Examples of API response

Important Update - Harmony App Protect End of Support

 

Check Point’s Harmony App Protect will be end of support soon.

For more information on key actions and timelines, see Harmony App Protect End-of-Life - Check Point CheckMates.

These are the options to the Harmony App Protect responses for getCurrentStatus and getDetails APIs.

See MiTM example in API Documentation.

  • Malware app:

    1. getCurrentStatus:

      Copy 
      “MALWARE” -> “The application is a malware”

    2. getDetails:

      Copy 
      [{"findings":[{"group":"MALWARE","threatFactors":["GENERIC_MALWARE"]}],"metadata":{"appName":"Test Virus","packageName":"com.androidantivirus.testvirus","type":"app"}}]

  • Rooted device:

    1. getCurrentStatus:

      Copy 
      “JAILBROKEN_ROOTED” -> “Device is Jailbroken”

    2. getDetails:

      Copy 
      [{"findings":[{"group":"JAILBROKEN_ROOTED","threatFactors":["ROOTED"]}],"metadata":{"type":"root"}}]

  • Various device settings (properties):

    1. getCurrentStatus:

      Copy 
      “OS_INTEGRITY_COMPROMISED” -> “Device OS is compromised.”

    2. getDetails:

      Copy 
      [{"findings":
      [{"group":"OS_INTEGRITY_COMPROMISED","threatFactors":["ADB_ENABLED"]}],
      "metadata":{"type":" device_settings"}}]

Available device settings threat factors:

  • ADB_ENABLED

  • UNKNOWN_SOURCES

  • NO_SCREEN_LOCK_PROTECTION

  • SECURITY_PATCH_NOT_UPDATED

  • DATA__NOT_ENCRYPTED

General example of the getDetails return value:

Copy 
{
        "metadata": {
            "type": "app/network/property" 
            //More properties regarding the threat
                    },
                    "findings": [
                         {
                            "group": "GROUP_NAME",
                            "threatFactors": ["TF1","TF2"] //TFs linked to this group
                         }
                              ]
                    }

 

Copy 
/**
            * Checks if first scan of the device threats is completed. before it is, the result
            *  of getCurrentStatus will
            * not reflect the real and full state of the device.
            *
            * @return true if the first scan of the device threat is finished.
            * @throws IllegalStateException if tried to be executed before the client is
            *  initialized
            */
            public boolean isFirstScanCompleted() throws IllegalStateException;

 

isFirstScanCompleted - When the Harmony App Protect completes initialization, it runs a full scan for all the valid detection types. Until the scan is completed, the device risk status is only partially visible (depending on the finished scans). To check if the initial scan is completed and the risk status is fully updated, the hosting app should call this method.

As soon as the first scan is completed (may take up to a few minutes and depends on the number of apps installed on the device and network connectivity), the hosting app can rely on the device risk status at all times because the Harmony App Protect continues to monitor changes. If the first scan is not yet complete, the hosting app should listen to the ACTION_FIRST_SCAN broadcast for notification when it is complete.

Copy 
/**
        * Performing specific detections with a callback.
        *
        * @param callback Callback to be called when the detections are completed,
        * or the timeout expires
        * @param timeout How long to wait for result. If passed timeout is not 
        * positive, there will be no timeout.
        * @param timeUnit The time unit of the timeout. @see 
        * java.util.concurrent.{@link TimeUnit}. If passed null, there will be no timeout.
        * @param detectionTypes The detections you want to run. Empty list means all the
        * detections your eligible to.
        * @throws IllegalStateException If tried to be executed with an unknown detection
        * type
        * @throws SBMMissingPermissionException If permissions are missing for the 
        * requested detections
        */
        public void scan(SBMScanCallback callback, int timeout, @Nullable TimeUnit timeUnit, @SBMDetectionType.DetectionType int... detectionTypes) throws SBMMissingPermissionException, IllegalStateException 

 

scan - In addition to constantly monitoring the device for changes, the Harmony App Protect can also be triggered to rerun scans for specific detection types. This should be only used before running a highly sensitive operation and not as a default use-case for the Harmony App Protect. The result of the triggered scan is saved to the device current status (it also triggers an ACTION_STATUS_CHANGED broadcast if there is a change), and the callback for the method receives detailed information on which detections were completed and which failed due to timeout or another reason.

 

Parameter

Type

Required

Description

callback

SBMScanCallback

No

Callback for receiving the detection result.

timeout

Int

Yes

Timeout for the detection process. If the time passed, the callback is called and indication passes for each detection status.

It usually takes from a couple of seconds to a few tens of seconds to complete a scan depending on the network connectivity, number of apps and time from last scan.

timeUnit

TimeUnit

Yes

 

detectionTypes

SBMDetectionType ...

No

The detections you want to run. You can specify which detections you want. Runs all detections if none is passed.

 

Copy 
/** 
    * Scan apk file on device 
    * 
    * @param callback Callback to be called when the file scan is completed.  
    * @param path Path to an apk file 
    */
    public void scanFile(@NonNull SBMFileScanCallback callback, @NonNull String path)

scanFile – Scan apk file according to its path on the device. You need to handle the external storage permission approval before calling this API.

This detection is stateless and does not affect the device risk. It might be used to scan apps pre-installation.