Package com.unblu.sdk.module.integrity

Class AppIntegrityModuleApi

java.lang.Object
com.unblu.sdk.module.integrity.AppIntegrityModuleApi
public class AppIntegrityModuleApi extends Object
Provides methods to ensure the integrity, security, and authenticity of the application and device. This class includes functionality for key management, app update enforcement, security checks, and integrity validation.

  • Constructor Details

    • AppIntegrityModuleApi

      public AppIntegrityModuleApi(android.content.Context context)

  • Method Details

    • requestIntegrityToken

      public void requestIntegrityToken(@NonNull String nonce, @NonNull AppIntegrityModuleApi.SuccessCallback successCallback, @NonNull AppIntegrityModuleApi.ErrorCallback errorCallback)
      Requests an integrity token from the Play Integrity API using the default cloud project number. This overload uses DEFAULT_CLOUD_PROJECT_NUMBER (163924594738L).
      Parameters:
      nonce - A unique, client-generated string used to ensure freshness and prevent replay attacks. Use getChallenge(com.unblu.sdk.core.agent.UnbluAgentClient, com.unblu.sdk.core.callback.SuccessCallback<java.lang.String>) to retrieve one.
      successCallback - Callback invoked when the integrity token request is successful. The retrieved integrity token is passed to this callback.
      errorCallback - Callback invoked when an error occurs during the request. The error message describing the failure is passed to this callback.

    • requestIntegrityToken

      public void requestIntegrityToken(@NonNull String nonce, long cloudProjectNumber, @NonNull AppIntegrityModuleApi.SuccessCallback successCallback, @NonNull AppIntegrityModuleApi.ErrorCallback errorCallback)
      Requests an integrity token from the Play Integrity API with a specific cloud project number.
      Parameters:
      nonce - A unique, client-generated string used to ensure freshness and prevent replay attacks. Use getChallenge(com.unblu.sdk.core.agent.UnbluAgentClient, com.unblu.sdk.core.callback.SuccessCallback<java.lang.String>) to retrieve one.
      cloudProjectNumber - The Google Cloud project number used for the Play Integrity API request.
      successCallback - Callback invoked when the integrity token request is successful. The retrieved integrity token is passed to this callback.
      errorCallback - Callback invoked when an error occurs during the request. The error message describing the failure is passed to this callback.

    • getChallenge

      public void getChallenge(@NonNull UnbluAgentClient unbluClient, SuccessCallback<String> result)
      Initiates a device integrity challenge using the given UnbluAgentClient.
      Parameters:
      unbluClient - The UnbluAgentClient used to obtain the challenge.
      result - A SuccessCallback called with the challenge string.

    • verifyAttestation

      public void verifyAttestation(@NonNull UnbluAgentClient unbluClient, String token, SuccessCallback<Boolean> result)
      Verifies the attestation token generated by the device during the integrity challenge.
      Parameters:
      unbluClient - The UnbluAgentClient used to verify the attestation.
      token - The attestation token to verify.
      result - A SuccessCallback called with the verification result.

    • createDeviceIntegrityVerifier

      public AppIntegrityModuleApi.DeviceIntegrityVerifier createDeviceIntegrityVerifier(@NonNull UnbluAgentClient unbluClient)
      Creates a AppIntegrityModuleApi.DeviceIntegrityVerifier using the given UnbluAgentClient.
      Parameters:
      unbluClient - The UnbluAgentClient used to obtain challenges and verify attestations.
      Returns:
      A AppIntegrityModuleApi.DeviceIntegrityVerifier using the default integrity token requester.

    • createDeviceIntegrityVerifier

      public AppIntegrityModuleApi.DeviceIntegrityVerifier createDeviceIntegrityVerifier(@NonNull UnbluAgentClient unbluClient, @NonNull AppIntegrityModuleApi.DeviceIntegrityVerifier.IntegrityTokenRequester integrityTokenRequester)
      Creates a AppIntegrityModuleApi.DeviceIntegrityVerifier using the given UnbluAgentClient.
      Parameters:
      unbluClient - The UnbluAgentClient used to obtain challenges and verify attestations.
      integrityTokenRequester - The requester used to obtain the integrity token.
      Returns:
      A AppIntegrityModuleApi.DeviceIntegrityVerifier using the provided requester.

    • handleDeviceIntegrityChecks

      public void handleDeviceIntegrityChecks(@NonNull UnbluAgentClient unbluClient, @NonNull AppIntegrityModuleApi.DeviceIntegrityResultCallback completion)
      Runs the device integrity flow using the given UnbluAgentClient.
      Parameters:
      unbluClient - The UnbluAgentClient used to obtain challenges and verify attestations.
      completion - Callback invoked with true when the device integrity flow succeeds, or false when it fails.

    • handleDeviceIntegrityChecks

      public static void handleDeviceIntegrityChecks(@NonNull AppIntegrityModuleApi.DeviceIntegrityVerifier verifier, @NonNull AppIntegrityModuleApi.DeviceIntegrityResultCallback completion)
      Runs the device integrity flow asynchronously and calls completion with the result. Example: 
      
 UnbluAgentClient unbluClient = ...;
 AppIntegrityModuleApi integrity = new AppIntegrityModuleApi(context);

 AppIntegrityModuleApi.DeviceIntegrityVerifier verifier =
         integrity.createDeviceIntegrityVerifier(
                 unbluClient,
                 (challenge, success, error) -> integrity.requestIntegrityToken(challenge, success, error)
         );

 AppIntegrityModuleApi.handleDeviceIntegrityChecks(verifier, isOk -> {
 });
      Parameters:
      verifier - Provides the operations required for the integrity flow.
      completion - Callback invoked with true when the device integrity flow succeeds, or false when it fails.

    • isUpdateAvailable

      public void isUpdateAvailable(android.content.Context context, AppIntegrityModuleApi.UpdateAvailabilityCallback callback)
      Checks if an update is available for the app.
      Parameters:
      context - The application context used to create the AppUpdateManager.
      callback - Callback invoked with true if an update is available, or false if no update is available or if the check fails.

    • forceUpdate

      public void forceUpdate()
      Forces an immediate app update if one is available. This method checks for an available update and, if an immediate update is allowed, redirects the user to the app's Play Store page to initiate the update process.

    • isDeviceScreenLockEnabled

      public boolean isDeviceScreenLockEnabled()
      Checks if the device has a secure screen lock enabled. This method verifies whether the device has a secure lock screen mechanism, such as a PIN, pattern, or password.
      Returns:
      true if a secure screen lock is enabled, false otherwise.

    • addBackgroundOverlay

      public void addBackgroundOverlay(boolean enableOverlay)
      Enables or disables a background overlay to prevent screen content from being captured. When enabled, this method applies the WindowManager.LayoutParams.FLAG_SECURE flag to the current activity, preventing screenshots and screen recording. When disabled, the flag is removed, allowing screen captures.
      Parameters:
      enableOverlay - true to enable the overlay and prevent screen capture, false to allow screen capture.
      Throws:
      ClassCastException - if the provided context is not an instance of Activity.

    • isScreenOverlayActive

      public boolean isScreenOverlayActive()
      Checks if a screen overlay is active on the device. This method attempts to detect whether an overlay is present by setting the WindowManager.LayoutParams.FLAG_SECURE flag and checking specific window attributes. It also verifies if the app has permission to draw overlays using Settings.canDrawOverlays(Context).
      Returns:
      true if a screen overlay is detected, false otherwise.
      Throws:
      ClassCastException - if the provided context is not an instance of Activity.

    • isUsingThirdPartyKeyboard

      public boolean isUsingThirdPartyKeyboard()
      Checks if the device is using a third-party keyboard. This method retrieves the default input method (keyboard) set on the device and checks whether it belongs to the current application package.
      Returns:
      true if a third-party keyboard is in use, false if the default keyboard is from the app itself.

    • isRunningOnEmulatorOrDebugger

      public boolean isRunningOnEmulatorOrDebugger()
      Detects if the application is running on an emulator or being debugged. This method checks common indicators of an emulator, such as a generic build fingerprint or a model name containing "google_sdk". It also verifies if a debugger is currently attached.
      Returns:
      true if the application is running on an emulator or a debugger is connected, false otherwise.

    • isDeviceRooted

      public boolean isDeviceRooted()
      Checks if the device is rooted. This method uses the RootBeer library to detect root access on the device.
      Returns:
      true if the device is rooted, false otherwise.

    • isFridaRunning

      public boolean isFridaRunning()
      Checks if Frida (a popular dynamic instrumentation tool) is running on the device. This method scans the list of running processes for known Frida-related process names, such as "frida" and "gum-js-loop". If any of these processes are found, it indicates that Frida may be running.
      Returns:
      true if a Frida-related process is detected, false otherwise.