Free-RASP-Community
Free-RASP-Community copied to clipboard
talsec
feat: Rerun checks when coming from background
I have added free-rasp at the entry point of our app. When app is open for the first time, all call-backs coming from andoirdCallbacks are working.
But then, I will press back button from android device, the app is closed, and when I will open the app again (without clearing app from Recent menu) then call-backs are not working. If I remove app from Recent menu, and then open the app again then it is working again.
Technically, if app is open at any point of time, call-backs should work.
Using freerasp 3.0.1 version.
Hello @meetp-interpay,
freeRASP runs the initial checks immediately after the app was started. However, after that, the checks are run periodically, which means that you might want to wait for a couple of minutes before you see the threats being detected. This applies also for your described use case.
Please, try to leave the app running for up to 10 minutes after you bring it back from background. The checks should start to fail.
Don't forget to let us know if this solved the problem.
Best,
Tomas, Talsec developer
Hello @tompsota ,
Thanks for your response.
Just wanted to know, does this will be the same behaviour for commercial version (Business RASP+, AppiCrypt) or is this only in freeRASP ?
Hello @meetp-interpay,
you will not encounter this issue in the commercial version of our libraries. There are additional API options that enable the wrapper to update all checks when the application lifecycle changes. Unfortunately, this is not possible in freeRASP at the moment. We will look at this issue in freeRASP as well in the near future.
Best regards,
Tomas, Talsec developer
@tompsota Can you expose these function as synchrounous api which returns threat boolean value when called
Hello @meetp-interpay,
freeRASP runs the initial checks immediately after the app was started. However, after that, the checks are run periodically, which means that you might want to wait for a couple of minutes before you see the threats being detected. This applies also for your described use case.
Please, try to leave the app running for up to 10 minutes after you bring it back from background. The checks should start to fail.
Don't forget to let us know if this solved the problem.
Best,
Tomas, Talsec developer
@tompsota Is there any solution where we can dispose it and call again?
Hello,
@deepanshushukla, due to other security concerns, we do not provide synchronous API to trigger the RASP security audit. However, we are working on an enhanced version of the freeRASP API, which should partially resolve your issues. Stay tuned for that!
@hanishSplenta, in freeRASP, there isn't currently a way how to force start the security audit. However, with Talsec, we offer additional solutions to help overcome this limitation:
- RASP+ RASP+ allows you to customize the detection interval in your own SDK build to better match your requirements. We’re also working on a dynamic interval management feature, which will give you even more control over how frequently each check runs. Additionally, RASP+ includes built-in threat responses, so you won’t have to wait for callbacks to react to detections. For more details on the differences between freeRASP and RASP+, check out our GitBook: https://docs.talsec.app/freerasp/features-and-pricing-plans/the-key-differences-freerasp-vs.-rasp+
- AppiCrypt AppiCrypt secures communication between your app and backend. It includes the results of the Talsec security audit, which you can verify server-side. This way, you can confirm that the device sending the request has passed the security checks before proceeding with further communication. Learn more about AppiCrypt here: https://docs.talsec.app/premium-products/appicrypt-product-page.
Let us know if you have any further questions.
Regards,
Tomas from Talsec