Note: The latest $VERSION
is 2324.87.01
The Mobile Protect SDK for native Android apps is distributed via Maven. This document will take you through the steps to integrate SDK into your build system. For other guides, check out Mobile Protect Installation Guides
To fetch the Mobile Protect SDK for Android via Maven, an API key is needed. You can find it on our portal by going to active protection and clicking “protect mobile apps”. If you haven’t received an API key for Mobile Protecthave issues getting that key, please contact us.
Stating with v23, we introduced a new Gradle plugin, available on our Maven repository. This plugin now automatically installs required dependencies and is applied at the project level. You no longer need to manually install a jar.
...
Code Block |
---|
allprojects { repositories { mavenCentral() google() //Mobile Protect Maven Repository maven { credentials { //Leave the username as "MAVEN" username "MAVEN" password "$MOBILEPROTECT_REPO_API_KEY" } url "https://mobile-protect-repos.securetheorem.com/mobileprotect-android" } } } |
Security Note: To avoid a hard-coded credential within the build.gradle
file, which may be exposed in a VCS, it is recommended to set it up as an environment variable or use the local.properties
file.Note: If you use settings for dependency management (for ex. if you see the error “Build was configured to prefer settings repositories over project repositories”) the Data Theorem repository will need to be added in settings.gradle
under dependencyResolutionManagement->repositories
Step 2: Configure the Mobile Protect API Key
...
Note: If you chose the global option, make sure to set the environment variable GRADLE_USER_HOME
to ~/.gradle
.
That key is NOT SENSITIVE. The key is only used to download the Mobile Protect SDK, but cannot be used to pull any data from the app nor the backend. A different and more secure key is required for pulling data. It is safe to commit in your repository.
Step 3: Add the Mobile Protect Gradle Plugin
...
Now you're ready to initialize the SDK. Within your application's main Application class, preferably in the onCreate()
method, add the following initializing code:
Code Block |
---|
import com.datatheorem.mobileprotect.MobileProtect [...] class YourApplication : Application() { override fun onCreate() { [...] MobileProtect.init(this, R.xml.mobileprotect); [...] } [...] } |
Results
Please visit https://www.securetheorem.com/mobile/protect to see the list of your apps and the state of protection, along with the individual protection item details.
Optional: Enable Anti-fraud
To enable the anti-fraud feature of MobileProtect, you need to have at least version 24.5 installed, and then in your build.gradle
enable the anti-fraud feature like this:
Code Block |
---|
MobileProtectPluginConfiguration {
enableAntiFraud = true
} |
Optional: Add TrustKit certificate pinning
https://datatheorem.atlassian.net/servicedesk/customer/portal/1/article/2044461101
Optional: Enable static obfuscation
https://datatheorem.atlassian.net/wiki/x/EgDcgQ
Optional: Disable for specific tasks
If your app uses some other bytecode modifying tools such as Jacoco for code coverage, it might create conflicts, MobileProtect offers you the possibility to disable it for those specific tasks.
For example, to disable it when running gradle testCoverage
, you can add this config in your root build.gradle
Code Block |
---|
MobileProtectPluginConfiguration {
excludeForTasks = mutableListOf("testCoverage")
} |
Hilt compatibility:
If you are using Dagger Hilt, you may need to add the following config to your App’s build.gradleadditional configuration.
Starting with 24.2.0, we introduced a hilt compatibility option in our plugin if you are still facing issues with dagger hilt:
Code Block |
---|
MobileProtectPluginConfiguration {
enableHiltCompatibility = true
} |
With older versions, you may need to configure hilt in the app’s build.gradle
with the following:
Code Block |
---|
hilt { enableAggregatingTask = false enableExperimentalClasspathAggregation = true } |
...