I've made a research on OS, YouTube and GitHub. I followed the steps described on https://pub.dev/packages/freerasp and everything seems to be working fine. The question is, should I use the ThreatCallback or the TalsecCallback? Each callback checks for not the same things exactly.
As a side note, an easier way to get your hash, if you cannot run the Gradle Task is: Go to your Google Play Console > View App > Setup > App Signing > App Signing Key Certificate > SHA 256. Then use https://base64.guru/converter/encode/hex as suggested.
void main() async {
WidgetsFlutterBinding.ensureInitialized();
// create configuration for freeRASP
final config = TalsecConfig(
/// For Android
androidConfig: AndroidConfig(
packageName: 'com.tada.tadaaa',
signingCertHashes: ['dslkhfsdakjhfkjdshfkdshkfdsh'],
supportedStores: ['adb', 'com.sec.android.app.samsungapps'],
),
/// For iOS
iosConfig: IOSConfig(
bundleIds: ['com.tada.tadAAAA'],
teamId: 'fsdjhgfksjdhgj',
),
watcherMail: '[email protected]',
isProd: false,
);
// Setting up callbacks
final callback = ThreatCallback(
onAppIntegrity: () => print("App integrity"),
onObfuscationIssues: () => print("Obfuscation issues"),
onDebug: () => print("Debugging"),
onDeviceBinding: () => print("Device binding"),
onDeviceID: () => print("Device ID"),
onHooks: () => print("Hooks"),
onPasscode: () => print("Passcode not set"),
onPrivilegedAccess: () => print("Privileged access"),
onSecureHardwareNotAvailable: () => print("Secure hardware not available"),
onSimulator: () => print("Simulator"),
onUnofficialStore: () => print("Unofficial store"));
// Attaching listener
Talsec.instance.attachListener(callback);
await Talsec.instance.start(config);
...
runApp(const App());
}
jailbreak detection for example is available on one callback but it is not on the other.
Addressing the concerns.
If you're using a version older than 5.0.0 use the TalsecCallback. As of now, if you're using a version 5.0.0 or newer you should preferably use the ThreatCallback callback as exemplified here https://github.com/talsec/Free-RASP-Flutter/blob/master/example/lib/threat_notifier.dart.
The jailbreak threat is now handled by "onPrivilegedAccess".
Instead of printing out those error messages a better approach could be:
bool threatDetected = false;
void main() async {
WidgetsFlutterBinding.ensureInitialized();
final config = TalsecConfig(
androidConfig: AndroidConfig(
packageName: 'net.xyz',
signingCertHashes: ['hashhash'],
supportedStores: ['adb', 'com.sec.android.app.samsungapps'],
//supportedStores: ['com.sec.android.app.samsungapps'],
),
iosConfig: IOSConfig(
bundleIds: ['net.xyz'],
teamId: '123456789',
),
watcherMail: '[email protected]',
isProd: false,
);
final callback = ThreatCallback(
onAppIntegrity: () => threatDetected = true,
onObfuscationIssues: () => threatDetected = true,
onDebug: () => threatDetected = true,
onDeviceBinding: () => threatDetected = true,
onDeviceID: () => threatDetected = true,
onHooks: () => threatDetected = true,
onPasscode: () => threatDetected = true,
onPrivilegedAccess: () => threatDetected = true,
onSecureHardwareNotAvailable: () => threatDetected = true,
onSimulator: () => threatDetected = true,
onUnofficialStore: () => threatDetected = true,
);
Talsec.instance.attachListener(callback);
await Talsec.instance.start(config);
...
runApp(const App());
}
...
child: MaterialApp(
home: threatDetected ? const UnAuthorizedScreen() : const SplashScreen(),
...