Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 53 Next »

Note: The latest $VERSION is 24.5.0

The Mobile Protect SDK for native Android apps is distributed via Maven. This document will take you through the steps to integrate SDK into your build system. For other guides, check out Mobile Protect Installation Guides

To fetch the Mobile Protect SDK for Android via Maven, an API key is needed. You can find it on our portal by going to active protection and clicking “protect mobile apps”. If you have issues getting that key, please contact us.

Stating with v23, we introduced a new Gradle plugin, available on our Maven repository. This plugin now automatically installs required dependencies and is applied at the project level. You no longer need to manually install a jar.

Follow this documentation to install Mobile Protect v23 and this documentation to migrate from v22.

The installation guide for v22 is also available here.

Installing Mobile Protect SDK with Maven for v23 and above

This documentation will guide you through the installation of Mobile Protect, if you are already using an older version of Mobile Protect and wish to upgrade, follow the migration guide.

Step 1: Add the Mobile Protect Maven Repository

The Mobile Protect for Android SDK is hosted on a private Maven repository. To be able to fetch the dependency, you must first register the dependency within your Gradle manifest.

You will need to add our repository to the plugin repositories, and declare it in your settings.gradle file:

pluginManagement {
    repositories {
        mavenCentral()
        gradlePluginPortal() //optional: depends on the plugin you are currently using
        google()
        //Mobile Protect Maven Repository
        maven {
            credentials {
                //Leave the username as "MAVEN"
                username "MAVEN"
                password "$MOBILEPROTECT_REPO_API_KEY"
            }
            url "https://mobile-protect-repos.securetheorem.com/mobileprotect-android"
        }
    }
}

Our plugin will then download its project dependencies so you will also need to add our repository to your project’s build.gradle file, add:

allprojects {
    repositories {
        mavenCentral()
        google()
        //Mobile Protect Maven Repository
        maven {
            credentials {
                //Leave the username as "MAVEN"
                username "MAVEN"
                password "$MOBILEPROTECT_REPO_API_KEY"
            }
            url "https://mobile-protect-repos.securetheorem.com/mobileprotect-android"
        }
    }
}

Note: If you use settings for dependency management (for ex. if you see the error “Build was configured to prefer settings repositories over project repositories”) the Data Theorem repository will need to be added in settings.gradle under dependencyResolutionManagement->repositories

Step 2: Configure the Mobile Protect API Key

If you chose to define the API key globally, you can add it to the global Gradle properties in ~/.gradle/gradle.properties (plaintext file) or in your local.properties with:

MOBILEPROTECT_REPO_API_KEY={MOBILEPROTECT_REPO_API_KEY}

Replacing {MOBILEPROTECT_REPO_API_KEY} with the Mobile Protect API key, which can be found in the mobile_protect_sdk_update_api_key.txt file from the zip downloaded in step 1. Do not wrap the key in any quote characters.

Note: If you chose the global option, make sure to set the environment variable GRADLE_USER_HOME to ~/.gradle.

That key is NOT SENSITIVE. The key is only used to download the Mobile Protect SDK, but cannot be used to pull any data from the app nor the backend. A different and more secure key is required for pulling data. It is safe to commit in your repository.

Step 3: Add the Mobile Protect Gradle Plugin

Declare the plugin within your project’s build.gradle as follows:

plugins {
    id "com.dtplugin.mobileprotect" version("$VERSION")
    // if you want to auto update to the latest use: version("+")
}

Note: If you encounter duplication issues because you have both TrustKit and MobileProtect, you can use the com.dtplugin.mobileprotect-notrustkit artefact and keep TrustKit as is.

Step 4: Add the Mobile Protect configuration

In the Android project, create the xml directory (/app/src/main/res/xml) if it does not exist. Then, copy the mobileprotect.xml config file into the xml resources folder.

The XML file contains an AUTH_TOKEN key; however, the key is NOT SENSITIVE. The key is only used to identify the data sent by Mobile Protect to the backend, but cannot be used to pull any data from the app nor the backend. A different and more secure key is required for pulling data. It is safe to commit and have the token in the .apk as it is used as an identifier, similar to Google's Firebase: https://firebase.google.com/docs/projects/api-keys

Step 5: Start Mobile Protect

Now you're ready to initialize the SDK. Within your application's main Application class, preferably in the onCreate() method, add the following initializing code:

import com.datatheorem.mobileprotect.MobileProtect
[...]
class YourApplication : Application() {
    override fun onCreate() {
      [...]
       MobileProtect.init(this, R.xml.mobileprotect);
      [...]
    }
    [...]
}

Results

Please visit https://www.securetheorem.com/mobile/protect to see the list of your apps and the state of protection, along with the individual protection item details.

Optional: Enable Anti-fraud

To enable the anti-fraud feature of MobileProtect, you need to have at least version 24.5 installed, and then in your build.gradle enable the anti-fraud feature like this:

MobileProtectPluginConfiguration {
  enableAntiFraud = true
}

Optional: Add TrustKit certificate pinning

https://datatheorem.atlassian.net/servicedesk/customer/portal/1/article/2044461101

Optional: Enable static obfuscation

https://datatheorem.atlassian.net/wiki/x/EgDcgQ

Optional: Disable for specific tasks

If your app uses some other bytecode modifying tools such as Jacoco for code coverage, it might create conflicts, MobileProtect offers you the possibility to disable it for those specific tasks.

For example, to disable it when running gradle testCoverage, you can add this config in your root build.gradle

MobileProtectPluginConfiguration {
    excludeForTasks = mutableListOf("testCoverage")
}

Hilt compatibility:

If you are using Dagger Hilt, you may need to add additional configuration.

Starting with 24.2.0, we introduced a hilt compatibility option in our plugin if you are still facing issues with dagger hilt:

MobileProtectPluginConfiguration {
    enableHiltCompatibility = true
}

With older versions, you may need to configure hilt in the app’s build.gradle with the following:

hilt {
    enableAggregatingTask = false
    enableExperimentalClasspathAggregation = true
}


Migrating to the maven plugin installation (if you are currently using the mobile-protect-gradle-plugin.jar classpath file)

Step 1: Remove the old dependencies

In your project’s build.gradle, remove the old jar and aspectJ dependencies:

// remove the mobileprotect and aspectJ classpath dependencies
classpath files("PATH_TO/mobile-protect-gradle-plugin.jar")
classpath "org.aspectj:aspectjtools:1.9.4"

You can also remove mobile-protect-gradle-plugin.jar from your project.

In your app’s build.gradle, remove the dependencies and the plugin apply line:

// remove the mobileprotect and safetynet dependencies
dependencies { 
  implementation("com.datatheorem:mobileprotect-android:$VERSION")
  implementation("com.datatheorem:mobileprotect-transformations:$VERSION")
  implementation("com.google.android.gms:play-services-safetynet:$SAFETYNET_VERSION")
}

// remove the plugin apply
apply plugin: 'com.dtplugin.mobileprotect'

Step 2: Add the Mobile Protect Maven plugin repository

You will need to add our repository to the plugin repositories, and declare it in your settings.gradle file:

pluginManagement {
    repositories {
        mavenCentral()
        google()
        //Mobile Protect Maven Repository
        maven {
            credentials {
                //Leave the username as "MAVEN"
                username "MAVEN"
                password "$MOBILEPROTECT_REPO_API_KEY"
            }
            url "https://mobile-protect-repos.securetheorem.com/mobileprotect-android"
        }
    }
}

Step 3: Add the Mobile Protect Gradle Plugin

Declare the plugin within your project’s build.gradle as follows:

plugins {
    id "com.dtplugin.mobileprotect" version("$VERSION")
    // if you want to auto update to the latest use: version("+")
}

  • No labels