Appendix B - Frequently Asked Questions (FAQ)

  1. What is Harmony App Protect?

    Harmony App Protect provides mobile security for consumer-facing applications as an SDK. Businesses can use it to ensure that their app security is expertly implemented and maintained, so developers can release new features without the need to become security experts.

  2. How does Harmony App Protect help me protect my application?

    The product enables iOS and Android apps to see the environment they operate in so they can protect themselves. This includes jailbreak/root, insecure configurations, malicious profiles (in iOS), malware detection (in Android), and Man-in-the-Middle attacks.

    It also protect the app with anti-tampering, anti-debugging, anti-repackaging and anti-emulation.

  3. How does it differ from existing mobile app security solutions?

    Most mobile app security solutions can only detect a threat to the app during an active attack.They are commonly referred to as anti-tampering solutions that provide 'App Shielding'. However, they cannot see things like advanced jailbreak/root, malware, and network attacks. Those threats enable malicious actors to steal critical data and manipulate the app without breaking its sandbox, which Harmony App Protect can detect.

  4. What operating systems does the product support?

    • Android - 5.x and above.

    • iOS - 10.x and above.

  5. What permissions does the SDK require for the app to request from the user/OS?

    The permissions to be granted to the app might vary based on the type of checks expected to be covered by the Harmony App Protect SDK.

    For optimal coverage, these permissions must be granted to the protected application:

    • ACCESS_WIFI_STATE

    • WAKE_LOCK

    • RECEIVE_BOOT_COMPLETED

    • FOREGROUND_SERVICE

    • QUERY_ALL_PACKAGES*

      * Only available on Android. Due to Google policy limitations, this permission is granted only for banking and digital wallet/payment apps.

    For iOS, no specific permission is required.

  6. What developer platforms does Harmony App Protect support?

    • Android - Android Studio

    • iOS - XCode 10.2 and higher.

  7. How large is the SDK?

    As of version 3.6.3 of the SDK:

    • Android - 1.3 MB

    • iOS - 6 MB

  8. Is there any backend system to manage?

    The Harmony App Protect solution comes with a fully managed cloud-based backend which includes:

    • A reporting UI reflecting the risk level of the devices installed with the application.

    • A UI that provides full flexibility to adapt the SDK behavior to the expected policy.

    This backend is fully managed by Check Point in terms of infrastructure. Associated hosting fees are also included in the Harmony App Protect solution pricing. The customer can control the behavior of the SDK based on the detected threat factors.

    Note that the actions to be made as per the policy UI should be handled and integrated in the logic of host mobile app.

  9. Is the product compatible with React Native?

    Yes.

  10. Is the product compatible with Flutter?

    Yes.

  11. Is the product compatible with Xamarin?

    Xamarin supports native SDK, but the product was not tested on the Xamarin platform. The customer needs to create the integration.

  12. Where in the app workflow can the SDK be integrated?

    At any point, on any screen. It is up to the customer to decide when and where. Usually the SDK runs prior to the login phase.

  13. What is the App Key?

    The App Key is a unique customer ID. It identifies all of the customer’s apps that use the SDK.

  14. What private information does the product collect and/or store?

    None. The product sees no private information and therefore does not store it.

  15. Is Harmony App Protect GDPR compliant?

    Yes. The product does not collect or process any personal information about the users.

  16. Does Harmony App Protect help with PSD2?

    Yes. PSD2 states that any app that accepts or authorizes payments must be able to check if there is malware installed on the device. This is covered in Articles 2 and 18.

  17. What framework is used for development?

    Cordova, React Native, clutter, and native.

  18. What are the third party libraries used by the Harmony App Protect SDK?

    • On iOS:

      • SwiftKeychainWrapper

      • AWSS3

      • AWSCore

      • RNCryptor

      • Alamofire

      • SSZipArchive

     

    • On Android:

      • log4j

      • room

      • workmanager

      • dagger

      • common-io