To support our customers in countering new threats targeting mobile banking apps we have created OneSpan Mobile Threat Protection. The Software Development Kits that are part of Mobile Threat Protection increase mobile device security, support you in the implementation of mitigating measures, and help you to comply with increasing regulatory requirements concerning the security of mobile banking apps from financial regulators.
The Network Security SDK is a client SDK and monitors the current network connection status of a mobile device and provides real-time updates when changes occur. It detects whether the mobile device on which a mobile banking app resides is connected to an insecure network or is actively using a VPN connection. It helps mobile applications to stay aware of their network environment with minimal integration effort.
Features of the SDK
With the Network Security SDK, the current networking information can be queried at any point of time asynchronously. An object containing the following details will be returned:
Network security
Network type
VPN connection and its details
Detected proxy and its details
DNS info
Insecure Network Detection
On Android, the SDK obtains information about the network to which the device is connected. The device is considered to be connected to a secure network if it is connected via Ethernet or Cellular, or any Wi-Fi network which uses the following encryption protocols:
WPA2
WPA3
This approach requires the ACCESS_WIFI_STATE permission.
On iOS, the SDK can obtain the network information but it is not possible to differentiate between WPA and WPA2 or WPA3, so WPA is included in the list of secure networks. The SDK requires authorization to use the device location and access to information about the connected network must be provided with com.apple.developer.networking.wifi-info entitlement. For more information, refer to the Apple Developer Documentation.
VPN connectivity detection
The presence of a VPN connection is detected by reading the network connection settings on the mobile device.
On Android, the SDK retrieves the network capabilities of a mobile device’s active network and uses Android-native classes to check the availability and status of network connections and to request and configure these connections.
On iOS, the SDK uses iOS-native capabilities to retrieve the current system-wide Internet proxy settings and checks whether any of the VPN tunnelling protocols (i.e., tap, tun, ppp, ipsec, utun) is in use.
For information how to integrate the SDK, see the Network Security SDK Integration Guide.
Proxy detection
The presence of Proxy Settings in the network settings is detected by reading the network connection settings on the mobile device. The Proxy configuration is returned as either Not Configured, PAC URL, or Host and Port configuration.
Notification about network changes
In addition to querying the network security status, both iOS and Android platforms offer register/unregister APIs to get notifications once there is a change in the connected network. The callback (on Android) or the AsyncStream (on iOS) will return the object containing network information each time there is a change in the network connection, until the unregistered method is called.
Supported platforms
The Network Security SDK can be used on a variety of devices and supports the following platforms:
Android devices:
Minimum Android 7 (API level 24)
Target Android 15 (API level 35)
iOS devices:
iOS 15 or higher
Swift 5 or higher
Xcode 16 or higher