Overview

The OneSpan Threat View Client SDK for Android and iOS enables your mobile applications to collect security, device, and usage signals. It captures threat events in mobile apps, collects these events based on triggers received from the integration of OneSpan Mobile Application Shielding in your mobile apps, and securely sends the collected information to the OneSpan Threat View server-side component for analysis.

Main SDK features

The Threat View Client SDK is a standalone solution but does not have a user interface. It is modular by design and consists of library modules acting as SDKs and app modules that integrate the SDK functionalities. The app modules initialize the SDK and verify capabilities by simulating data collection. The SDK provides interfaces for collecting various and specific types of data, listens to Mobile Application Shielding events, and triggers corresponding data collection methods.

Main features of the SDK:

• Provides device fingerprinting

• Verifies application integrity

• Detects threat events

• Securely transports and stores collected data

• Collects geolocation, application, and device information

Geolocation data

The Threat View library in the mobile application collects the geolocation coordinates of the mobile device and includes this with every event. The collection of geolocation information is automatically disabled if your application does not declare location permissions or if the user denies consent. All components will be disabled in any case if you do not follow all integration steps.

Under certain conditions, geolocation data usage may be subject to the General Data Protection Regulation (GDPR) of the European Union:

• Geolocation granularity

  For collecting the location, two types of granularity exist:

  • Coarse: the geolocation data is sufficiently vague not to uniquely identify the mobile user.

  • Fine: the geolocation data can be used to uniquely identify a user.

    The granularity is configured by the integrator in the mobile app, and the Threat View Client SDK uses the granularity as it has been configured. The SDK will inherit and use the context related to geolocation data capturing that is provided by the mobile app in which the SDK has been integrated. This context depends on the geolocation precision level requested and granted by the mobile app itself as well as on the user overriding precise geolocation: if the mobile app has requested access to a precise location and/or fine-grained geolocation information and the device user has granted the mobile app the use of this detailed location information, the Threat View Client SDK will use this context.

• Presence of a user ID on the geolocated device

  If the developer of the mobile app that integrates the Threat View Client SDK sets the user ID and this user ID is available at the moment when Threat View generates events, Threat View will use the geolocation data for that user ID.

If these conditions apply, the monitored geolocation data is subject to the GDPR.

The usage of exact geolocation information is operation system-specific functionality and not Threat View-specific code. Even if the user has granted the mobile app to use precise geolocation, they can always disable this in the app settings. For more information about granting apps geolocation permissions, refer to the Android Developer Documentation and iOS Developer Documentation.

Integration with OneSpan Mobile Application Shielding

For the SDK to generate and communicate threat events, it must be integrated with OneSpan Mobile Application Shielding. For detailed information about App Shielding, see the Mobile Application Shielding user documentation. The Threat View Client SDK integrates the App Shielding SDK and the required callbacks to receive the status of the threat event types that can be monitored with Threat View. For more information on these, see Monitored data.

Some threat events will not be forwarded to the Threat View Client SDK, depending on how you configured your App Shielding integration. This applies especially, if your app is configured to exit when a given App Shielding event is detected, as the callbacks implemented in the Threat View Client SDK are not called in this case.

System requirements and supported platforms

To ensure that the OneSpan Threat View Client SDK is installed correctly and operates as designed, ensure to meet the following system requirements and use the supported platforms.

Android

• Minimum Android 7 (API level 24), target Android 15 (API level 35)

• Kotlin: 1.9.0 or later

• Gradle: 8.0 or later

• AGP: 8.10.0 or later

• Target SDK: 36

• ProGuard

  Consumer rules are automatically applied from the SDK artifact—no additional configuration required.

• App Shielding: 7.4.2 or later

  The final APK must be shielded using the Shielding Tool to enable Threat View to collect threats, report them back to the platform, and enforce runtime integrity checks to prevent tampering.

iOS

• iOS 15 or higher

• Swift 5 or higher

• Xcode 16 or higher

Product package

The OneSpan Threat View Client SDK product package comes as a zip file, onespan-threat-view-client-sdk_version.zip, which includes the following files:

• Integration libraries

  • Android: InsightsSDK.aar and InsightsNetworking.aar

  • iOS: InsightsSDK.xcframework and InsightsNetworking.xcframework

• Readme.md

  Includes technical information as well as a link to the documentation on the OneSpan Documentation Portal.