feat: add permissions, killOnBypass

Author: tompsota

CHANGELOG.md

@@ -5,6 +5,55 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.3.0] - 2025-10-31
+
+- Android SDK version: 17.0.0
+- iOS SDK version: 6.13.0
+
+### React Native
+
+#### Added
+
+- Added `killOnBypass` to `TalsecConfig` that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker (Android only) ([Issue 65](https://github.com/talsec/Free-RASP-Android/issues/65))
+- Added API for `timeSpoofing` callback into `ThreatEventActions` (Android only)
+- Added API for `unsecureWifi` callback into `ThreatEventActions` (Android only)
+- Added API for `allChecksFinished` callback into new `RaspExecutionStateEventActions` object
+- Added matched permissions to `SuspiciousAppInfo` object when malware detection reason is `suspiciousPermission`
+
+### Android
+
+#### Added
+
+- Added `killOnBypass` method to the `TalsecConfig.Builder` that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker [Issue 65](https://github.com/talsec/Free-RASP-Android/issues/65)
+- We are introducing a new capability, detecting whether the device time has been tampered with (`timeSpoofing`)
+- We are introducing a new capability, detecting whether the location is being spoofed on the device (`locationSpoofing`)
+- We are introducing a new capability, detection of unsecure WiFi (`unecureWifi`)
+- Removed deprecated functionality `Pbkdf2Native` and both related native libraries (`libpbkdf2_native.so` and `libpolarssl.so`)
+- Added new `RaspExecutionState` which contains `onAllChecksFinished()` method, which is triggered after all checks are completed.
+- Added matched permissions to `SuspiciousAppInfo` object when malware detection reason is `suspiciousPermission`
+- New option to start Talsec, `Talsec.start()` takes new parameter `TalsecMode` that determines the dispatcher thread of initialization and sync checks (uses background thread by default)
+- Capability to check if another app has an option `REQUEST_INSTALL_PACKAGES` enabled in the system settings to malware detection
+
+#### Fixed
+
+- ANR issue caused by `registerScreenCaptureCallback()` method on the main thread
+- `NullPointerException` when checking key alias in Keystore on Android 7
+- `JaCoCo` issue causing `MethodTooLargeException` during instrumentation
+- `DeadApplicationException` when calling `Settings.Global.getInt` or `Settings.Secure.getInt` on invalid context
+- `AndroidKeyStore` crashes causing `java.util.concurrent.TimeoutException` when calling `finalize()` method on `Cipher` (GC issues)
+
+#### Changed
+
+- Shortened the value of threat detection interval
+- Refactoring of internal architecture of SDK that newly uses Coroutines to manage threading
+- Update of internal dependencies and security libraries
+
+### iOS
+
+#### Changed
+
+- Updated internal dependencies
+
 ## [4.2.4] - 2025-09-17
 
 - iOS SDK version: 6.12.1

android/src/main/java/com/freeraspreactnative/FreeraspReactNativeModule.kt

@@ -8,6 +8,7 @@ import android.util.Log
 import com.aheaditec.talsec_security.security.api.SuspiciousAppInfo
 import com.aheaditec.talsec_security.security.api.Talsec
 import com.aheaditec.talsec_security.security.api.TalsecConfig
+import com.aheaditec.talsec_security.security.api.TalsecMode
 import com.aheaditec.talsec_security.security.api.ThreatListener
 import com.facebook.react.bridge.Arguments
 import com.facebook.react.bridge.LifecycleEventListener
@@ -71,7 +72,7 @@ class FreeraspReactNativeModule(private val reactContext: ReactApplicationContex
       FreeraspThreatHandler.listener = ThreatListener
       listener.registerListener(reactContext)
       runOnUiThread {
-        Talsec.start(reactContext, config)
+        Talsec.start(reactContext, config, TalsecMode.BACKGROUND)
         mainHandler.post {
           talsecStarted = true
           // This code must be called only AFTER Talsec.start
@@ -231,8 +232,9 @@ class FreeraspReactNativeModule(private val reactContext: ReactApplicationContex
 
     val talsecBuilder = TalsecConfig.Builder(packageName, certificateHashes)
       .watcherMail(config.getString("watcherMail"))
-      .supportedAlternativeStores(androidConfig.getArraySafe("supportedAlternativeStores"))
       .prod(config.getBooleanSafe("isProd"))
+      .killOnBypass(config.getBooleanSafe("killOnBypass", false))
+      .supportedAlternativeStores(androidConfig.getArraySafe("supportedAlternativeStores"))
 
     if (androidConfig.hasKey("malwareConfig")) {
       val malwareConfig = androidConfig.getMapThrowing("malwareConfig")

android/src/main/java/com/freeraspreactnative/models/RNSuspiciousAppInfo.kt

@@ -10,6 +10,7 @@ import kotlinx.serialization.Serializable
 data class RNSuspiciousAppInfo(
   val packageInfo: RNPackageInfo,
   val reason: String,
+  val permissions: Set<String>?
 )
 
 /**

android/src/main/java/com/freeraspreactnative/utils/Extensions.kt

@@ -75,6 +75,7 @@ internal fun SuspiciousAppInfo.toRNSuspiciousAppInfo(context: ReactContext): RNS
   return RNSuspiciousAppInfo(
     packageInfo = this.packageInfo.toRNPackageInfo(context),
     reason = this.reason,
+    permissions = this.permissions
   )
 }
 

example/src/App.tsx

@@ -54,6 +54,7 @@ const App = () => {
     },
     watcherMail: 'your_email_address@example.com',
     isProd: true,
+    killOnBypass: true,
   };
 
   const actions = {

example/src/MalwareItem.tsx

@@ -92,6 +92,10 @@ export const MalwareItem: React.FC<{ app: SuspiciousAppInfo }> = ({ app }) => {
           </Text>
           <Text style={styles.listItemTitle}>Detection reason:</Text>
           <Text style={styles.listItem}>{app.reason}</Text>
+          <Text style={styles.listItemTitle}>Granted permissions:</Text>
+          <Text style={styles.listItem}>
+            {app.permissions?.join(', ') ?? 'Not specified'}
+          </Text>
           <HStack style={styles.buttonGroup}>
             <Button
               title={'Add to whitelist'}

package.json

@@ -1,6 +1,6 @@
 {
   "name": "freerasp-react-native",
-  "version": "4.2.4",
+  "version": "4.3.0",
   "description": "React Native plugin for improving app security and threat monitoring on Android and iOS mobile devices.",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",

src/types/types.ts

@@ -3,6 +3,7 @@ export type TalsecConfig = {
   iosConfig?: TalsecIosConfig;
   watcherMail: string;
   isProd?: boolean;
+  killOnBypass?: boolean;
 };
 
 export type TalsecAndroidConfig = {
@@ -27,6 +28,7 @@ export type TalsecMalwareConfig = {
 export type SuspiciousAppInfo = {
   packageInfo: PackageInfo;
   reason: string;
+  permissions?: string[];
 };
 
 export type PackageInfo = {

src/utils/malware.ts

@@ -16,5 +16,9 @@ export const parseMalwareData = async (
 export const toSuspiciousAppInfo = (base64Value: string): SuspiciousAppInfo => {
   const data = JSON.parse(Buffer.from(base64Value, 'base64').toString('utf8'));
   const packageInfo = data.packageInfo as PackageInfo;
-  return { packageInfo, reason: data.reason } as SuspiciousAppInfo;
+  return {
+    packageInfo,
+    reason: data.reason,
+    permissions: data.permissions,
+  } as SuspiciousAppInfo;
 };