Threat-Events™, In-App Threat Intelligence in Swift Apps
Last updated April 22, 2021 by AppdomeIntroduction
This Knowledge Base article reviews in detail how users can build mobile threat intelligence in Swift apps.
Appdome Security Alerts, Threat Events™, is part of the Appdome Mobile Security Suite.
We hope you find it useful and enjoy using Appdome!
Prerequisites for Building Mobile Threat Intelligence in Swift Apps
Before enabling Threat-Events™, follow these steps below for Swift apps to handle the incoming security events in your application (the following example is written on Swift 5 version):
Download the code – Swift code
Add the following lines to your app which follow and receive Appdome Security Events:
let center = NotificationCenter.default
center.addObserver(forName: Notification.Name("BlockedKeyboardEvent"), object: nil, queue: nil) { (note) in
NSLog("BlockedKeyboardEvent Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let blocked = usrInf["blocked"];// True/false
let keyboard = usrInf["keyboard"];// keyboard package
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("BlockedClipboardEvent"), object: nil, queue: nil) { (note) in
NSLog("BlockedClipboardEvent Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let blocked = usrInf["blocked"];// True/false
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("JailbrokenDevice"), object: nil, queue: nil) { (note) in
NSLog("JailbrokenDevice Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let internalError = usrInf["internalError"];// jailbreak reason
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslCertificateValidationFailed"), object: nil, queue: nil) { (note) in
NSLog("SslCertificateValidationFailed Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
let host = usrInf["host"];// the host on which the error occurred
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslServerCertificatePinningFailed"), object: nil, queue: nil) { (note) in
NSLog("SslServerCertificatePinningFailed Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
let host = usrInf["host"];// the host on which the error occurred
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("UrlWhitelistFailed"), object: nil, queue: nil) { (note) in
NSLog("UrlWhitelistFailed Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let host = usrInf["host"];// the host on which the error occurred
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("BlockedScreenCaptureEvent"), object: nil, queue: nil) { (note) in
NSLog("BlockedScreenCaptureEvent Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let context = usrInf["context"];// capturing event type
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslIncompatibleCipher"), object: nil, queue: nil) { (note) in
NSLog("SslIncompatibleCipher Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let incompatibleCipherId = usrInf["incompatibleCipherId"];// the incompatible cipher id
let host = usrInf["host"];// the host on which the error occurred
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslIncompatibleVersion"), object: nil, queue: nil) { (note) in
NSLog("SslIncompatibleVersion Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let incompatibleSslVersion = usrInf["incompatibleSslVersion"];// the incompatible SSL/TLS version
let host = usrInf["host"];// the host on which the error occurred
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslInvalidCertificateChain"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidCertificateChain Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
let host = usrInf["host"];// the host on which the error occurred
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslInvalidMinRSASignature"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidMinRSASignature Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
let host = usrInf["host"];// the host on which the error occurred
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslInvalidMinECCSignature"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidMinECCSignature Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
let host = usrInf["host"];// the host on which the error occurred
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslInvalidMinDigest"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidMinDigest Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
let host = usrInf["host"];// the host on which the error occurred
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslNonSslConnection"), object: nil, queue: nil) { (note) in
NSLog("SslNonSslConnection Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
let host = usrInf["host"];// the host on which the error occurred
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
To receive Appdome One Shield Threat Events, add the following lines to your app:
let center = NotificationCenter.default
center.addObserver(forName: Notification.Name("AppIntegrityError"), object: nil, queue: nil) { (note) in
NSLog("AppIntegrityError Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let blocked = usrInf["blocked"];// True/false
let reason = usrInf["reason"];// the cause which triggered the Anti-Tampering protection
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}
You are welcome to view the source code of our sample app – SingleDevEventObjCSample
How to Add Threat-Events™ to Any Mobile App(s) on Appdome