Mobile App Threat Intelligence in Xamarin Apps

Introduction

This Knowledge Base article reviews in detail how users can build mobile app threat intelligence in Xamarin Apps they Build on Appdome.

Appdome Security Alerts, Threat-Events™,  is part of the Appdome Mobile Security Suite.

We hope you find it useful and enjoy using Appdome!

Prerequisites

Before enabling Threat-Eventsfollow these steps below for iOS and Android apps to handle the incoming Security Alerts for Xamarin Apps:

  • Open a Xamarin.Forms project in Visual Studio.

Download the full code –  Xamarin Code Android.txt

How to Follow and Receive Security Alerts for Xamarin Apps:

Create a new file by the name MainApp.cs.
Add to this file a class that extends Application and implement public MainApp():

[Application]
public class MainApp : Application
{
   public MainApp(IntPtr javaReference, JniHandleOwnership transfer) : base(javaReference, transfer)
   {
   }
   public override void OnCreate()
   {    base.OnCreate();    }
}


Create a new file by the name ReceiveDevEvents.cs.
Add the following lines, which add Appdome Threat-Events registration to init() method:

public class ReceiveDevEvents
{
   private const String BLOCKED_CLIPBOARD = "BlockedClipboardEvent";
   private const String BLOCKED_KEYBOARD = "BlockedKeyboardEvent";
   private const String ROOTED_DEVICE = "RootedDevice";
   private const String UNKNOWN_SOURCES = "UnknownSourcesEnabled";
   private const String DEVELOPER_OPTIONS = "DeveloperOptionsEnabled";
   private const String SSL_VALIDATION_FAILED = "SslCertificateValidationFailed";
   private const String SSL_CERT_PINNING_FAILED = "SslServerCertificatePinningFailed";
   private const String SSL_NON_SSL_CONNECTION = "SslNonSslConnection";
   private const String ACCCES_OUTSIDE_WHITELIST = "UrlWhitelistFailed";
   private const String SSL_INCOMPATIBLE_CIPHER = "SslIncompatibleCipher";
   private const String SSL_INCOMPATIBLE_TLS = "SslIncompatibleVersion";
   private const String SSL_INVALID_CA_CHAIN = "SslInvalidCertificateChain";
   private const String SSL_CERT_PINNING_FAILED = "SslServerCertificatePinningFailed";
   private const String SSL_INVALID_RSA_SIGNATURE = "SslInvalidMinRSASignature";
   private const String SSL_INVALID_ECC_SIGNATURE = "SslInvalidMinECCSignature";
   private const String SSL_INVALID_DIGEST = "SslInvalidMinDigest";
   private const String SSL_INVALID_DIGEST = "BannedManufacturer";
   private const String TAMPERED_APP = "AppIntegrityError";


   private static BroadcastReceiver receiver;
   static public void init(Context context)
   {
    receiver = new DevEventReceiver();
    context.RegisterReceiver(receiver, new IntentFilter(BLOCKED_CLIPBOARD));
    context.RegisterReceiver(receiver, new IntentFilter(BLOCKED_KEYBOARD));
    context.RegisterReceiver(receiver, new IntentFilter(ROOTED_DEVICE));
    context.RegisterReceiver(receiver, new IntentFilter(UNKNOWN_SOURCES));
    context.RegisterReceiver(receiver, new IntentFilter(DEVELOPER_OPTIONS));
    context.RegisterReceiver(receiver, new IntentFilter(SSL_VALIDATION_FAILED));
    context.RegisterReceiver(receiver, new IntentFilter(SSL_NON_SSL_CONNECTION));
    context.RegisterReceiver(receiver, new IntentFilter(SSL_CERT_PINNING_FAILED));
    context.RegisterReceiver(receiver, new IntentFilter(ACCCES_OUTSIDE_WHITELIST));
    context.RegisterReceiver(receiver, new IntentFilter(SSL_INCOMPATIBLE_CIPHER));
    context.RegisterReceiver(receiver, new IntentFilter(SSL_INCOMPATIBLE_TLS));
    context.RegisterReceiver(receiver, new IntentFilter(SSL_INVALID_CA_CHAIN));
    context.RegisterReceiver(receiver, new IntentFilter(SSL_INVALID_RSA_SIGNATURE));
    context.RegisterReceiver(receiver, new IntentFilter(SSL_INVALID_ECC_SIGNATURE));
    context.RegisterReceiver(receiver, new IntentFilter(SSL_INVALID_DIGEST));
    context.RegisterReceiver(receiver, new IntentFilter(BLOCKED_MANUFACTURER));
    context.RegisterReceiver(receiver, new IntentFilter(TAMPERED_APP));
   }

static public void stop(Context context)
   {
   context.UnregisterReceiver(receiver);
   }

class DevEventReceiver : BroadcastReceiver
  {
  public override void OnReceive(Context context, Intent intent)
    {
     ReceiveDevEvents.onEvent(intent);
    }
  }

static private void onEvent(Intent intent)
  {
   String action = intent.Action;
   bool keboardBlocked;
   bool cliboardBlocked;
   String keyboardID;
   String clipboardAction;
   String defaultMessage;
   String internalError;
   String deveventDetailedErrorMessage;
   String host;
   String certificateSHA1;
   String certificateCN;
   String incompatibleCipherId;
   String incompatibleSslVersion;
   String timeStamp;
   String deviceID;
   String deviceModel;
   String osVersion;
   String kernelInfo;
   String deviceManufacturer;
   String fusedAppToken;
   String carrierPlmn;
   String deviceBrand;
   String deviceBoard;
   String buildHost;
   String buildUser;
   String sdkVersion;
   String reason;

   switch (action)
    {
     case ReceiveDevEvents.BLOCKED_CLIPBOARD:
     if(!intent.hasExtra("action") || !intent.hasExtra("blocked") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
        Console.WriteLine("illegal event recieved.");
        return;
      }
       clipboardAction = intent.GetStringExtra("action");//copy, paste, cut, selectAll or unknown
       cliboardBlocked = intent.GetStringExtra("blocked").Equals("True");
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
     break;

    case ReceiveDevEvents.BLOCKED_KEYBOARD:
       if(!intent.hasExtra("keyboard") || !intent.hasExtra("blocked") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       keyboardID = intent.GetStringExtra("keyboard");// java package of the keyboard
       boolean keboardBlocked = intent.GetStringExtra("blocked").contentEquals("True");
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");

       break;
    
    case ReceiveDevEvents.ROOTED_DEVICE:
        if(!intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion")) || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       internalError = intent.GetStringExtra("interalError"); 
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");

       break;

    case ReceiveDevEvents.UNKNOWN_SOURCES:
        if(!intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");

       break;

    case ReceiveDevEvents.DEVELOPER_OPTIONS:
        if(!intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");

       break;


    case ReceiveDevEvents.SSL_VALIDATION_FAILED:
       if(!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra("host") || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       deveventDetailedErrorMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");// a detailed error message
       host = intent.GetStringExtra("host");// the host on which the error occurred
       certificateSHA1 = intent.GetStringExtra("certificateSHA1");// the certificate sha1 fingerprint
       certificateCN = intent.GetStringExtra("certificateCN");// the certificate CN (common name)
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
       break;

    case ReceiveDevEvents.SSL_VALIDATION_FAILED:
       if(!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra("host") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       deveventDetailedErrorMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");// a detailed error message
       host = intent.GetStringExtra("host");// the host on which the error occurred
      timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
       break;

    case ReceiveDevEvents.SSL_CERT_PINNING_FAILED:
       if(!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra("host") || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       deveventDetailedErrorMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");// a detailed error message
       host = intent.GetStringExtra("host");// the host on which the error occurred
       certificateSHA1 = intent.GetStringExtra("certificateSHA1");// the certificate sha1 fingerprint
       certificateCN = intent.GetStringExtra("certificateCN");// the certificate CN (common name)
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
       break;

    case ReceiveDevEvents.ACCCES_OUTSIDE_WHITELIST:
       if(!intent.hasExtra("defaultMessage") !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("host") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       timeStamp = intent.GetStringExtra("timestamp");
       host = intent.GetStringExtra("host");// the host on which the error occurred
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
       break;

    case ReceiveDevEvents.SSL_INCOMPATIBLE_CIPHER:
       if(!intent.hasExtra("defaultMessage") || !intent.hasExtra("host") || !intent.hasExtra("incompatibleCipherId") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       host = intent.GetStringExtra("host");// the host on which the error occurred
       incompatibleCipherId = intent.GetStringExtra("incompatibleCipherId");// the incompatible cipher id
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
       break;

    case ReceiveDevEvents.SSL_INCOMPATIBLE_TLS:
       if(!intent.hasExtra("defaultMessage") || !intent.hasExtra("host") || !intent.hasExtra("incompatibleSslVersion") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       host = intent.GetStringExtra("host");// the host on which the error occurred
       incompatibleSslVersion = intent.GetStringExtra("incompatibleSslVersion");// the incompatible SSL/TLS version
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
       break;

    case ReceiveDevEvents.SSL_INVALID_CA_CHAIN:
       if(!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra("host") || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       deveventDetailedErrorMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");// a detailed error message
       host = intent.GetStringExtra("host");// the host on which the error occurred
       certificateSHA1 = intent.GetStringExtra("certificateSHA1");// the certificate sha1 fingerprint of the certificate causing the error
       certificateCN = intent.GetStringExtra("certificateCN");// the certificate CN (common name)
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
       break;

    case ReceiveDevEvents.SSL_INVALID_RSA_SIGNATURE:
       if(!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra("host") || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }       
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       deveventDetailedErrorMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");// a detailed error message
       host = intent.GetStringExtra("host");// the host on which the error occurred
       certificateSHA1 = intent.GetStringExtra("certificateSHA1");// the certificate sha1 fingerprint of the certificate causing the error
       certificateCN = intent.GetStringExtra("certificateCN");// the certificate CN (common name)
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
       break;

    case ReceiveDevEvents.SSL_INVALID_ECC_SIGNATURE: 
       if(!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra("host") || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved."); 
           return; 
       } 
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion 
       deveventDetailedErrorMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");// a detailed error message 
       host = intent.GetStringExtra("host");// the host on which the error occurred 
       certificateSHA1 = intent.GetStringExtra("certificateSHA1");// the certificate sha1 fingerprint 
       certificateCN = intent.GetStringExtra("certificateCN");// the certificate CN (common name) 
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
       break; 

    case ReceiveDevEvents.SSL_INVALID_DIGEST: 
       if(!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra("host") || !intent.hasExtra("certificateSHA1") || !intent.hasExtra("certificateCN") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved."); 
           return; 
       } 
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion 
       deveventDetailedErrorMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");// a detailed error message 
       host = intent.GetStringExtra("host");// the host on which the error occurred 
       certificateSHA1 = intent.GetStringExtra("certificateSHA1");// the certificate sha1 fingerprint 
       certificateCN = intent.GetStringExtra("certificateCN");// the certificate CN (common name) 
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
       break; 

case ReceiveDevEvents.BLOCKED_MANUFACTURER:
     if (!intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
        Console.WriteLine("illegal event recieved.");
        return;
      }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
     break;

//Only when ONEShield Threat Events are enabled
case ReceiveDevEvents.TAMPERED_APP:
       if(!intent.hasExtra("defaultMessage") || !intent.hasExtra("DeveventDetailedErrorMessage") || !intent.hasExtra("reason") || !intent.hasExtra("timestamp") || !intent.hasExtra("deviceID") || !intent.hasExtra("deviceModel") || !intent.hasExtra("osVersion") || !intent.hasExtra("kernelInfo") || !intent.hasExtra("deviceManufacturer") || !intent.hasExtra("fusedAppToken") || !intent.hasExtra("carrierPlmn") || !intent.hasExtra("deviceBrand") || !intent.hasExtra("deviceBoard") || !intent.hasExtra("buildHost") || !intent.hasExtra("buildUser") || !intent.hasExtra("sdkVersion")){
           Console.WriteLine("illegal event recieved.");
           return;
       }
       defaultMessage = intent.GetStringExtra("defaultMessage");// message specified during fusion
       deveventDetailedErrorMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");// a detailed error message
       reason = intent.GetStringExtra("reason");// the cause which triggered the Anti-Tampering protection
       timeStamp = intent.GetStringExtra("timestamp");
       deviceID = intent.GetStringExtra("deviceID");
       deviceModel = intent.GetStringExtra("deviceModel");
       osVersion = intent.GetStringExtra("osVersion");
       kernelInfo = intent.GetStringExtra("kernelInfo");
       deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
       fusedAppToken = intent.GetStringExtra("fusedAppToken");
       carrierPlmn = intent.GetStringExtra("carrierPlmn");
       deviceBrand = intent.GetStringExtra("deviceBrand");       
       deviceBoard = intent.GetStringExtra("deviceBoard");
       buildHost = intent.GetStringExtra("buildHost");
       buildUser = intent.GetStringExtra("buildUser");
       sdkVersion = intent.GetStringExtra("sdkVersion");
       break;

     default:
       Console.WriteLine("unknown event recieved " + action);
       break;
    }
    Console.WriteLine("Android Threat event received Action : " + action + " extras : " + intent.Extras);
  }
}

From OnCreate() method in MainApp class (MainApp.cs file) call the init() method to initialize the Threat-Events receiver:

public override void OnCreate()
{
base.OnCreate();
ReceiveDevEvents.init(this);
}

Download the full code – Xamarin Code IOS

How to Follow and Receive Security Alerts for Xamarin Apps: 

Open the file AppDelegate.cs. Under FinishedLaunching method add the following lines :

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"BlockedClipboardEvent",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Copy Paste Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"BlockedKeyboardEvent",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Keylogging Prevention Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"JailbrokenDevice",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Jailbroken Prevention Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslCertificateValidationFailed",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Trusted Session and MiTM Prevention Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslNonSslConnection",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Trusted Session and MiTM Prevention Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslServerCertificatePinningFailed",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Strict vertificate pinning Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslIncompatibleCipher",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS enforce Cipher Suites Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslIncompatibleVersion",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS enforce TLS version Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslInvalidCertificateChain",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Cenforce certificate roles Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"BlockedScreenCaptureEvent",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS screen sharing prevention Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"UrlWhitelistFailed",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS URL whitelisting Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslInvalidMinRSASignature",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS invalid RSA signature Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslInvalidMinECCSignature",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS invalid ECC signature Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslInvalidMinDigest",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS invalid digest Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"AppIntegrityError",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS invalid digest Threat Event obj : {0}", obj);
  });

How to Add Threat-Events™ to Any Mobile App(s) on Appdome

Follow the step-by-step instructions in this knowledge base to add Threat-Events™ to your Xamarin Mobile App.

That is it – Enjoy Appdome with Threat-Events™ in your app!

To zoom out on this topic, visit the Mobile App Security page on our website.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Liron Dror

Have a question?

Ask an expert

DanaMaking your security project a success!

Get Your Copy
2021 Global Mobile
Consumer Security
Survey