Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Note: The latest $VERSION is 2324.67.01

The Mobile Protect SDK for native Android apps is distributed via Maven. This document will take you through the steps to integrate SDK into your build system. For other guides, check out Mobile Protect Installation Guides

To fetch the Mobile Protect SDK for Android via Maven, an API key is needed. You can find it on our portal by going to active protection and clicking “protect mobile apps”. If you haven’t received an API key for Mobile Protecthave issues getting that key, please contact us.

Stating with v23, we introduced a new Gradle plugin, available on our Maven repository. This plugin now automatically installs required dependencies and is applied at the project level. You no longer need to manually install a jar.

...

Code Block
allprojects {
    repositories {
        mavenCentral()
        google()
        //Mobile Protect Maven Repository
        maven {
            credentials {
                //Leave the username as "MAVEN"
                username "MAVEN"
                password "$MOBILEPROTECT_REPO_API_KEY"
            }
            url "https://mobile-protect-repos.securetheorem.com/mobileprotect-android"
        }
    }
}

Security Note: To avoid a hard-coded credential within the build.gradle file, which may be exposed in a VCS, it is recommended to set it up as an environment variable or use the local.properties file.Note: If you use settings for dependency management (for ex. if you see the error “Build was configured to prefer settings repositories over project repositories”) the Data Theorem repository will need to be added in settings.gradle under dependencyResolutionManagement->repositories

Step 2: Configure the Mobile Protect API Key

...

Note: If you chose the global option, make sure to set the environment variable GRADLE_USER_HOME to ~/.gradle.

That key is NOT SENSITIVE. The key is only used to download the Mobile Protect SDK, but cannot be used to pull any data from the app nor the backend. A different and more secure key is required for pulling data. It is safe to commit in your repository.

Step 3: Add the Mobile Protect Gradle Plugin

...

In the Android project, create the xml directory (/app/src/main/res/xml) if it does not exist. Then, copy the mobileprotect.xml config file into the xml resources folder.

The XML file contains an AUTH_TOKEN key; however, the key is NOT SENSITIVE. The key is only used to identify the data sent by Mobile Protect to the backend, but cannot be used to pull any data from the app nor the backend. A different and more secure key is required for pulling data. It is safe to commit and have the token in the .apk as it is used as an identifier, similar to Google's Firebase: https://firebase.google.com/docs/projects/api-keys

Step 5: Start Mobile Protect

Now you're ready to initialize the SDK. Within your application's main Application class, preferably in the onCreate() method, add the following initializing code:

Code Block
import com.datatheorem.mobileprotect.MobileProtect
[...]
class YourApplication : Application() {
    override fun onCreate() {
      [...]
       MobileProtect.init(this, R.xml.mobileprotect);
      [...]
    }
    [...]
}

Results

Please visit https://www.securetheorem.com/mobile/protect to see the list of your apps and the state of protection, along with the individual protection item details.

Optional: Enable Anti-fraud

To enable the anti-fraud feature of MobileProtect, you need to have at least version 24.5 installed, and then in your build.gradle enable the anti-fraud feature like this:

Code Block
MobileProtectPluginConfiguration {
  enableAntiFraud = true
}

Optional: Add TrustKit certificate pinning

https://datatheorem.atlassian.net/servicedesk/customer/portal/1/article/2044461101

Optional: Enable static obfuscation

https://datatheorem.atlassian.net/wiki/x/EgDcgQ

Optional: Disable for specific tasks

If your app uses some other bytecode modifying tools such as Jacoco for code coverage, it might create conflicts, MobileProtect offers you the possibility to disable it for those specific tasks.

For example, to disable it when running gradle testCoverage, you can add this config in your root build.gradle

Code Block
MobileProtectPluginConfiguration {
    excludeForTasks = mutableListOf("testCoverage")
}

Hilt compatibility:

If you are using Dagger Hilt, you may need to add the following config to your App’s build.gradleadditional configuration.

Starting with 24.2.0, we introduced a hilt compatibility option in our plugin if you are still facing issues with dagger hilt:

Code Block
MobileProtectPluginConfiguration {
    enableHiltCompatibility = true
}

With older versions, you may need to configure hilt in the app’s build.gradle with the following:

Code Block
hilt {
    enableAggregatingTask = false
    enableExperimentalClasspathAggregation = true
}

...