Threat-Events™, In-App Threat Intelligence in React Native Apps

Last updated June 6, 2023 by Appdome

This knowledge base article shows you how easy it is to use Appdome Threat-EventsTM to get in-app threat intelligence in React Native Apps and control the user experience in your React Native Apps when mobile attacks occur.

What are Threat-Events?

Appdome’s Threat-Events is a powerful threat-intelligence framework for Android & iOS apps, which is comprised of three elements: (1) a Threat-Event, (2) the data from each Threat-Event, and (3) the Threat-ScoreTM.

With Threat-Events, mobile developers can register, listen to, and consume real-time attack and threat data from Appdome’s mobile app security, anti-fraud, mobile anti-bot, and other protections within their mobile applications. This allows them to (1) ensure that mobile application workflows are aware of attacks and threats, (2) customize business logic and user experience based on the user’s risk profile and/or each attack or threat presented, and (3) pass the threat data to other systems of record such as app servers, mobile fraud analysis systems, SIEMs, and other data collection points.

The purpose of Threat-Events is to enable Android and iOS applications to adapt and respond to mobile app attacks and threats in real time. Using Threat-Events will ensure you delight users and keep users, data, and transactions safe.

Mobile Application Threat-Events vs. Threat-Scores

Appdome Threat-Events can be used as a stand-alone implementation in React Native Apps, or in combination with Threat-Scores. Threat-Events provide the mobile developer with the in-app notification of each attack or threat, as well as the metadata associated with the attack. Threat-Scores provide the mobile developer with the Threat-Event event score and the combined (aggregate) mobile end-user risk at the time of the notification.

The figure below shows where you can find Threat-Events and Threat-Scores for each of the runtime mobile app security, anti-fraud, anti-malware, mobile antibot, and other protections available on Appdome:

Rootdetection

To enable Threat-Events with any runtime protection, select the check box next to Threat-Events for that feature. Doing so will enable (turn ON) Threat-Events for that feature. To enable Threat-Scores for any runtime protection, click the up/down arrow associated with Threat-Scores to assign a specific score to each protection.
Threat-Scores must have a value greater than zero (0) and less than ten thousand (10,000).

Threat-Events and Threat-Scores can be used with or in place of server-based mobile anti-fraud solutions.

Prerequisites for Using Threat-Events with React Native Apps

Here’s what you need to use Threat-Events with React Native Apps.

Appdome account (If you do not yet have an account, create a free Appdome account).
Appdome account class – Appdome DEV or higher.
Mobile Application Source Code.
Threat events license
Xcode software
Android Studio software
React-Native mobile development framework
Signing Credentials (e.g., signing certificates and provisioning profile) – see Signing Secure Android appsand Signing Secure iOS apps.

Code Snippet Required for Using Threat-Events with React Native Apps

Using Threat-Events™ and Threat-Scores™ in React Native Apps is different between iOS and Android.

To Follow and Receive Appdome Security Events in iOS:

Download the code – ReactNative iOS.txt.
Open the iOS project in Xcode (resides in IOS folder under the root directory of the project).
Add an ADDevEvents class and an ADDevEvents header.

Make the ADDevEvents class inherit from RCTEventEmitter and implements RCTBridgeModule.
The ADDevEvents header should contain the following code:


#ifndef ADDevEvents_h
 #define ADDevEvents_h
 #import "React/RCTBridgeModule.h"
 #import <React/RCTEventEmitter.h>
 @interface ADDevEvents : RCTEventEmitter
 @property (strong) NSMutableArray *supportedEventsArray;
 @end
 #endif/* ADDevEvents_h */

Add the following code to ADDevEvents class


#import <Foundation/Foundation.h>
#import "ADDevEvents.h"
#import "React/RCTBridgeModule.h"
@implementation ADDevEvents
RCT_EXPORT_MODULE()
RCT_EXPORT_METHOD(registerForDevEvent:(NSString *)name ) {// this method can be called from js to register to event
[[NSNotificationCenter defaultCenter] addObserver:self
selector:@selector(handleNotification:)
name:name
object:nil];

if (!self.supportedEventsArray) {
self.supportedEventsArray = [NSMutableArray array];
 }
[self.supportedEventsArray addObject:name];
}
- (NSArray *)supportedEvents// this method need to return all the events that will be called with sendEventWithName
{
return self.supportedEventsArray;
}
- (void)handleNotification:(NSNotification *)notification// this method send notification to js
{ [self sendEventWithName:notification.name body:notification.userInfo];
}
@end

To register Appdome Security Events, see below iOS and Android Security events registration.

How to Follow and Receive Appdome Security Events in Android:

Download the code – ReactNative Android.txt

Open the android project in Android Studio (it resides in the Android folder under the root directory).
Add ADDevEvents class with the following code:


import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.os.Bundle;
import android.support.v4.content.LocalBroadcastManager;
import com.facebook.react.bridge.Arguments;
import com.facebook.react.bridge.ReactApplicationContext;
import com.facebook.react.bridge.ReactContextBaseJavaModule;
import com.facebook.react.bridge.ReactMethod;
import com.facebook.react.bridge.ReadableMap;
import com.facebook.react.bridge.WritableMap;
import com.facebook.react.modules.core.DeviceEventManagerModule;

import javax.annotation.Nonnull;

public class ADDevEvents extends ReactContextBaseJavaModule {

public ADDevEvents(@Nonnull ReactApplicationContext reactContext) {
super(reactContext);
}

@Nonnull
@Override public String getName() {
return "ADDevEvents";
}

@ReactMethod
public void registerForDevEvent(String action) {
IntentFilter filter = new IntentFilter(action);

LocalBroadcastManager.getInstance(getReactApplicationContext()).registerReceiver(new BroadcastReceiver() {
@Override public void onReceive(Context context, Intent intent) {
handleNotification(intent);
}

}, filter);

}

private void handleNotification(Intent intent) {
WritableMap extras = Arguments.fromBundle(intent.getExtras());
this.getReactApplicationContext()
.getJSModule(DeviceEventManagerModule.RCTDeviceEventEmitter.class)
.emit(intent.getAction(), extras);
}

@ReactMethod
public void postDevEvent(String action, ReadableMap userInfo) {
Intent intent = new Intent(action);
if (userInfo != null) {
Bundle bundle = Arguments.toBundle(userInfo);
intent.putExtras(bundle);
}
this.getReactApplicationContext().sendBroadcast(intent);
}

}

Add ADDevEventsPackage class with the following code:


import com.facebook.react.ReactPackage;
import com.facebook.react.bridge.NativeModule;
import com.facebook.react.bridge.ReactApplicationContext;
import com.facebook.react.uimanager.ViewManager;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;

public class ADDevEventsPackage implements ReactPackage {

@Nonnull
@Override
public List createNativeModules(@Nonnull ReactApplicationContext reactContext) {
List modules = new ArrayList<>();
modules.add(new ADDevEvents(reactContext));
return modules;
}

@Nonnull
@Override
public List createViewManagers(@Nonnull ReactApplicationContext reactContext) {
return Collections.emptyList();
}
}

Add new ADDevEventsPackage() class to getPackages method in MainApplication class.
Here is an example of the MainApplication class code:


public class MainApplication extends Application implements ReactApplication {

import android.app.Application;
import com.facebook.react.ReactApplication;
import com.facebook.react.ReactNativeHost;
import com.facebook.react.ReactPackage;
import com.facebook.react.shell.MainReactPackage;
import com.facebook.soloader.SoLoader;
import java.util.Arrays;
import java.util.List;

public class MainApplication extends Application implements ReactApplication {

private final ReactNativeHost mReactNativeHost = new ReactNativeHost(this) {
@Override
public boolean getUseDeveloperSupport() {
return BuildConfig.DEBUG;
}

@Override
protected List getPackages() {
return Arrays.asList(
new MainReactPackage(),
new ADDevEventsPackage()
);

}

@Override
protected String getJSMainModuleName() {
return "index";
}
};

@Override
public ReactNativeHost getReactNativeHost() {
return mReactNativeHost;
}

@Override
public void onCreate() {
super.onCreate();
SoLoader.init(this,/* native exopackage */ false);
}
}

iOS and Android Security events registration

To register iOS and Android Security events:

1. Call registerForDevEvents and postNotificationToAppdome from Java Script.
  By default the App.js file holds the JS code for the application.
2. Add NativeModules and NativeEventEmitter from react-native.
  1. Add the following code:
```
const { ADDevEvents } = NativeModules;
const aDDevEvents = new NativeEventEmitter(ADDevEvents);
```
  2. Add the following function:
```
function registerToDevEvent(action, callback) {
NativeModules.ADDevEvents.registerForDevEvent(action);
aDDevEvents.addListener(action, callback);
}
```
3. Register to the DEV-Events by calling registerToDevEvent(action, callback).
4. Send the DEV-Events with NativeModules.ADDevEvents.postNotificationToAppdome(“Dev-Event Name”, {“Key”: “Value”});

Before consuming Threat-Events or Threat-Scores in your React Native Apps mobile application, confirm that the following conditions are met:

Threat-Events and/or Threat-Scores have been enabled ( turned ON) for the specific protection
You are using the correct identifiers for the Threat-Events for each protection.
You can find the specific identifiers for each Threat-Event and Threat-Score in the knowledge base article associated with each protection.

Special Considerations for using Threat-Events with React Native Apps

ReactNative does not provide an out-of-the-box method to register to receive broadcasts or NSNotifications from javascript.

To enable receiving these broadcasts, the following operations should be performed within the ReactNative app:

Implement Java\Kotlin class that registers a BroadcastReceiver or Objective-C class, depending on the platform, to add an Observer that will receive a ThreatEvent.
Declare the class that registers a ThreatEvent receiver as a package, and register this package to make it accessible from ReactNative Webview by using JavaScript.
Register handlers for all ThreatEvent included in the Fusion set.

Meta-Data for Mobile Application Threat-Events and Threat-Scores

Below is the list of metadata that can be associated with each mobile application Threat-Event and Threat-Score in React Native Apps.

[Insert list of values and descriptions]

Some or all of the meta-data for each mobile application Threat-Event and Threat-Score can be consumed in React Native Apps at the discretion of the mobile developer and used, in combination with other mobile application data, to adapt the business logic or user experience when one or more attacks or threats are present.

Using Conditional Enforcement for Mobile Application Threat-Events and Threat-Scores

Conditional Enforcement is an extension to Appdome’s mobile application Threat-Event framework. By using conditional enforcement, developers can control when Appdome enforcement of each mobile application protection takes place or invoke backup, failsafe, enforcement to any in-app enforcement used by the mobile developer.
For more information on using conditional enforcement with your Threat-Event implementation, please contact support@appdome.com.

Verifying Threat-Events in React Native Apps

After you have implemented the required Threat-Event code in your React Native Apps, you can confirm that your Threat-Event implementation(s) is properly recognized by the Appdome protections in the React Native Apps. To do that, review the Certified Secure™ DevSecOps certificate for your build on Appdome.

In the Certified Secure DevSecOps certificate, a correct implementation of Threat-Events in your mobile application looks as seen below.

In the Certified Secure DevSecOps certificate, an incorrect implementation of Threat-Events in your mobile application looks as seen below.

Certificate Threat Event

[Insert Screenshot of incorrect implementation]

For information on how to view and/or retrieve the Certified Secure DevSecOps certification for your mobile application on Appdome, please visit the knowledge base article Using Certified Secure™ Android & iOS Apps Build Certification in DevOps CI/CD

Questions Using Threat-Events™ in React Native Apps?

If you have specific questions about implementing Threat-Events or Threat-Scores in React Native Apps, fill out the inquiry form on the right-hand side of this knowledge base article or contact support@appdome.com. That is it – Enjoy Appdome with Threat-Events™ in your app!

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.