API Documentation

Important Update - Harmony App Protect End of Support

Check Point’s Harmony App Protect will be end of support soon.

For more information on key actions and timelines, see Harmony App Protect End-of-Life - Check Point CheckMates.

Harmony App Protect is accessible by the SBM class.

Register

Copy

 + (void)initializeWithAPIKey:(NSString * _Nonnull)apiKey 
callbackQueue:(NSOperationQueue * _Nonnull)callbackQueue completion:(void (^_Nonnull)
(SBMClientRegistrationResult result))completion;

Parameters to configure the Harmony App Protect:

Parameter	Type	Description
apiKey	String	API key for the Harmony App Protect. It is provided during the registration. To find the token, go to Using SDK > Implementation Instructions > Step 3 - Initialize the SDK.
callbackQueue	NSOperationQueue	The callback queue in which the completion block is called in.
completion	Block	A completion block to process the registration response.

Parameter

Type

Description

apiKey

String

API key for the Harmony App Protect. It is provided during the registration.

To find the token, go to Using SDK > Implementation Instructions > Step 3 - Initialize the SDK.

callbackQueue

NSOperationQueue

The callback queue in which the completion block is called in.

completion

Block

A completion block to process the registration response.

AntiDebugging

Copy

+ (void)enableAntiDebugging;

Enables anti-debugging and protects the app from malicious attempts to access the app code using debugging tools. We recommend that you enable anti-debugging only when you publish the app on to the app store.

Device ID

Copy

+ (NSString * _Nullable)deviceId;

Returns the client identifier, a random UUID Universal Unique Identifier. A UUID is a 128-bit value used to uniquely identify an object or entity on the internet. for this device used in the Harmony App Protect. This is the only identifier to identify Harmony App Protect in the Harmony App Protect server backend. We recommend that the hosting app save or print this identifier to include it when you report issues with the Harmony App Protect.

Detect

Scan Device

Copy

+ (void)scanFeatures:(NSArray<NSNumber*>* _Nonnull)features 
callbackQueue:(NSOperationQueue * _Nonnull)callbackQueue 
completion:(void (^_Nonnull)(NSArray<SBMScanResult*> * _Nonnull scanResults))completion;

Parameters:

Parameter	Type	Description
features	NSArray<NSNumber*>	Array of features that should be scanned. Contains an array of NSNumber objects which represent SBMClientDetectionType.
callbackQueue	NSOperationQueue	The callback queue which the completion block will be called in.
completion	Block	Called at the end of the scan.

Current Device Risk Status

The method returns the current device risk status.

Copy

+ (void)getCurrentStatusWithCallbackQueue:(NSOperationQueue * _Nonnull)callbackQueue
completion:(void (^_Nonnull)(NSDictionary<NSString*, NSString*> * _Nonnull stauts, 
NSDate * _Nullable lastSuccessfullScanDate))completion;

Parameters:

Parameter

Type

Description

callbackQueue

NSOperationQueue

The callback queue in which the completion block is called.

completion

Block

Returning mapping of group to description.

Related scan date.

Latest Device Risk Status

Get more information regarding the latest status.

Copy

+ (void)getRisksWithCallbackQueue:(NSOperationQueue * _Nonnull)callbackQueue completion:
(void (^_Nonnull)(NSArray<SBMRisk *> * _Nullable risks, NSDate * _Nullable lastSuccessfullScanDate))completion;

Parameters:

Parameter	Type	Description
callbackQueue	NSOperationQueue	The callback queue in which the completion block is called.
completion	Block	Contains object representation of the status and the last successful scan date.

Identify Device Risks

Search for a specific type of risk (for example, jailbreak and outdated OS version) in a given array of risks.

Copy

+ (BOOL)isRisks:(NSArray<AppProtectRisk *> * _Nonnull)risks 
hasDetection:(AppProtectClientDetectionType)type;

Parameters:

Parameter	Type	Description
risks	NSArray<AppProtectRisk *>	Array of risks detected on the device.
hasDetection	AppProtectClientDetectionType	Detection type to search in the risks array.

Group Name for Detection Type

Get the group name for a specific detection type.

Copy

+ (NSSet<NSString *> *_Nonnull)groupNamesForDetectionType:(AppProtectClientDetectionType)type;

Parameters:

Parameter	Type	Description
for	AppProtectClientDetectionType	The detection type for which you want the group name.

Logs

The method set the logger type.

Copy

+ (void)setLoggerType:(SBMClientLoggerType)loggerType;

Parameters:

Parameter	Type	Description
loggerType	SBMClientLoggerType	The logger type (debug or release)

The method set the logger file handle.

Copy

+ (void)setLoggerOutput:(NSFileHandle * _Nullable)fileHandle;

Parameters:

Parameter	Type	Description
fileHandle	NSFileHandle	The file handle to the log file. The file must be open and ready for write operations. Set this to nil before you close the file handle.

Version

The method returns the Harmony App Protect version.

Copy

+ (NSString * _Nonnull)getVersion;

Text Protection

Protecting Text Field

Allows users to enter and detele data in the app's UI text fields. Prevents all other actions, such as copy and paste.

Copy

public class AppProtectSecureTextField : UITextField

Protecting Text View

Prevents highlight and copy actions on the app's UI text fields.

Copy

public class AppProtectSecureTextView : UITextView

Screen Capture Protection

CoverScreenOnScreenRecording

Hides the application behind a black screen when recording the application activity on your mobile device, to protect sensitive information.

Copy

+ (void)enableCoverScreenOnScreenRecording:(BOOL)enabled;

Parameters:

Parameter	Type	Description
enabled	Boolean	True - CoverScreenOnScreenRecording is enabled. False - CoverScreenOnScreenRecording is disabled.

Note - In iOS devices, you can only prevent recording of the screen, but cannot prevent capturing of screenshots.

CoverScreenInBackground

Hides the application behind a black screen when navigating screens on your iOS device, to protect sensitive information.

Copy

+ (void)enableCoverScreenInBackground:(BOOL)enabled;

Parameters:

Parameter	Type	Description
enabled	Boolean	True - CoverScreenInBackground is enabled. False - CoverScreenInBackground is disabled.

Examples of the API response

These are the options to the Harmony App Protect's responses for getCurrentStatus and getDetails APIs:

getCurrentStatus returns a dictionary represented in JSON string.
getRisks returns an array of SBMRisk objects.

MiTM attack (SSL Secure Sockets Layer. The standard security technology for establishing an encrypted link between a web server and a browser. stripping , SSL Interception - invalid certificate or pinning):

getCurrentStatus:

Copy

{"MITM": "Detected possible man-in-the-middle attack attempt. 
This attack allows unauthorized 3rd party to gain access to the device\'s network traffic, 
which may contain sensitive information such as emails, user names, passwords etc."}

getRisks:

Copy

[{"findings" : ["group" : "MITM","threatFactors" : 
["MITM_SSL_STRIPING", “MITM_INVALID_CERT", “MITM_CERT_PINNING_FAIL"]}],"metadata" : 
{"type" : "network", {"value" : "my home" }}]

Jailbroken device (regular , advanced):

getCurrentStatus:

Copy

["JAILBROKEN_ROOTED": "The device has been found to be rooted using an advanced logic"]

getRisks:

Copy

[{"findings" : ["group" : " JAILBROKEN_ROOTED ","threatFactors" : 
[“JAILBROKEN", "JAILBREAK_ADV"]}],"metadata" : {"type" : " jailbreak "}}]

Enterprise certificate (enterprise , developer):

getCurrentStatus:

Copy

["SUSPICIOUS_ENTERPRISE_CERTIFICATE": "An enterprise certificate profile is
installed on the device, enterprise certificate should only be used for official internal apps. 
It can be abused by malicious app"]

getDetails:

Copy

[{"findings" : ["group" : "SUSPICIOUS_ENTERPRISE_CERTIFICATE","threatFactors" : 
[“IOS__DEVELOPER_PROFILE", “IOS__ENTERPRISE_PROFILE"]}],"metadata" : 
{"type" : "trusted_certificate", "value" : "iPhone Distribution: My Company LTD"}}]

No risk was detected:
1. getCurrentStatus:
  - Empty dictionary (JSON).
2. getDetails:
  - Empty array (SBMRisks).

If there are multiple risks detected:
- getCurrentStatus contains all key-value pairs according to the list above.
- getRisks contains all findings according to the list above.

Additional Classes / Enums

To set the logger level:

Copy

typedef NS_ENUM(NSInteger, SBMClientLoggerType) {
    SBMClientLoggerTypeDebug,
    SBMClientLoggerTypeRelease
};

To determine the enum for the different detection types, the Harmony App Protect can run:

Copy

typedef NS_ENUM(NSInteger, SBMClientDetectionType) {
    SBMClientDetectionTypeJailbreak,
    SBMClientDetectionTypeTrustedCertificate,
    SBMClientDetectionTypeNetwork
};

To represent the result of a registration:

Copy

typedef NS_ENUM(NSInteger, SBMClientRegistrationResult) {
    SBMClientRegistrationResultUnknown,
    SBMClientRegistrationResultNetworkError,
    SBMClientRegistrationResultInvalidInput,
    SBMClientRegistrationResultSuccess
};

To represent the result of a scan request:

Copy

typedef NS_ENUM(NSInteger, SBMClientScanResult) {
    SBMClientScanResultNotInitialized,
    SBMClientScanResultTimeout,
    SBMClientScanResultFailure,
    SBMClientScanResultFeatureDisabled,
    SBMClientScanResultSuccess
}; 
 
@interface SBMScanResult : NSObject {}
 
@property (nonatomic, readonly) SBMClientDetectionType detectionType;
@property (nonatomic, readonly) SBMClientScanResult result;
 
@end