Threat-Events™, In-App Threat Intelligence in Maui, Xamarin Apps

Last updated November 9, 2023 by Appdome

This knowledge base article shows you how easy it is to use Appdome Threat-EventsTM to get in-app threat intelligence in Maui, Xamarin Apps and control the user experience in your Maui, Xamarin Appswhen mobile attacks occur.

What are Threat-Events?

Appdome Threat-Events is a powerful threat-intelligence framework for Android & iOS apps, which is comprised of three elements: (1) a Threat-Event, (2) the data from each Threat-Event, and (3) the Threat-ScoreTM.

With Threat-Events, mobile developers can register, listen to, and consume real-time attack and threat data from Appdome’s mobile app security, anti-fraud, mobile anti-bot, and other protections within their mobile applications. This allows them to (1) ensure that mobile application workflows are aware of attacks and threats, (2) customize business logic and user experience based on the user’s risk profile and/or each attack or threat presented, and (3) pass the threat data to other systems of record such as app servers, mobile fraud analysis systems, SIEMs, and other data collection points.

The purpose of Threat-Events is to enable Android and iOS applications to adapt and respond to mobile app attacks and threats in real time. Using Threat-Events will ensure you keep users, data, and transactions safe.

Mobile Application Threat-Events vs. Threat-Scores

Appdome Threat-Events can be used as a stand-alone implementation in Maui, Xamarin Apps, or in combination with Threat-Scores. Threat-Events provide the mobile developer with the in-app notification of each attack or threat, as well as the metadata associated with the attack. Threat-Scores provide the mobile developer with the Threat-Event event score and the combined (aggregate) mobile end-user risk at the time of the notification.

The figure below shows where you can find Threat-Events and Threat-Scores for each of the runtime mobile app security, anti-fraud, anti-malware, mobile antibot, and other protections available on Appdome:55

 

 

To enable Threat-Events with any runtime protection, select the check box next to Threat-Events for that feature. Doing so will enable (turn ON) Threat-Events for that feature. To enable Threat-Scores for any runtime protection, click the up/down arrow associated with Threat-Scores to assign a specific score to each protection.
Threat-Scores must have a value greater than zero (0) and less than ten thousand (10,000).

Threat-Events and Threat-Scores can be used with or in place of server-based mobile anti-fraud solutions.

Prerequisites for Using Threat-Events with Maui, Xamarin Apps

Here’s what you need to use Threat-Events with Maui, Xamarin Apps.

Code Snippet Required for Using Threat-Events with Maui, Xamarin Apps

Before consuming Threat-Events or Threat-Scores in your Maui, Xamarin Apps, confirm that the following conditions are met:

  • Threat-Events and/or Threat-Scores have been enabled ( turned ON) for the specific protection
  • You are using the correct identifiers for the Threat-Events for each protection.
    You can find the specific identifiers for each Threat-Event and Threat-Score in the knowledge base article associated with each protection.

Below is the code snippet required for using Threat-Events™ and Threat-Scores™ in Android Maui, Xamarin Apps:

  1. Create a new file by the name MainApp.cs.
  2. Add to this file a class that extends Application and implement public MainApp():

    
    using System;
    using Android.App;
    using Android.Content;
    using Android.Runtime;
    
    [Application]
    public class MainApp : Application
    {
        public MainApp(IntPtr javaReference, JniHandleOwnership transfer) : base(javaReference, transfer)
        {
            ...
        }
    
     
    
        public override void OnCreate()
        {
            base.OnCreate();
        }
    }
    
  3. Create a new file by the name ReceiveThreatEvents.cs.
  4. Add the following lines, which add Appdome Threat-Events registration to init() method:
    
    public class ThreatEventReceiver
    {
        private const String BLOCKED_CLIPBOARD = "BlockedClipboardEvent";
        private const String BLOCKED_KEYBOARD = "BlockedKeyboardEvent";
        private const String ROOTED_DEVICE = "RootedDevice";
        private const String UNKNOWN_SOURCES = "UnknownSourcesEnabled";
        private const String DEVELOPER_OPTIONS = "DeveloperOptionsEnabled";
        private const String SSL_VALIDATION_FAILED = "SslCertificateValidationFailed";
        private const String SSL_CERT_PINNING_FAILED = "SslServerCertificatePinningFailed";
        private const String SSL_NON_SSL_CONNECTION = "SslNonSslConnection";
        private const String ACCESS_OUTSIDE_WHITELIST = "UrlWhitelistFailed";
        private const String SSL_INCOMPATIBLE_CIPHER = "SslIncompatibleCipher";
        private const String SSL_INCOMPATIBLE_TLS = "SslIncompatibleVersion";
        private const String SSL_INVALID_CA_CHAIN = "SslInvalidCertificateChain";
        private const String SSL_CERT_PINNING_FAILED = "SslServerCertificatePinningFailed";
        private const String SSL_INVALID_RSA_SIGNATURE = "SslInvalidMinRSASignature";
        private const String SSL_INVALID_ECC_SIGNATURE = "SslInvalidMinECCSignature";
        private const String SSL_INVALID_DIGEST = "SslInvalidMinDigest";
        private const String SSL_INVALID_DIGEST = "BannedManufacturer";
        // Only available when ONEShield Threat Events are enabled
        private const String TAMPERED_APP = "AppIntegrityError";
    
        private static BroadcastReceiver receiver;
        static public void init(Context context)
        {
            receiver = new ThreatEventBroadcastReceiver();
            context.RegisterReceiver(receiver, new IntentFilter(BLOCKED_CLIPBOARD));
            context.RegisterReceiver(receiver, new IntentFilter(BLOCKED_KEYBOARD));
            context.RegisterReceiver(receiver, new IntentFilter(ROOTED_DEVICE));
            context.RegisterReceiver(receiver, new IntentFilter(UNKNOWN_SOURCES));
            context.RegisterReceiver(receiver, new IntentFilter(DEVELOPER_OPTIONS));
            context.RegisterReceiver(receiver, new IntentFilter(SSL_VALIDATION_FAILED));
            context.RegisterReceiver(receiver, new IntentFilter(SSL_NON_SSL_CONNECTION));
            context.RegisterReceiver(receiver, new IntentFilter(SSL_CERT_PINNING_FAILED));
            context.RegisterReceiver(receiver, new IntentFilter(ACCESS_OUTSIDE_WHITELIST);
            context.RegisterReceiver(receiver, new IntentFilter(SSL_INCOMPATIBLE_CIPHER));
            context.RegisterReceiver(receiver, new IntentFilter(SSL_INCOMPATIBLE_TLS));
            context.RegisterReceiver(receiver, new IntentFilter(SSL_INVALID_CA_CHAIN));
            context.RegisterReceiver(receiver, new IntentFilter(SSL_INVALID_RSA_SIGNATURE));
            context.RegisterReceiver(receiver, new IntentFilter(SSL_INVALID_ECC_SIGNATURE));
            context.RegisterReceiver(receiver, new IntentFilter(SSL_INVALID_DIGEST));
            context.RegisterReceiver(receiver, new IntentFilter(BLOCKED_MANUFACTURER));
            // Only available when ONEShield Threat Events are enabled
            context.RegisterReceiver(receiver, new IntentFilter(TAMPERED_APP));
        }
    
        static public void stop(Context context)
        {
            context.UnregisterReceiver(receiver);
        }
    
        class ThreatEventBroadcastReceiver : BroadcastReceiver
        {
            public override void OnReceive(Context context, Intent intent)
            {
                ThreatEventReceiver.onEvent(intent);
            }
        }
    
        static private void onEvent(Intent intent)
        {
            String action = intent.Action;
            bool keboardBlocked;
            bool cliboardBlocked;
            String keyboardID;
            String clipboardAction;
            String defaultMessage;
            String internalError;
            String threatEventDetailedMessage;
            String host;
            String certificateSHA1;
            String certificateCN;
            String incompatibleCipherId;
            String incompatibleSslVersion;
            String timeStamp;
            String deviceID;
            String deviceModel;
            String osVersion;
            String kernelInfo;
            String deviceManufacturer;
            String fusedAppToken;
            String carrierPlmn;
            String deviceBrand;
            String deviceBoard;
            String buildHost;
            String buildUser;
            String sdkVersion;
            String reason;
    
        switch (action) {
            case ThreatEventReceiver.BLOCKED_KEYBOARD:
                // Package name of the keyboard
                String keyboardID = intent.GetStringExtra("keyboard");
                // "true" or "false"
                String keyboardBlocked = intent.GetStringExtra("blocked");
                // message specified in the fusion set
                defaultMessage = intent.GetStringExtra("defaultMessage");
                // UNIX timestamp of detection
                timeStamp = intent.GetStringExtra("timestamp");
                // Unique device identifier
                deviceID = intent.GetStringExtra("deviceID");
                // Mobile device model
                deviceModel = intent.GetStringExtra("deviceModel");
                // Mobile device OS version
                osVersion = intent.GetStringExtra("osVersion");
                // Kernel information
                kernelInfo = intent.GetStringExtra("kernelInfo");
                // Mobile device manufacturer
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                // Build ID
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                // Carrier identity number (PLMN code)
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                // Device Brand
                deviceBrand = intent.GetStringExtra("deviceBrand");
                // Device Board
                deviceBoard = intent.GetStringExtra("deviceBoard");
                // Build Host
                buildHost = intent.GetStringExtra("buildHost");
                // Build User
                buildUser = intent.GetStringExtra("buildUser");
                // SDK Version
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            case ThreatEventReceiver.BLOCKED_CLIPBOARD:
                // "copy", "paste", "cut", "selectAll" or "unknown"
                String clipboardAction = intent.GetStringExtra("action");
                // "true" or "false"
                String clipboardBlocked = intent.GetStringExtra("blocked");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            case ThreatEventReceiver.ROOTED_DEVICE:
                // Opaque identifier of root detection method
                internalError = intent.GetStringExtra("internalError");
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            case ThreatEventReceiver.UNKNOWN_SOURCES:
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            case ThreatEventReceiver.DEVELOPER_OPTIONS:
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            case ThreatEventReceiver.SSL_VALIDATION_FAILED:
                // A detailed message describing the detection
                threatEventDetailedMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");
                // The host that triggered the detection
                host = intent.GetStringExtra("host");
                // The certificate sha1 fingerprint
                certificateSHA1 = intent.GetStringExtra("certificateSHA1");
                // The certificate CN (common name)
                certificateCN = intent.GetStringExtra("certificateCN");
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            case ThreatEventReceiver.SSL_CERT_PINNING_FAILED:
                // A detailed message describing the detection
                threatEventDetailedMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");
                // The host that triggered the detection
                host = intent.GetStringExtra("host");
                // The certificate sha1 fingerprint                              
                certificateSHA1 = intent.GetStringExtra("certificateSHA1");
                // The certificate CN (common name)
                certificateCN = intent.GetStringExtra("certificateCN");
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            case ThreatEventReceiver.ACCESS_OUTSIDE_WHITELIST:
                // The host that triggered the detection
                host = intent.GetStringExtra("host");
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            case ThreatEventReceiver.SSL_INCOMPATIBLE_CIPHER:
                // The Incompatible Cipher Id
                incompatibleCipherId = intent.GetStringExtra("incompatibleCipherId");
                // The host that triggered the detection
                host = intent.GetStringExtra("host");
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
    
            case ThreatEventReceiver.SSL_INCOMPATIBLE_TLS:
                // The host that triggered the detection
                host = intent.GetStringExtra("host");
                // The Incompatible SSL/TLS version
                incompatibleSslVersion = intent.GetStringExtra("incompatibleSslVersion");
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            case ThreatEventReceiver.SSL_INVALID_CA_CHAIN:
                // A detailed message describing the detection
                threatEventDetailedMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");
                // The host that triggered the detection
                host = intent.GetStringExtra("host");
                // The certificate sha1 fingerprint
                certificateSHA1 = intent.GetStringExtra("certificateSHA1");
                // The certificate CN (common name)
                certificateCN = intent.GetStringExtra("certificateCN");
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            case ThreatEventReceiver.SSL_INVALID_RSA_SIGNATURE:      
                // A detailed message describing the detection
                threatEventDetailedMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");
                // The host that triggered the detection
                host = intent.GetStringExtra("host");
                // The certificate sha1 fingerprint
                certificateSHA1 = intent.GetStringExtra("certificateSHA1");
                // The certificate CN (common name)
                certificateCN = intent.GetStringExtra("certificateCN");
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
    
            case ThreatEventReceiver.SSL_INVALID_ECC_SIGNATURE: 
                // A detailed message describing the detection
                threatEventDetailedMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");
                // The host that triggered the detection
                host = intent.GetStringExtra("host");
                // The certificate sha1 fingerprint
                certificateSHA1 = intent.GetStringExtra("certificateSHA1");
                // The certificate CN (common name)
                certificateCN = intent.GetStringExtra("certificateCN");                                     
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break; 
            case ThreatEventReceiver.SSL_INVALID_DIGEST: 
                // A detailed message describing the detection
                threatEventDetailedMessage = intent.GetStringExtra("DeveventDetailedErrorMessage");
                // The host that triggered the detection
                host = intent.GetStringExtra("host");
                // The certificate sha1 fingerprint
                certificateSHA1 = intent.GetStringExtra("certificateSHA1");
                // The certificate CN (common name)
                certificateCN = intent.GetStringExtra("certificateCN");          
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break; 
            case ThreatEventReceiver.BLOCKED_MANUFACTURER:
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            case ThreatEventReceiver.TAMPERED_APP:
                //Only when ONEShield Threat Events are enabled
                // The detected tampered component
                reason = intent.GetStringExtra("reason");
                defaultMessage = intent.GetStringExtra("defaultMessage");
                timeStamp = intent.GetStringExtra("timestamp");
                deviceID = intent.GetStringExtra("deviceID");
                deviceModel = intent.GetStringExtra("deviceModel");
                osVersion = intent.GetStringExtra("osVersion");
                kernelInfo = intent.GetStringExtra("kernelInfo");
                deviceManufacturer = intent.GetStringExtra("deviceManufacturer");
                fusedAppToken = intent.GetStringExtra("fusedAppToken");
                carrierPlmn = intent.GetStringExtra("carrierPlmn");
                deviceBrand= intent.GetStringExtra("deviceBrand");
                deviceBoard = intent.GetStringExtra("deviceBoard");
                buildHost = intent.GetStringExtra("buildHost");
                buildUser = intent.GetStringExtra("buildUser");
                sdkVersion = intent.GetStringExtra("sdkVersion");
                //
                // Respond to mobile app attacks and threats here
                //
                break;
            default:
                Console.WriteLine("unknown event recieved " + action);
                break;
        }
      }
    }
    
  5. In the OnCreate() method in the MainApp class (MainApp.cs file) call the init() method to initialize the Threat-Events receiver:
    
    public override void OnCreate()
    {
        base.OnCreate();
        ThreatEventReceiver.init(this);
    }
    

Below is the code snippet required for using Threat-Events™ and Threat-Scores™ in iOS Apps:

In the file AppDelegate.cs, add the following lines in the FinishedLaunching method :



NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"BlockedClipboardEvent",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Copy Paste Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"BlockedKeyboardEvent",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Keylogging Prevention Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"JailbrokenDevice",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Jailbroken Prevention Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslCertificateValidationFailed",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Trusted Session and MiTM Prevention Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslNonSslConnection",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Trusted Session and MiTM Prevention Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslServerCertificatePinningFailed",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Strict vertificate pinning Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslIncompatibleCipher",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS enforce Cipher Suites Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslIncompatibleVersion",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS enforce TLS version Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslInvalidCertificateChain",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS Cenforce certificate roles Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"BlockedScreenCaptureEvent",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS screen sharing prevention Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"UrlWhitelistFailed",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS URL whitelisting Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslInvalidMinRSASignature",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS invalid RSA signature Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslInvalidMinECCSignature",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS invalid ECC signature Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"SslInvalidMinDigest",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS invalid digest Threat Event obj : {0}", obj);
  });

NSNotificationCenter.DefaultCenter.AddObserver(
  (NSString)"AppIntegrityError",
  delegate (NSNotification obj) {
   Console.WriteLine("iOS invalid digest Threat Event obj : {0}", obj);
  });

Special Considerations for using Threat-Events with Maui, Xamarin Apps

When integrating Appdome with Maui, Xamarin apps, it’s common to configure certain settings for optimal performance. Specifically, we recommend disabling the “Use Fast Deployment” option within your Maui, Xamarin solution. This adjustment ensures seamless compatibility and avoids potential complications. Should you require assistance or have any questions, please don’t hesitate to contact our support team.

Compatibility with Android 14

Following the security update introduced in Android 14 (API level 34), apps targeting Android 14 are required to explicitly specify whether a registered receiver should be exported to all other apps on the device. Maui, Xamarin framework supports targeting apps to Android 13 (API level 33) [Maui, Xamarin official support policy | .NET ], therefore there are no special changes needed to ensure compatibility with Android 14 for consuming Threat Event in Maui, Xamarin apps.

Meta-Data for Mobile Application Threat-Events and Threat-Scores

Below is the list of metadata that can be associated with each mobile application Threat-Event and Threat-Score in Maui, Xamarin Apps.

Threat-Event Context Keys
message Message displayed for the user on event
externalID The external ID of the event which can be listened via Threat Events
osVersion OS version of the current device
deviceModel Current device model
deviceManufacturer The manufacturer of the current device
fusedAppToken The task ID of the Appdome fusion of the currently running app
kernelInfo Info about the kernel: system name, node name, release, version and machine.
carrierPlmn PLMN of the device
deviceID Current device ID
reasonCode Reason code of the occured event
buildDate Appdome fusion date of the current application
devicePlatform OS name of the current device
carrierName Carrier name of the current device
updatedOSVersion Is the OS version up to date
deviceBrand Brand of the device
deviceBoard Board of the device
buildUser Build user
buildHost Build host
sdkVersion Sdk version
timeZone Time zone
deviceFaceDown Is the device face down
locationLong Location long
locationLat Location lat
locationState Location state
wifiSsid Wifi SSID
wifiSsidPermissionStatus Wifi SSID permission status

Some or all of the meta-data for each mobile application Threat-Event and Threat-Score can be consumed in Maui, Xamarin Apps at the discretion of the mobile developer and used, in combination with other mobile application data, to adapt the business logic or user experience when one or more attacks or threats are present.

Using Conditional Enforcement for Mobile Application Threat-Events and Threat-Scores

Conditional Enforcement is an extension to Appdome’s mobile application Threat-Event framework. By using conditional enforcement, developers can control when Appdome enforcement of each mobile application protection takes place or invoke backup, failsafe, and enforcement to any in-app enforcement used by the mobile developer.
For more information on using conditional enforcement with your Threat-Event implementation, please contact support@appdome.com.

Verifying Threat-Events in Maui, Xamarin Apps

After you have implemented the required Threat-Event code in your Maui, Xamarin Apps, you can confirm that your Threat-Event implementation(s) is properly recognized by the Appdome protections in the Maui, Xamarin Apps. To do that, review the Certified Secure™ DevSecOps certificate for your build on Appdome.

In the Certified Secure DevSecOps certificate, a correct implementation of Threat-Events in your mobile application looks as seen below.

Ios Android Cert 2 1000px

In the Certified Secure DevSecOps certificate, an incorrect implementation of Threat-Events in your mobile application looks as seen below.

Threat Events Wrong Implementation Ios Android

For information on how to view and/or retrieve the Certified Secure DevSecOps certification for your mobile application on Appdome, please visit the knowledge base article Using Certified Secure™ Android & iOS Apps Build Certification in DevOps CI/CD

Questions Using Threat-Events™ in Maui, Xamarin Apps?

If you have specific questions about implementing Threat-Events or Threat-Scores in Kotlin Apps, fill out the inquiry form on the right-hand side of this knowledge base article or contact support@appdome.com. That is it – Enjoy Appdome with Threat-Events™ in your app.

Related Articles

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Appdome

Want a Demo?

Threat-Events™ UX/UI Control

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.