s mobile application Threat-Event framework. By using conditional enforcement, developers can control when Appdome enforcement of each mobile application protection takes place or invoke backup, failsafe, and enforcement to any in-app enforcement used by the mobile developer.
For more information on using conditional enforcement with your Threat-Event implementation, please contact support@appdome.com.

Verifying Threat-Events in Kotlin Apps

After you have implemented the required Threat-Event code in your Kotlin Apps, you can confirm that your Threat-Event implementation(s) is properly recognized by the Appdome protections in the Kotlin Apps. To do that, review the Certified Secure™ DevSecOps certificate for your build on Appdome.

In the Certified Secure DevSecOps certificate, a correct implementation of Threat-Events in your mobile application looks as seen below.

Androidtecert

In the Certified Secure DevSecOps certificate, an incorrect implementation of Threat-Events in your mobile application looks as seen below.

Threateventswrongimplementationandroid

For information on how to view and/or retrieve the Certified Secure DevSecOps certification for your mobile application on Appdome, please visit the knowledge base article Using Certified Secure™ Android & iOS Apps Build Certification in DevOps CI/CD

Questions Using Threat-Events™ in Kotlin Apps?

If you have specific questions about implementing Threat-Events or Threat-Scores in Kotlin Apps, fill out the inquiry form on the right-hand side of this knowledge base article or contact support@appdome.com. That is it – Enjoy Appdome with Threat-Events™ in your app!

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

NEED HELP?

let's solve it together

DanaMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.