- 26 Nov 2024
- 14 Minutes to read
- DarkLight
- PDF
Callbacks on Android
- Updated on 26 Nov 2024
- 14 Minutes to read
- DarkLight
- PDF
ExtendedObserver interface
The ExtendedObserver interface contains only one method: handleCallback(CallbackData data).
The CallbackData object contains all information supplied for a given callback.
CallbackData class
The CallbackData class serves as a base class for other classes that contain data for specific callbacks. These inherited classes reside in the no.promon.shield.callbacks package and have a ...Data suffix, for example RootingData or RepackagingData.
Each callback has a type, represented by enumCallbackType and is available via the CallbackData.getCallbackType() method call. Based on the return value of the CallbackData.getCallbackType() call, the callback handler can cast the CallbackData object to the correct descending type that contains the data for the callback.
If CallbackData.getCallbackType() returned CallbackType.ROOTING, the callback handler should cast the CallbackData object to the RootingData object and then, using methods of the RootingData class, retrieve information specific to the ROOTING callback.
Example code
Java
public class ExtendedObserverImplementation implements ExtendedObserver { public void handleCallback(CallbackData data) { switch (data.getCallbackType()) { case ROOTING: { RootingData callbackData = (RootingData) data; handleRootingCallback( callbackData.isDeviceCertainlyRooted(), callbackData.getRootingProbability()); break; } case HOOKING_FRAMEWORKS: { HookingFrameworksData callbackData = (HookingFrameworksData) data; handleHookingFrameworksCallback( callbackData.areHookingFrameworksPresent(), callbackData.getLastUsedDetectionMethodCode()); break; } ... } } ... } ... ExtendedObserver observer = new ExtendedObserverImplementation(); CallbackManager.addObserver(context, observer);
Kotlin
class ExtendedObserverImplementation : ExtendedObserver { override fun handleCallback(data: CallbackData) { when (data?.callbackType) { CallbackType.ROOTING -> { val callbackData = data as RootingData handleRootingCallback( callbackData.isDeviceCertainlyRooted, callbackData.rootingProbability ) } CallbackType.HOOKING_FRAMEWORKS -> { val callbackData = data as HookingFrameworksData handleHookingFrameworksCallback( callbackData.areHookingFrameworksPresent() callbackData.getLastUsedDetectionMethodCode() ) } ... else -> { ... } } } ... } ... val observer: ExtendedObserver = ExtendedObserverImplementation() CallbackManager.addObserver (context, observer)
List of callback types: CallbackType enum
A list of callback types can be found in the CallbackType enum. Each callback type corresponds to its own callback data class, which extends the CallbackData class.
Callback types shows which callback type corresponds to which callback data class:
Callback types | ||
Callback method | Description | Depends on enabling |
---|---|---|
ADB_STATUS | AdbStatusData | check ADB Status |
DEBUGGER | DebuggerData | Check Debugger |
DEVELOPER_OPTIONS | DeveloperOptionsData | check Developer Options |
EMULATED_INPUT | EmulatedInputData | Check Emulated Input |
EMULATOR | EmulatorData | Check Emulator |
FILESYSTEM_SCANNING | FilesystemScanningData | Check RootingDeepScan, checkRooting |
FILESYSTEM_WATCHING | FilesystemWatchingData | checkRooting |
HOOKING_FRAMEWORKS | HookingFrameworksData | Check HookingFrameworks |
KEYBOARD | KeyboardData | Check Trusted Keyboard |
NATIVE_CODE_HOOKS | NativeCodeHooksData | Check NativeCodeHooks |
PRIVATE_SPACE | PrivateSpaceData | Check Private Space |
REPACKAGING | RepackagingData | Check Repackaging |
ROOTING | RootingData | checkRooting |
SCREEN_MIRRORING | ScreenMirroringData | check Screen Mirroring |
SCREENREADER | ScreenreaderData | Check Trusted Screenreaders |
TAPJACKING | TapjackingData | Check Tapjacking |
TASK_HIJACKING | TaskHijackingData | N/A: requires the import of ShieldSDK-activity-guard.aar |
UNTRUSTED_SOURCE_APP | UntrustedSourceAppData | check Untrusted Installer |
VIRTUAL_SPACE_APP | VirtualSpaceAppData | Check App in Virtual Space |
PRIVATE_SPACE | PrivateSpaceData | Check Private Space |
Callback data classes
The ExtendedObserver.handleCallback() method is called after App Shielding has performed security checks, with a callback-specific CallbackData object (see Callback types).
Callback data classes | |
Callback method | Description |
---|---|
AdbStatusData | This class contains information about the detected Android Developer Bridge (ADB) status. If the boolean isAdbActive() return value is true, the device’s ADB is considered active. |
DebuggerData | This class contains information about whether a Java debugger is attached to the host application. If the boolean isRunningUnderDebugger() method returns true, a Java debugger is attached. If App Shielding is configured to block Java debuggers this callback is never called. Low-level debuggers, such as gdb are blocked altogether, and no callback will be called if anyone tries to attach such a debugger to the application. |
DeveloperOptionsData | This class contains information about the Developer Options status. If the return value of boolean isDeveloperOptionsEnabled() is true, the device’s Developer Options are enabled. |
EmulatedInputData | This class contains information about a detected emulated input. If the boolean isInputEmulated() return value is true, an emulated input was detected. The input can be both touch and swipe events. |
EmulatorData | This class contains information about whether or not App Shielding detects that the application is executed inside an emulator. If the return value of boolean isRunningOnEmulator() is true, the application is running inside an emulator. Release versions of App Shielding do not permit executing on emulators, so this callback can only be used when using debug versions of App Shielding on an emulator. |
FilesystemScanningData | This class contains information about whether suspicious files have been detected in the file system. The following are the public methods for this class:
The file system scanning callback is usually invoked 5-10 seconds after application startup because file system scanning takes time. |
FilesystemWatchingData | This class contains information about suspicious activity on the file system. This check depends on root detection being enabled. Currently, the following scenarios are considered suspicious activity:
The following public methods are available for this class:
The file system watching callback is only invoked if suspicious activity happens on the file system during application runtime. If suspicious files are already present on the file system before the application starts, their presence will be reported via the file system scanning callback, not via the file system watching callback. |
HookingFrameworksData | This class contains information about code hooking frameworks in the process. The following public methods are available for this class:
OneSpan recommends to configure App Shielding to exit the application if code hooking frameworks are detected. This callback should not be used to make security decisions because such frameworks can modify the behavior of the callback. |
KeyboardData | This class contains information about whether the active keyboard on the system is trusted. The following public methods are available for this class:
|
NativeCodeHooksData | This class contains information about whether native code hooks are present. If the boolean areNativeCodeHooksPresent() return value is true, native code hooks are present. If false, no native code hooks are detected. |
PrivateSpaceData | Contains information about whether App Shielding detects that the application is executed inside a Private Space or Work Profile. If the boolean isRunningInPrivateSpaceOrWorkProfile() method returns true, the application is running inside a Private Space or a Work Profile; the data does not specify which one. |
RepackagingData | Provides a boolean that indicates whether the application has been repackaged. If the application is running in a simulator, this method is never called. If the boolean isRepackaged() return value is true, the application has been repackaged. This callback is only triggered if the exitOnRepackaging option is set to false. exitOnRepackaging cannot be disabled in a release version of App Shielding. |
RootingData | This class contains information about whether App Shielding has detected that the device is rooted or not. The following public methods are available for this class:
|
ScreenMirroringData | This class contains information about active screen mirrors. Such screen readers might include the device projecting the screen to a Chrome Cast device, MiraCast, or other type of screen casting device. The following public methods are available for this class:
|
ScreenreaderData | This class contains information about whether an untrusted screen reader is active. The following public methods are available for this class:
|
TapjackingData | Provides details regarding the detection of tapjacking input. The following public method is available for this class:
|
TaskHijackingData | This class contains information about a task that was hijacked by an external application targeting this app through taskAffinity. The following public methods are available for this class:
The task hijacking callback is only called if task hijacking protection is enabled by including the ShieldSDK-activity-guard package in the application. |
UntrustedSourceAppData | This class contains information about detected untrusted source or sideloaded application installed on the device. If an untrusted application is installed or uninstalled from the device while the application is running, the observer is notified with updated callback data. UntrustedSourceAppData returns a list of all untrusted applications installed to the device. If a new untrusted application is installed, the installed application will not necessarily be added as the last item on the untrusted applications list. The following public methods are available for this class:
The following methods return information about the corresponding installer for an untrusted source app:
|
VIRTUAL_SPACE_APP | This callback contains information about whether the application was launched via a virtual space app. The following public methods are available for this class:
Due to the limitations with some virtual spaces like Samsung Secure Folder and Xiaomi Dual Apps, the get methods return empty values regardless. |
VirtualSpaceAppData | This callback contains information about whether the application was launched via a virtual space app. The following public methods are available for this class:
Due to the limitations with some virtual spaces like Samsung Secure Folder and Xiaomi Dual Apps, the get methods return empty values regardless. |
The following callbacks can only be used when the app is shielded in Debug mode:
RepackagingData: In case of a repackaging attack, the application will exit immediately.
EmulatorData: If an emulator is detected, the application will exit immediately.
DebuggerData: Java debuggers are blocked by default. If blocking is not possible, the application will exit immediately. Low-level debuggers, such as gdb are simply blocked.
NativeCodeHooksData: If a native code hook is detected, the application will exit immediately.
The anti-debugging feature is only operational when the App Shielding native library is loaded. However, only the Android OS code can be debugged during application startup, the application code cannot be debugged. After the library has been loaded, the debugger is killed.
Security and priority are equally important in App Shielding. The EXIT reaction is safer than a callback and has therefore precedence over a callback. To reach the place in the code with the callback, the EXIT reaction that corresponds to this detection should be turned off.