release: freeRASP 2.5.0

CHANGELOG.md

@@ -5,6 +5,55 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.5.0] - 2026-03-03
+
+- Android SDK version: 18.0.4
+- iOS SDK version: 6.14.1
+
+### Capacitor
+
+#### Changed
+
+- Refactor the Android plugin to separate the logic for managing listener states
+
+### Android
+
+#### Added
+
+- Added support for `KernelSU` to the existing root detection capabilities
+- Added support for `HMA` to the existing root detection capabilities
+- Added new malware detection capabilities
+- Added `onAutomationDetected()` callback to `ThreatDetected` interface
+  - We are introducing a new capability, detecting whether the device is being automated using tools like Appium
+- Added value restrictions to `externalId`
+  - Method `storeExternalId()` now returns `ExternalIdResult`, which indicates `Success` or `Error` when `externalId` violates restrictions
+
+#### Fixed
+
+- Fixed exception handling for the KeyStore `getEntry` operation
+- Fixed issue in `ScreenProtector` concerning the `onScreenRecordingDetected` invocations
+- Merged internal shared libraries into a single one, reducing the final APK size
+- Fixed bug related to key storing in keystore type detection (hw-backed keystore check)
+- Fixed manifest queries merge
+
+#### Changed
+
+- Removed unused library `tmlib`
+- Refactoring of signature verification code
+- Updated compile and target API to 36
+- Improved root detection capabilities
+- Detection of wireless ADB added to ADB detections
+
+### iOS
+
+#### Added
+
+- Added time spoofing detection, detecting an inaccurate device clock. It is a new threat `timeSpoofing`.
+
+#### Changed
+
+- Improved jailbreak detection methods.
+
 ## [2.4.1] - 2026-02-13
 
 - Android SDK version: 18.0.2

android/build.gradle

@@ -76,5 +76,5 @@ dependencies {
     androidTestImplementation "androidx.test.ext:junit:$androidxJunitVersion"
     androidTestImplementation "androidx.test.espresso:espresso-core:$androidxEspressoCoreVersion"
 
-    implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Capacitor:18.0.2'
+    implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Capacitor:18.0.4'
 }

android/src/main/java/com/aheaditec/freerasp/FreeraspPlugin.kt

@@ -29,30 +29,30 @@ typealias CapacitorCallback = (String, JSObject) -> Unit
 @CapacitorPlugin(name = "Freerasp")
 class FreeraspPlugin : Plugin() {
 
-    private var registered = true
-
     override fun load() {
         initializeEventKeys()
+        val pluginCallback: CapacitorCallback = { eventName, data ->
+            notifyListeners(eventName, data, true)
+        }
+        PluginThreatHandler.initializeDispatchers(PluginListener(context, pluginCallback))
         super.load()
     }
 
     @PluginMethod
     fun talsecStart(call: PluginCall) {
+        if (talsecStarted) {
+            call.resolve(JSObject().put("started", true))
+            return
+        }
+
         val config = call.getObject("config")
         if (config == null) {
             call.reject("Missing config parameter in freeRASP Native Plugin")
             return
         }
         try {
             val talsecConfig = buildTalsecConfigThrowing(config)
-
-            val pluginCallback: CapacitorCallback = { eventName, data ->
-                notifyListeners(eventName, data, true)
-            }
-
-            PluginThreatHandler.threatDispatcher.listener = PluginListener(context, pluginCallback)
-            PluginThreatHandler.executionStateDispatcher.listener = PluginListener(context, pluginCallback)
-            PluginThreatHandler.registerListener(context)
+            PluginThreatHandler.registerSDKListener(context)
 
             bridge.activity.runOnUiThread {
                 Talsec.start(context, talsecConfig)
@@ -75,35 +75,49 @@ class FreeraspPlugin : Plugin() {
         }
     }
 
-    override fun handleOnStart() {
-        super.handleOnStart()
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
-            ScreenProtector.register(activity)
+    @PluginMethod(returnType = PluginMethod.RETURN_NONE)
+    override fun addListener(call: PluginCall) {
+        val eventName = call.getString("eventName")
+        if (eventName == ThreatEvent.CHANNEL_NAME) {
+            PluginThreatHandler.threatDispatcher.registerListener()
+        }
+        if (eventName == RaspExecutionStateEvent.CHANNEL_NAME) {
+            PluginThreatHandler.executionStateDispatcher.registerListener()
+        }
+        super.addListener(call)
+    }
+
+    @PluginMethod(returnType = PluginMethod.RETURN_NONE)
+    fun removeListenerForEvent(call: PluginCall) {
+        val eventName = call.getString("eventName")
+        if (eventName == ThreatEvent.CHANNEL_NAME) {
+            PluginThreatHandler.threatDispatcher.unregisterListener()
+        }
+        if (eventName == RaspExecutionStateEvent.CHANNEL_NAME) {
+            PluginThreatHandler.executionStateDispatcher.unregisterListener()
         }
     }
 
     override fun handleOnPause() {
         super.handleOnPause()
+        PluginThreatHandler.threatDispatcher.onPause()
+        PluginThreatHandler.executionStateDispatcher.onPause()
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
+            ScreenProtector.unregister(activity)
+        }
         if (activity.isFinishing) {
-            PluginThreatHandler.unregisterListener(context)
-            registered = false
-            PluginThreatHandler.threatDispatcher.listener = null
-            PluginThreatHandler.executionStateDispatcher.listener = null
+            PluginThreatHandler.threatDispatcher.unregisterListener()
+            PluginThreatHandler.executionStateDispatcher.unregisterListener()
+            PluginThreatHandler.unregisterSDKListener(context)
         }
     }
 
     override fun handleOnResume() {
         super.handleOnResume()
-        if (!registered) {
-            registered = true
-            PluginThreatHandler.registerListener(context)
-        }
-    }
-
-    override fun handleOnStop() {
-        super.handleOnStop()
+        PluginThreatHandler.threatDispatcher.onResume()
+        PluginThreatHandler.executionStateDispatcher.onResume()
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
-            ScreenProtector.unregister(activity)
+            ScreenProtector.register(activity)
         }
     }
 
@@ -317,16 +331,33 @@ class FreeraspPlugin : Plugin() {
         private val mainHandler = Handler(Looper.getMainLooper())
 
         internal var talsecStarted = false
+    }
 
-        internal fun notifyEvent(
+    internal class PluginListener(
+        private val context: Context,
+        private val pluginCallback: CapacitorCallback
+    ) : PluginThreatListener, PluginExecutionStateListener {
+        override fun threatDetected(threatEventType: ThreatEvent) {
+            notifyEvent(threatEventType, pluginCallback)
+        }
+
+        override fun malwareDetected(suspiciousApps: MutableList<SuspiciousAppInfo>) {
+            notifyMalware(suspiciousApps, context, pluginCallback)
+        }
+
+        override fun raspExecutionStateChanged(event: RaspExecutionStateEvent) {
+            notifyEvent(event, pluginCallback)
+        }
+
+        private fun notifyEvent(
             event: BaseRaspEvent,
             notifyListenersCallback: CapacitorCallback
         ) {
             val params = JSObject().put(event.channelKey, event.value)
             notifyListenersCallback(event.channelName, params)
         }
 
-        internal fun notifyMalware(
+        private fun notifyMalware(
             suspiciousApps: MutableList<SuspiciousAppInfo>,
             context: Context,
             notifyListenersCallback: CapacitorCallback
@@ -345,21 +376,4 @@ class FreeraspPlugin : Plugin() {
             }
         }
     }
-
-    internal class PluginListener(
-        private val context: Context,
-        private val pluginCallback: CapacitorCallback
-    ) : PluginThreatListener, PluginExecutionStateListener {
-        override fun threatDetected(threatEventType: ThreatEvent) {
-            notifyEvent(threatEventType, pluginCallback)
-        }
-
-        override fun malwareDetected(suspiciousApps: MutableList<SuspiciousAppInfo>) {
-            notifyMalware(suspiciousApps, context, pluginCallback)
-        }
-
-        override fun raspExecutionStateChanged(event: RaspExecutionStateEvent) {
-            notifyEvent(event, pluginCallback)
-        }
-    }
 }

android/src/main/java/com/aheaditec/freerasp/PluginThreatHandler.kt

@@ -10,8 +10,13 @@ import com.aheaditec.freerasp.events.ThreatEvent
 
 internal object PluginThreatHandler {
 
-    internal val threatDispatcher = ThreatDispatcher()
-    internal val executionStateDispatcher = ExecutionStateDispatcher()
+  internal lateinit var threatDispatcher: ThreatDispatcher
+  internal lateinit var executionStateDispatcher: ExecutionStateDispatcher
+
+    fun initializeDispatchers(listener: FreeraspPlugin.PluginListener) {
+        threatDispatcher = ThreatDispatcher(listener)
+        executionStateDispatcher = ExecutionStateDispatcher(listener)
+    }
 
     private val threatDetected = object : ThreatListener.ThreatDetected() {
 
@@ -111,11 +116,11 @@ internal object PluginThreatHandler {
 
     private val internalListener = ThreatListener(threatDetected, deviceState, raspExecutionState)
 
-    internal fun registerListener(context: Context) {
+    internal fun registerSDKListener(context: Context) {
         internalListener.registerListener(context)
     }
 
-    internal fun unregisterListener(context: Context) {
+    internal fun unregisterSDKListener(context: Context) {
         internalListener.unregisterListener(context)
     }
 }

android/src/main/java/com/aheaditec/freerasp/dispatchers/ExecutionStateDispatcher.kt

@@ -3,36 +3,53 @@ package com.aheaditec.freerasp.dispatchers
 import com.aheaditec.freerasp.events.RaspExecutionStateEvent
 import com.aheaditec.freerasp.interfaces.PluginExecutionStateListener
 
-internal class ExecutionStateDispatcher {
+internal class ExecutionStateDispatcher(private val listener: PluginExecutionStateListener) {
     private val cache = mutableSetOf<RaspExecutionStateEvent>()
 
-    var listener: PluginExecutionStateListener? = null
-        set(value) {
-            field = value
-            if (value != null) {
-                flushCache(value)
-            }
+    private var isAppInForeground = false
+    private var isListenerRegistered = false
+
+    fun registerListener() {
+        isListenerRegistered = true
+        isAppInForeground = true
+        flushCache()
+    }
+
+    fun unregisterListener() {
+        isListenerRegistered = false
+        isAppInForeground = false
+    }
+
+    fun onResume() {
+        isAppInForeground = true
+        if (isListenerRegistered) {
+            flushCache()
         }
+    }
+
+    fun onPause() {
+        isAppInForeground = false
+    }
 
     fun dispatch(event: RaspExecutionStateEvent) {
-        val checkedListener = synchronized(cache) {
-            val currentListener = listener
-            if (currentListener != null) {
-                currentListener
-            } else {
+        if (isAppInForeground && isListenerRegistered) {
+            listener.raspExecutionStateChanged(event)
+        } else {
+            synchronized(cache) {
                 cache.add(event)
-                null
             }
         }
-        checkedListener?.raspExecutionStateChanged(event)
     }
 
-    private fun flushCache(registeredListener: PluginExecutionStateListener) {
+    private fun flushCache() {
+        if (!isListenerRegistered || !isAppInForeground) {
+            return
+        }
         val events = synchronized(cache) {
             val snapshot = cache.toSet()
             cache.clear()
             snapshot
         }
-        events.forEach { registeredListener.raspExecutionStateChanged(it) }
+        events.forEach { listener.raspExecutionStateChanged(it) }
     }
 }