release: freeRASP 4.4.0 (#139)

* feat: prevent multi registration of listener

* chore: update tsconfig

* feat: update listeners registration

* feat: add threat caching

* feat: refactor listener registration

* feat: add automation check

* chore: update example app

* chore: raise version

* feat: raise compileSdk version

* update the android sdk, implement ios cache + align api

* chore: remove import

* rename wrapper -> plugin

* chore: refactor internal listener

* feat: improve context handling on android native

Author: tompsota

CHANGELOG.md

@@ -5,7 +5,56 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [4.3.2] - 2025-01-03
+## [4.4.0] - 2026-02-06
+
+- Android SDK version: 18.0.1
+- iOS SDK version: 6.13.0
+
+### React Native
+
+#### Added
+
+- Added cache for freeRASP callbacks when listener is not registered with the app
+- Added API for `automation` callback into `ThreatEventActions` (Android only)
+
+#### Fixed
+
+- Prevent multiple registration of the freeRASP listeners on the native side
+
+#### Changed
+
+- Updated compile and target SDK versions to 36 on Android
+- Higher compileSdk from [rootProject, plugin] is now used in build.gradle on Android
+
+### Android
+
+#### Added
+
+- Added support for `KernelSU` to the existing root detection capabilities
+- Added support for `HMA` to the existing root detection capabilities
+- Added new malware detection capabilities
+- Added `onAutomationDetected()` callback to `ThreatDetected` interface
+  - We are introducing a new capability, detecting whether the device is being automated using tools like Appium
+- Added value restrictions to `externalId`
+  - Method `storeExternalId()` now returns `ExternalIdResult`, which indicates `Success` or `Error` when `externalId` violates restrictions
+
+#### Fixed
+
+- Fixed exception handling for the KeyStore `getEntry` operation
+- Fixed issue in `ScreenProtector` concerning the `onScreenRecordingDetected` invocations
+- Merged internal shared libraries into a single one, reducing the final APK size
+- Fixed bug related to key storing in keystore type detection (hw-backed keystore check)
+- Fixed manifest queries merge
+
+#### Changed
+
+- Removed unused library `tmlib`
+- Refactoring of signature verification code
+- Updated compile and target API to 36
+- Improved root detection capabilities
+- Detection of wireless ADB added to ADB detections
+
+## [4.3.2] - 2026-01-03
 
 - Android SDK version: 17.0.1
 - iOS SDK version: 6.13.0

android/build.gradle

@@ -44,8 +44,14 @@ def getDefault(name) {
   return project.properties["FreeraspReactNative_" + name]
 }
 
+def getMaxVersion(name) {
+  def rootVersion = rootProject.ext.has(name) ? rootProject.ext.get(name).toInteger() : 0
+  def pluginVersion = getIntegerDefault(name)
+  return Math.max(rootVersion, pluginVersion)
+}
+
 android {
-  compileSdkVersion getIntegerDefault("compileSdkVersion")
+  compileSdk getMaxVersion("compileSdk")
 
   defaultConfig {
     minSdkVersion getIntegerDefault("minSdkVersion")
@@ -99,7 +105,7 @@ dependencies {
   implementation "com.facebook.react:react-native:$react_native_version"
   implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
   implementation "org.jetbrains.kotlinx:kotlinx-serialization-json:1.4.1"
-  implementation "com.aheaditec.talsec.security:TalsecSecurity-Community-ReactNative:17.0.1"
+  implementation "com.aheaditec.talsec.security:TalsecSecurity-Community-ReactNative:18.0.2"
 }
 
 if (isNewArchitectureEnabled()) {

android/gradle.properties

@@ -1,6 +1,6 @@
 FreeraspReactNative_kotlinVersion=2.1.0
 FreeraspReactNative_minSdkVersion=23
-FreeraspReactNative_targetSdkVersion=35
-FreeraspReactNative_compileSdkVersion=35
+FreeraspReactNative_targetSdkVersion=36
+FreeraspReactNative_compileSdk=36
 FreeraspReactNative_ndkversion=21.4.7075529
 FreeraspReactNative_reactNativeVersion=+

android/src/main/java/com/freeraspreactnative/FreeraspReactNativeModule.kt

@@ -4,6 +4,7 @@ import android.os.Build
 import android.os.Handler
 import android.os.HandlerThread
 import android.os.Looper
+import com.aheaditec.talsec_security.security.api.ExternalIdResult
 import com.aheaditec.talsec_security.security.api.SuspiciousAppInfo
 import com.aheaditec.talsec_security.security.api.Talsec
 import com.aheaditec.talsec_security.security.api.TalsecConfig
@@ -22,6 +23,8 @@ import com.facebook.react.modules.core.DeviceEventManagerModule
 import com.freeraspreactnative.events.BaseRaspEvent
 import com.freeraspreactnative.events.RaspExecutionStateEvent
 import com.freeraspreactnative.events.ThreatEvent
+import com.freeraspreactnative.interfaces.PluginExecutionStateListener
+import com.freeraspreactnative.interfaces.PluginThreatListener
 import com.freeraspreactnative.utils.Utils
 import com.freeraspreactnative.utils.getArraySafe
 import com.freeraspreactnative.utils.getBooleanSafe
@@ -33,7 +36,6 @@ import com.freeraspreactnative.utils.toEncodedWritableArray
 class FreeraspReactNativeModule(private val reactContext: ReactApplicationContext) :
   ReactContextBaseJavaModule(reactContext) {
 
-  private val listener = ThreatListener(FreeraspThreatHandler, FreeraspThreatHandler, FreeraspThreatHandler)
   private val lifecycleListener = object : LifecycleEventListener {
     override fun onHostResume() {
       if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
@@ -57,7 +59,6 @@ class FreeraspReactNativeModule(private val reactContext: ReactApplicationContex
   }
 
   init {
-    appReactContext = reactContext
     reactContext.addLifecycleEventListener(lifecycleListener)
     initializeEventKeys()
   }
@@ -69,8 +70,7 @@ class FreeraspReactNativeModule(private val reactContext: ReactApplicationContex
 
     try {
       val config = buildTalsecConfig(options)
-      FreeraspThreatHandler.listener = ThreatListener
-      listener.registerListener(reactContext)
+      PluginThreatHandler.registerListener(reactContext)
       runOnUiThread {
         Talsec.start(reactContext, config, TalsecMode.BACKGROUND)
         mainHandler.post {
@@ -147,13 +147,30 @@ class FreeraspReactNativeModule(private val reactContext: ReactApplicationContex
   }
 
   @ReactMethod
-  fun addListener(@Suppress("UNUSED_PARAMETER") eventName: String) {
-    // Set up any upstream listeners or background tasks as necessary
+  fun addListener(eventName: String) {
+    if (eventName == ThreatEvent.CHANNEL_NAME) {
+      PluginThreatHandler.threatDispatcher.listener = PluginListener(reactContext)
+    }
+    if (eventName == RaspExecutionStateEvent.CHANNEL_NAME) {
+      PluginThreatHandler.executionStateDispatcher.listener = PluginListener(reactContext)
+    }
   }
 
   @ReactMethod
   fun removeListeners(@Suppress("UNUSED_PARAMETER") count: Int) {
-    // Remove upstream listeners, stop unnecessary background tasks
+    // built-in RN method, however it does not suit us as it just tells
+    // number of un-registered listeners, so we use `removeListenerForEvent`
+  }
+
+  @ReactMethod
+  fun removeListenerForEvent(eventName: String, promise: Promise) {
+    if (eventName == ThreatEvent.CHANNEL_NAME) {
+      PluginThreatHandler.threatDispatcher.listener = null
+    }
+    if (eventName == RaspExecutionStateEvent.CHANNEL_NAME) {
+      PluginThreatHandler.executionStateDispatcher.listener = null
+    }
+    promise.resolve("Listener unregistered")
   }
 
   /**
@@ -218,17 +235,41 @@ class FreeraspReactNativeModule(private val reactContext: ReactApplicationContex
 
   @ReactMethod
   fun storeExternalId(
-      externalId: String, promise: Promise
+    externalId: String, promise: Promise
   ) {
-      try {
-          Talsec.storeExternalId(reactContext, externalId)
-          promise.resolve("OK - Store external ID")
-      } catch (e: Exception) {
+    try {
+      when (val result = Talsec.storeExternalId(reactContext, externalId)) {
+        is ExternalIdResult.Error -> {
           promise.reject(
-              "NativePluginError",
-              "Error during storeExternalId operation in Talsec Native Plugin"
+            "ExternalIdError",
+            "Setting up External ID failed - ${result.errorMsg}"
           )
+        }
+
+        is ExternalIdResult.Success -> {
+          promise.resolve("OK - Store external ID")
+          return
+        }
       }
+    } catch (e: Exception) {
+      promise.reject(
+        "NativePluginError",
+        "Error during storeExternalId operation in Talsec Native Plugin"
+      )
+    }
+  }
+
+  @ReactMethod
+  fun removeExternalId(promise: Promise) {
+    try {
+      Talsec.removeExternalId(reactContext)
+      promise.resolve("OK - External ID removed")
+    } catch (e: Exception) {
+      promise.reject(
+        "NativePluginError",
+        "Error during storeExternalId operation in Talsec Native Plugin"
+      )
+    }
   }
 
   private fun buildTalsecConfig(config: ReadableMap): TalsecConfig {
@@ -260,11 +301,9 @@ class FreeraspReactNativeModule(private val reactContext: ReactApplicationContex
     private val backgroundHandler = Handler(backgroundHandlerThread.looper)
     private val mainHandler = Handler(Looper.getMainLooper())
 
-    private lateinit var appReactContext: ReactApplicationContext
-
     internal var talsecStarted = false
 
-    private fun notifyEvent(event: BaseRaspEvent) {
+    private fun notifyEvent(event: BaseRaspEvent, appReactContext: ReactApplicationContext) {
       val params = Arguments.createMap()
       params.putInt(event.channelKey, event.value)
       appReactContext.getJSModule(DeviceEventManagerModule.RCTDeviceEventEmitter::class.java)
@@ -274,7 +313,7 @@ class FreeraspReactNativeModule(private val reactContext: ReactApplicationContex
     /**
      * Sends malware detected event to React Native
      */
-    private fun notifyMalware(suspiciousApps: MutableList<SuspiciousAppInfo>) {
+    private fun notifyMalware(suspiciousApps: MutableList<SuspiciousAppInfo>, appReactContext: ReactApplicationContext) {
       // Perform the malware encoding on a background thread
       backgroundHandler.post {
 
@@ -294,17 +333,17 @@ class FreeraspReactNativeModule(private val reactContext: ReactApplicationContex
     }
   }
 
-  internal object ThreatListener : FreeraspThreatHandler.TalsecReactNative {
+  internal class PluginListener(private val reactContext: ReactApplicationContext) : PluginThreatListener, PluginExecutionStateListener {
     override fun threatDetected(threatEventType: ThreatEvent) {
-      notifyEvent(threatEventType)
+      notifyEvent(threatEventType, reactContext)
     }
 
     override fun malwareDetected(suspiciousApps: MutableList<SuspiciousAppInfo>) {
-      notifyMalware(suspiciousApps)
+      notifyMalware(suspiciousApps, reactContext)
     }
 
     override fun raspExecutionStateChanged(event: RaspExecutionStateEvent) {
-      notifyEvent(event)
+      notifyEvent(event, reactContext)
     }
   }
 }