Mobile App Threat Intelligence in Swift Apps
Introduction
This Knowledge Base article reviews in detail how users can build mobile threat intelligence in Swift apps.
Appdome Security Alerts, Threat Events™, is part of the Appdome Mobile Security Suite.
We hope you find it useful and enjoy using Appdome!
Prerequisites for Building Mobile Threat Intelligence in Swift Apps
Before enabling Threat-Events™, follow these steps below for Swift apps to handle the incoming security events in your application (the following example is written on Swift 5 version):
Download the code – Swift code
Add the following lines to your app which follow and receive Appdome Security Events:
let center = NotificationCenter.default
center.addObserver(forName: Notification.Name("BlockedKeyboardEvent"), object: nil, queue: nil) { (note) in
NSLog("BlockedKeyboardEvent Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let blocked = usrInf["blocked"]; // True/false
let keyboard = usrInf["keyboard"]; // keyboard package
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("BlockedClipboardEvent"), object: nil, queue: nil) { (note) in
NSLog("BlockedClipboardEvent Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let blocked = usrInf["blocked"]; // True/false
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("JailbrokenDevice"), object: nil, queue: nil) { (note) in
NSLog("JailbrokenDevice Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let internalError = usrInf["internalError"]; // jailbreak reason
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslCertificateValidationFailed"), object: nil, queue: nil) { (note) in
NSLog("SslCertificateValidationFailed Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslServerCertificatePinningFailed"), object: nil, queue: nil) { (note) in
NSLog("SslServerCertificatePinningFailed Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("UrlWhitelistFailed"), object: nil, queue: nil) { (note) in
NSLog("UrlWhitelistFailed Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let host = usrInf["host"]; // the host on which the error occurred
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("BlockedScreenCaptureEvent"), object: nil, queue: nil) { (note) in
NSLog("BlockedScreenCaptureEvent Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let context = usrInf["context"]; // capturing event type
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslIncompatibleCipher"), object: nil, queue: nil) { (note) in
NSLog("SslIncompatibleCipher Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let incompatibleCipherId = usrInf["incompatibleCipherId"]; // the incompatible cipher id
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslIncompatibleVersion"), object: nil, queue: nil) { (note) in
NSLog("SslIncompatibleVersion Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let incompatibleSslVersion = usrInf["incompatibleSslVersion"]; // the incompatible SSL/TLS version
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslInvalidCertificateChain"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidCertificateChain Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslInvalidMinRSASignature"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidMinRSASignature Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslInvalidMinECCSignature"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidMinECCSignature Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslInvalidMinDigest"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidMinDigest Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
center.addObserver(forName: Notification.Name("SslNonSslConnection"), object: nil, queue: nil) { (note) in
NSLog("SslNonSslConnection Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
To receive Appdome One Shield Threat Events, add the following lines to your app:
let center = NotificationCenter.default
center.addObserver(forName: Notification.Name("AppIntegrityError"), object: nil, queue: nil) { (note) in
NSLog("AppIntegrityError Threat-event received")
guard let usrInf = note.userInfo else {
return
}
var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let blocked = usrInf["blocked"]; // True/false
let reason = usrInf["reason"]; // the cause which triggered the Anti-Tampering protection
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}
You are welcome to view the source code of our sample app – SingleDevEventObjCSample
How to Add Threat-Events™ to Any Mobile App(s) on Appdome
Liron Dror