Skip to content

zengxs/RiskEngine

BranchesTags
 
 

Repository files navigation

RiskEngine

中文

An Android SDK for local device fingerprinting and runtime risk detection. Built on a Java + C++17 dual-layer architecture, RiskEngine collects device signals, runs environment detectors, and returns a structured RiskReport to the host app.

Requirements

  • JDK 17+
  • Android Gradle Plugin 8.13.1
  • Compile SDK 36 / Min SDK 30
  • CMake 3.22.1+, C++17

Quick Start

Build the SDK and demo:

./build.sh sdk      # build SDK only
./build.sh demo     # build demo app
./build.sh all      # build both
./build.sh clean    # clean

Or use Gradle directly:

./gradlew :riskengine-sdk:assembleRelease
./gradlew :demo:assembleDebug

Initialize and collect:

RiskEngineConfig config = new RiskEngineConfig.Builder()
        .debugLog(true)
        .collectTimeout(15000)
        .build();

RiskEngine.init(context, config);

RiskEngine.collect(new RiskEngineCallback() {
    @Override
    public void onSuccess(RiskReport report) {
        Log.d("RiskEngine", "Risk: " + report.getOverallRiskLevel());
        Log.d("RiskEngine", "Score: " + report.getRiskScore());
    }

    @Override
    public void onError(Throwable error) {
        Log.e("RiskEngine", "Collect failed", error);
    }
});

Synchronous collection:

RiskReport report = RiskEngine.collectSync();
String json = RiskEngine.getReportJson();

Call RiskEngine.shutdown() when the SDK is no longer needed.

Core Detections

Area Examples
Root su, Magisk, dangerous props, writable system paths
Hook Xposed/LSPosed, Frida, suspicious maps and processes
Emulator Build props, QEMU artifacts, native emulator markers
Debugging Debug flags, tracer pid, gdb/lldb/IDA artifacts
Sandbox / container Container files, cgroup markers, virtualized paths
Device fingerprint Android ID, build props, telephony, Wi-Fi, Bluetooth, screen, APK signature

Output

RiskReport includes:

Field Description
fingerprint Aggregated device fingerprint values
detections Detector results and evidence
overallRiskLevel Final risk level
riskScore Numeric score derived from detector results
timestampMs Collection timestamp
sdkVersion SDK version string

Public API

API Description
RiskEngine.init(Context, RiskEngineConfig) Initialize the SDK
RiskEngine.collect(RiskEngineCallback) Run collection asynchronously
RiskEngine.collectSync() Run collection synchronously
RiskEngine.getReportJson() Collect and return the report as JSON
RiskEngine.shutdown() Release SDK resources
RiskEngineConfig.Builder.debugLog(boolean) Toggle SDK logs
RiskEngineConfig.Builder.collectTimeout(long) Set collection timeout (ms)

The SDK ships with consumer-rules.pro; host apps need no extra ProGuard rules for the public API.

Documentation

See doc/Implementation_Details.md for the full implementation details.

License

See LICENSE.

About

A mobile security risk control solution including an SDK and a management platform.

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Java 68.7%
  • C++ 27.5%
  • Shell 1.9%
  • C 1.3%
  • CMake 0.6%