Package com.unblu.sdk.module.integrity
Class AppIntegrityModuleApi
java.lang.Object
com.unblu.sdk.module.integrity.AppIntegrityModuleApi
Provides methods to ensure the integrity, security, and authenticity of the application and device.
This class includes functionality for key management, app update enforcement, security checks, and integrity validation.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfacestatic final classOrchestrates device and app integrity verification.static interfacestatic interfacestatic interface -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidaddBackgroundOverlay(boolean enableOverlay) Enables or disables a background overlay to prevent screen content from being captured.createDeviceIntegrityVerifier(UnbluAgentClient unbluClient) Creates aAppIntegrityModuleApi.DeviceIntegrityVerifierusing the givenUnbluAgentClient.createDeviceIntegrityVerifier(UnbluAgentClient unbluClient, AppIntegrityModuleApi.DeviceIntegrityVerifier.IntegrityTokenRequester integrityTokenRequester) Creates aAppIntegrityModuleApi.DeviceIntegrityVerifierusing the givenUnbluAgentClient.voidForces an immediate app update if one is available.voidgetChallenge(UnbluAgentClient unbluClient, SuccessCallback<String> result) Initiates a device integrity challenge using the givenUnbluAgentClient.voidhandleDeviceIntegrityChecks(UnbluAgentClient unbluClient, AppIntegrityModuleApi.DeviceIntegrityResultCallback completion) Runs the device integrity flow using the givenUnbluAgentClient.static voidhandleDeviceIntegrityChecks(AppIntegrityModuleApi.DeviceIntegrityVerifier verifier, AppIntegrityModuleApi.DeviceIntegrityResultCallback completion) Runs the device integrity flow asynchronously and calls completion with the result.booleanChecks if the device is rooted.booleanChecks if the device has a secure screen lock enabled.booleanChecks if Frida (a popular dynamic instrumentation tool) is running on the device.booleanDetects if the application is running on an emulator or being debugged.booleanChecks if a screen overlay is active on the device.voidisUpdateAvailable(android.content.Context context, AppIntegrityModuleApi.UpdateAvailabilityCallback callback) Checks if an update is available for the app.booleanChecks if the device is using a third-party keyboard.voidrequestIntegrityToken(String nonce, long cloudProjectNumber, AppIntegrityModuleApi.SuccessCallback successCallback, AppIntegrityModuleApi.ErrorCallback errorCallback) Requests an integrity token from the Play Integrity API with a specific cloud project number.voidrequestIntegrityToken(String nonce, AppIntegrityModuleApi.SuccessCallback successCallback, AppIntegrityModuleApi.ErrorCallback errorCallback) Requests an integrity token from the Play Integrity API using the default cloud project number.voidverifyAttestation(UnbluAgentClient unbluClient, String token, SuccessCallback<Boolean> result) Verifies the attestation token generated by the device during the integrity challenge.
-
Constructor Details
-
AppIntegrityModuleApi
public AppIntegrityModuleApi(android.content.Context context)
-
-
Method Details
-
requestIntegrityToken
public void requestIntegrityToken(@NonNull String nonce, @NonNull AppIntegrityModuleApi.SuccessCallback successCallback, @NonNull AppIntegrityModuleApi.ErrorCallback errorCallback) Requests an integrity token from the Play Integrity API using the default cloud project number. This overload uses DEFAULT_CLOUD_PROJECT_NUMBER (163924594738L).- Parameters:
nonce- A unique, client-generated string used to ensure freshness and prevent replay attacks. UsegetChallenge(com.unblu.sdk.core.agent.UnbluAgentClient, com.unblu.sdk.core.callback.SuccessCallback<java.lang.String>)to retrieve one.successCallback- Callback invoked when the integrity token request is successful. The retrieved integrity token is passed to this callback.errorCallback- Callback invoked when an error occurs during the request. The error message describing the failure is passed to this callback.
-
requestIntegrityToken
public void requestIntegrityToken(@NonNull String nonce, long cloudProjectNumber, @NonNull AppIntegrityModuleApi.SuccessCallback successCallback, @NonNull AppIntegrityModuleApi.ErrorCallback errorCallback) Requests an integrity token from the Play Integrity API with a specific cloud project number.- Parameters:
nonce- A unique, client-generated string used to ensure freshness and prevent replay attacks. UsegetChallenge(com.unblu.sdk.core.agent.UnbluAgentClient, com.unblu.sdk.core.callback.SuccessCallback<java.lang.String>)to retrieve one.cloudProjectNumber- The Google Cloud project number used for the Play Integrity API request.successCallback- Callback invoked when the integrity token request is successful. The retrieved integrity token is passed to this callback.errorCallback- Callback invoked when an error occurs during the request. The error message describing the failure is passed to this callback.
-
getChallenge
Initiates a device integrity challenge using the givenUnbluAgentClient.- Parameters:
unbluClient- TheUnbluAgentClientused to obtain the challenge.result- ASuccessCallbackcalled with the challenge string.
-
verifyAttestation
public void verifyAttestation(@NonNull UnbluAgentClient unbluClient, String token, SuccessCallback<Boolean> result) Verifies the attestation token generated by the device during the integrity challenge.- Parameters:
unbluClient- TheUnbluAgentClientused to verify the attestation.token- The attestation token to verify.result- ASuccessCallbackcalled with the verification result.
-
createDeviceIntegrityVerifier
public AppIntegrityModuleApi.DeviceIntegrityVerifier createDeviceIntegrityVerifier(@NonNull UnbluAgentClient unbluClient) Creates aAppIntegrityModuleApi.DeviceIntegrityVerifierusing the givenUnbluAgentClient.- Parameters:
unbluClient- TheUnbluAgentClientused to obtain challenges and verify attestations.- Returns:
- A
AppIntegrityModuleApi.DeviceIntegrityVerifierusing the default integrity token requester.
-
createDeviceIntegrityVerifier
public AppIntegrityModuleApi.DeviceIntegrityVerifier createDeviceIntegrityVerifier(@NonNull UnbluAgentClient unbluClient, @NonNull AppIntegrityModuleApi.DeviceIntegrityVerifier.IntegrityTokenRequester integrityTokenRequester) Creates aAppIntegrityModuleApi.DeviceIntegrityVerifierusing the givenUnbluAgentClient.- Parameters:
unbluClient- TheUnbluAgentClientused to obtain challenges and verify attestations.integrityTokenRequester- The requester used to obtain the integrity token.- Returns:
- A
AppIntegrityModuleApi.DeviceIntegrityVerifierusing the provided requester.
-
handleDeviceIntegrityChecks
public void handleDeviceIntegrityChecks(@NonNull UnbluAgentClient unbluClient, @NonNull AppIntegrityModuleApi.DeviceIntegrityResultCallback completion) Runs the device integrity flow using the givenUnbluAgentClient.- Parameters:
unbluClient- TheUnbluAgentClientused to obtain challenges and verify attestations.completion- Callback invoked withtruewhen the device integrity flow succeeds, orfalsewhen it fails.
-
handleDeviceIntegrityChecks
public static void handleDeviceIntegrityChecks(@NonNull AppIntegrityModuleApi.DeviceIntegrityVerifier verifier, @NonNull AppIntegrityModuleApi.DeviceIntegrityResultCallback completion) Runs the device integrity flow asynchronously and calls completion with the result. Example:UnbluAgentClient unbluClient = ...; AppIntegrityModuleApi integrity = new AppIntegrityModuleApi(context); AppIntegrityModuleApi.DeviceIntegrityVerifier verifier = integrity.createDeviceIntegrityVerifier( unbluClient, (challenge, success, error) -> integrity.requestIntegrityToken(challenge, success, error) ); AppIntegrityModuleApi.handleDeviceIntegrityChecks(verifier, isOk -> { });- Parameters:
verifier- Provides the operations required for the integrity flow.completion- Callback invoked withtruewhen the device integrity flow succeeds, orfalsewhen it fails.
-
isUpdateAvailable
public void isUpdateAvailable(android.content.Context context, AppIntegrityModuleApi.UpdateAvailabilityCallback callback) Checks if an update is available for the app.- Parameters:
context- The application context used to create theAppUpdateManager.callback- Callback invoked withtrueif an update is available, orfalseif no update is available or if the check fails.
-
forceUpdate
public void forceUpdate()Forces an immediate app update if one is available. This method checks for an available update and, if an immediate update is allowed, redirects the user to the app's Play Store page to initiate the update process. -
isDeviceScreenLockEnabled
public boolean isDeviceScreenLockEnabled()Checks if the device has a secure screen lock enabled. This method verifies whether the device has a secure lock screen mechanism, such as a PIN, pattern, or password.- Returns:
trueif a secure screen lock is enabled,falseotherwise.
-
addBackgroundOverlay
public void addBackgroundOverlay(boolean enableOverlay) Enables or disables a background overlay to prevent screen content from being captured. When enabled, this method applies theWindowManager.LayoutParams.FLAG_SECUREflag to the current activity, preventing screenshots and screen recording. When disabled, the flag is removed, allowing screen captures.- Parameters:
enableOverlay-trueto enable the overlay and prevent screen capture,falseto allow screen capture.- Throws:
ClassCastException- if the provided context is not an instance ofActivity.
-
isScreenOverlayActive
public boolean isScreenOverlayActive()Checks if a screen overlay is active on the device. This method attempts to detect whether an overlay is present by setting theWindowManager.LayoutParams.FLAG_SECUREflag and checking specific window attributes. It also verifies if the app has permission to draw overlays usingSettings.canDrawOverlays(Context).- Returns:
trueif a screen overlay is detected,falseotherwise.- Throws:
ClassCastException- if the provided context is not an instance ofActivity.
-
isUsingThirdPartyKeyboard
public boolean isUsingThirdPartyKeyboard()Checks if the device is using a third-party keyboard. This method retrieves the default input method (keyboard) set on the device and checks whether it belongs to the current application package.- Returns:
trueif a third-party keyboard is in use,falseif the default keyboard is from the app itself.
-
isRunningOnEmulatorOrDebugger
public boolean isRunningOnEmulatorOrDebugger()Detects if the application is running on an emulator or being debugged. This method checks common indicators of an emulator, such as a generic build fingerprint or a model name containing "google_sdk". It also verifies if a debugger is currently attached.- Returns:
trueif the application is running on an emulator or a debugger is connected,falseotherwise.
-
isDeviceRooted
public boolean isDeviceRooted()Checks if the device is rooted. This method uses the RootBeer library to detect root access on the device.- Returns:
trueif the device is rooted,falseotherwise.
-
isFridaRunning
public boolean isFridaRunning()Checks if Frida (a popular dynamic instrumentation tool) is running on the device. This method scans the list of running processes for known Frida-related process names, such as "frida" and "gum-js-loop". If any of these processes are found, it indicates that Frida may be running.- Returns:
trueif a Frida-related process is detected,falseotherwise.
-