From 81389f88a0198377dfe6ef6e8fe2d09886ab90d2 Mon Sep 17 00:00:00 2001 From: Tomas Kypta Date: Fri, 21 Jun 2024 19:53:13 +0200 Subject: [PATCH] Update documentation --- docs/Android-Anti-Malware-Feature.md | 28 +++++++++++------ docs/Configuration.md | 47 ++++++++++++++-------------- 2 files changed, 42 insertions(+), 33 deletions(-) diff --git a/docs/Android-Anti-Malware-Feature.md b/docs/Android-Anti-Malware-Feature.md index a5119e1..e3b0e75 100644 --- a/docs/Android-Anti-Malware-Feature.md +++ b/docs/Android-Anti-Malware-Feature.md @@ -1,10 +1,10 @@ # Android Anti-Malware Feature -Malwarelytics for Cordova supports both mainstream mobile platforms - Android and iOS. Android platform provides Anti-Malware feature which is not available for iOS. +Malwarelytics for Cordova supports both mainstream mobile platforms - Android and iOS. The solution for the Android platform offers an Anti-Malware feature which is not available for iOS. ## Smart Protection -An app can integrate Malwarelytics for Android in various degrees of customization. On one extreme it can use its raw APIs - observers and method calls - and implement all the app behaviors. On the other extreme, it can integrate the SDK "hassle-free" and use the built-in **Smart Protection**. +An app can integrate Malwarelytics for Android in various degrees of customization. As one extreme, it can use its raw APIs - observers and method calls - and implement all the app behaviors. As the other extreme, it can integrate the SDK "hassle-free" and use the built-in **Smart Protection**. **Smart Protection** is a set of automatic behaviors, that are enabled by default. They involve timed evaluations of the installed apps, suggestion updates, initial scans, and automatic evaluation of app changes. @@ -18,22 +18,23 @@ with the remote console. Available automatic threat mitigations: -- Displaying app screen with a list of dangerous apps. -- Displaying notification about a dangerous app. +- Displaying the app screen with a list of dangerous apps. +- Displaying notifications about a dangerous app. ### Configuring Smart Protection -Smart Protection can be configured in the initial cordova SDK initialization: +Smart Protection can be configured in the initial Cordova SDK initialization: ```js await window.plugins.malwarelytics.initialize({ // Configuration for the Android platform androidConfig: { antivirusConfig: { // Configuration of the antivirus component + enableAntivirus: true, // Whether to disable AV feature enableSilentMode: false, // Silent mode enabled = no UI - onlineCheckIntervalHours: 48, // check for update every 48 hours - updateOnInitialize: true // the virus database will be updated on the startup + onlineCheckIntervalHours: 48, // Check for updates every 48 hours + updateOnInitialize: true // The virus database will be updated on the startup } } } @@ -56,17 +57,17 @@ await window.plugins.malwarelytics.android.antivirus.triggerSmartProtection(fals Method `triggerSmartProtection(Boolean)` returns `SmartProtectionResult` containing information about performed actions: - Whether any UI (app screen or notification) was displayed. - Whether a successful online update was performed. -- Whether evaluation of apps on the device succeeded. +- Whether the evaluation of apps on the device succeeded. ## Manual Threat Fetching -List of threats can be fetched manually via: +A list of threats can be fetched manually via: ```js // obtain list of threats const list = await window.plugins.malwarelytics.android.antivirus.getThreatList(); -// filter and print out apps that are higli dangerous or malware +// filter and print out apps that are highly dangerous or malware list.items.filter(i => i.threatIndex == "MALWARE" || i.threatIndex == "HIGHLY_DANGEROUS").forEach( async apk => { let apkInfo = await window.plugins.malwarelytics.android.antivirus.getApkInfo(apk.packageName); console.log(apkInfo); @@ -115,6 +116,13 @@ When the updates are no longer desired, the observer can be cleared with: window.plugins.malwarelytics.android.antivirus.clearUpdateObserver(); ``` +### Checking AV Feature Status + +After configuration, it's possible to check the status (whether it's enabled or disabled) of the AV feature by using the `isAvEnabled()` method on the `MalwarelyticsAndroidAntivirus`: + +```js +window.plugins.malwarelytics.android.antivirus.isAvEnabled(); +``` ## Read Next diff --git a/docs/Configuration.md b/docs/Configuration.md index f27e5df..789aea0 100644 --- a/docs/Configuration.md +++ b/docs/Configuration.md @@ -1,9 +1,9 @@ # Configuration -The minimum configuration for the Malwarelytics is setting up the username, password, and the public key in the `malwarelytics.xml` (for each platform Android/iOS). However, we recommend configuring all features that are present in the SDK. +The minimum configuration for Malwarelytics is setting up the username, password, and public key in the `malwarelytics.xml` (for each platform Android/iOS). However, we recommend configuring all features that are present in the SDK. -The `Username`, `Password` and `Signature Public Key` can be obtained in [the Malwarelytics console](https://app.malwarelytics.com/sdk-download). Note that these credentials are bound to your application Package Name/Bundle ID. If you need to support multiple environments (Package names/Bundle IDs), you need different credentials for each environment. +The `Username`, `Password`, and `Signature Public Key` can be obtained in [the Malwarelytics console](https://app.malwarelytics.com/sdk-download). Note that these credentials are bound to your application Package Name/Bundle ID. If you need to support multiple environments (Package names/Bundle IDs), you need different credentials for each environment. ## Environment @@ -15,8 +15,8 @@ Malwarelytics offers two environments `PRODUCTION` (default value) for productio To enable Malwarelytics in your Cordova app, you need to call the `initialize` method with the following configuration object. All properties are optional. ```js -// Note that all the folowing configurations are optional, you can pass empty object {} and it will work. -// It is recommended to set your client id though to identify the user. +// Note that all the following configurations are optional, you can pass empty object {} and it will work. +// It is recommended to set your client ID to identify the user. await window.plugins.malwarelytics.initialize({ clientId: "your-client-id", // To identify the user. Can be changed later. deviceId: "your-client-id", // To identify the users phone. Can be changed later. @@ -25,13 +25,14 @@ await window.plugins.malwarelytics.initialize({ androidConfig: { languageCode: "en", // Language of the UI (for smart protection) antivirusConfig: { // Configuration of the antivirus component + enableAntivirus: true, // Whether to disable AV feature enableSilentMode: false, // Silent mode enabled = no UI - onlineCheckIntervalHours: 48, // check for update every 48 hours - updateOnInitialize: true // the virus database will be updated on the startup + onlineCheckIntervalHours: 48, // Check for updates every 48 hours + updateOnInitialize: true // The virus database will be updated on the startup }, - raspConfig: { // configiration of the Runtime Application Self Protection + raspConfig: { // configuration of the Runtime Application Self-Protection emulator: { - action: "NOTIFY" // to enable observer reports, but don't exit when on emulator + action: "NOTIFY" // to enable observer reports, but don't exit when on an emulator }, root: { action: "EXIT", // to exit when the device is rooted @@ -48,7 +49,7 @@ await window.plugins.malwarelytics.initialize({ signatureHash: ["a9fe....6d94"] // hash of the apps signature (Base64-encoded SHA-1 hash) }, screenSharing: { - action: "NOTIFY" // to enable observer reports, but don't exit when screen is shared + action: "NOTIFY" // to enable observer reports, but don't exit when the screen is shared }, screenshot: { action: "BLOCK" // to block screenshots @@ -65,7 +66,7 @@ await window.plugins.malwarelytics.initialize({ action: "BLOCK", // to block tapjacking blockTapjackingSensitivity: "HIGHLY_DANGEROUS", // block tapjacking for highly dangerous and malware apps ignoreTapjackingSystemApps: false, // whether to ignore system apps in blocking tapjacking - allowedTapjackingApps: [] // list of apps capabale of tapjacking that will be ignored + allowedTapjackingApps: [] // list of apps capable of tapjacking that will be ignored }, httpProxy: { action: "NOTIFY" // to enable observer reports @@ -90,7 +91,7 @@ await window.plugins.malwarelytics.initialize({ } }, customerGrouping: { - // customer grouping is advanced technique that is described in separated documentation topic + // Customer grouping is an advanced technique that is described in separate documentation topic sourcePackageName: null, appPackageName: null, audienceGroupId: null @@ -100,22 +101,22 @@ await window.plugins.malwarelytics.initialize({ // Configuration for the Apple platform appleConfig: { - raspConfig: { // configiration of the Runtime Application Self Protection - // when the device is jalibreaked, exit and show url + raspConfig: { // configuration of the Runtime Application Self-Protection + // when the device is jailbroken, exit and show the URL jailbreak: { action: "EXIT", exitUrl: "https://wultra.com?exit=jalibreak" }, - // when debugger is connected, exit and show url + // when a debugger is connected, exit and show the URL debugger: { action: "EXIT", exitUrl: "https://wultra.com?exit=debugger" }, - // when reverse engineering tools are present, notify via the observer + // when reverse engineering tools are present, notify the observer reverseEngineeringTools: { action: "NOTIFY" }, - // when HTTP proxy is on, notify via the observer + // when an HTTP proxy is on, notify the observer httpProxy: { action: "NOTIFY" }, - // when the app is repackaged, exit and show url + // when the app is repackaged, exit and show the URL repackage: { action: "EXIT", exitUrl: "https://wultra.com?exit=repackaged", base64EncodedTrustedCertificates: ["BASE64encodedcert"]}, - // when screen is being captured, notify via the observer + // when the screen is being captured, notify the observer screenCapture: { action: "NOTIFY" }, - // when VPN is on, notify via the observer + // when VPN is on, notify the observer vpnChanged: { action: "NOTIFY" }, - // when there's an ongoing call, notify via the observer + // when there's an ongoing call, notify the observer callDetection: { action: "NOTIFY" } }, onlineConfig: { @@ -124,7 +125,7 @@ await window.plugins.malwarelytics.initialize({ enableScreenshotTakenCollection: true // enable screenshot event collection }, customerGrouping: { - // customer grouping is advanced technique that is described in separated documentation topic + // Customer grouping is an advanced technique that is described in separate documentation topic sourceBundleId: null, appBundleId: null, audienceGroupId: null @@ -139,9 +140,9 @@ await window.plugins.malwarelytics.initialize({ The SDK allows passing custom values that are used to group data in the Malwarelytics web console application. The configuration items in `MalwarelyticsConfig.android.customerGrouping` and `MalwarelyticsConfig.android.customerGrouping` add extra metadata that is passed into the web console. -The data allow to split data into groups and obtain different views on the data. +The data allows us to split data into groups and obtain different views on the data. -Limitations for the strings are following: +Limitations for the strings are the following: - Max length of the `sourceBundleId`/`sourcePackageName` is 255 characters - Max length of the `appBundleId`/`appPackageName ` is 255 characters