Monitored data
- 27 Jun 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Monitored data
- Updated on 27 Jun 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
OneSpan Threat View monitors the following types of data to analyze the collected threat types and events:
Device data
Geolocation data
App data
For information about data collection and GDPR compliance, see GDPR Compliance.
Monitored device data
Threat View captures information about the used device. This information includes for example:
Device brand and model
Information about the operating system:
Type (Android or iOS)
Version
Device language
Device fingerprint
Time of the event
Monitored geolocation data
Threat View captures the latitude and longitude of the device to correlate the location with the collected threat event type.
Geolocation data usage may be subject to the General Data Protection Regulation (GDPR) of the European Union, depending on the following conditions:
Geolocation granularity
The Threat View SDK will inherit and use the context related to geolocation data capturing that is provided by the mobile app in which the SDK has been integrated. This context depends on the geolocation precision level requested and granted by the mobile app itself as well as on the user overriding precise geolocation: if the mobile app has requested access to a precise location and/or fine-grained geolocation information and the device user has granted the mobile app the use of this detailed location information, the Threat View SDK will use this context.
Presence of a user ID on the geolocated device
If the developer of the mobile app that integrates the Threat View SDK sets the user ID and this user ID is available at the moment when Threat View generates events.
If these conditions apply, the monitored geolocation data is subject to the GDPR.
The usage of exact geolocation information is operation system-specific functionality and not Threat View-specific code. Even if the user has granted the mobile app to use precise geolocation, they can always disable this in the app settings. For more information about granting apps geolocation permissions, refer to the Android Developer Documentation and iOS Developer Documentation.
For more information about collection of geolocation data, see Overview of the Threat View Client SDK, for more information about the GDPR, see GDPR Compliance.
Monitored app data
Threat View captures information about your mobile app that is installed on the user’s mobile device. This information includes for example:
App version and release date
Date the app was installed on a specific device
App journey information
Information about the app activity lifecycle: app start, app to background, app to foreground, app termination.
Types of monitored threats
Threat View captures information about real-time threats that are targeting the mobile app and allows you to get information about these threats. The captured information is based on data from App Shielding for the following threat event types :
Threat event types by operating system | ||
Threat event type | Supported on Android | Supported on iOS |
|---|---|---|
App runs on rooted/jailbroken mobile device. On Android, this threat event type also indicates the probability that the app is rooted/jailbroken and displays it as a number between 0 and 100. |
|
|
Hooking framework is present in the app |
|
|
Screenshot is being taken |
| |
Library injection into the app detected |
| |
Untrusted keyboard present |
| |
Untrusted screenreader present |
| |
Screen is being mirrored |
| |
Screen is being recorded |
| |
App is launched via a virtual space app |
| |
.png?sv=2022-11-02&spr=https&st=2025-06-28T09%3A37%3A54Z&se=2025-06-28T09%3A47%3A54Z&sr=c&sp=r&sig=DYMnlXCLG2d24bW9xUYaxReWXe30RnvbJAWzfbKXQoU%3D)
For threat event types that are specific to one operating system, there will be no data for the other operating system.
Was this article helpful?