Make malware async (#25)

* fix(Android): move malware processing to background thread

* fix(ts): move malware processing to background thread

* feat(example): move malware processing to background thread

* docs: update changelog

* chore(release): freeRASP 1.8.0

* chore: bug fix

Author: tompsota

CHANGELOG.md

@@ -5,6 +5,24 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.8.0] - 2024-12-06
+
+- iOS SDK version:  6.6.3
+- Android SDK version: 13.0.0
+
+### Capacitor
+
+#### Changed
+
+- App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the `getAppIcon` method
+- Parsing of malware data is now async
+
+### Android
+
+#### Changed
+
+- Malware data is now parsed on background thread to improve responsiveness
+
 ## [1.7.0] - 2024-11-19
 
 ### Capacitor

android/src/main/java/com/aheaditec/freerasp/FreeraspPlugin.kt

@@ -1,5 +1,9 @@
 package com.aheaditec.freerasp
 
+import android.os.Handler
+import android.os.HandlerThread
+import android.os.Looper
+import com.aheaditec.freerasp.utils.Utils
 import com.aheaditec.freerasp.utils.getArraySafe
 import com.aheaditec.freerasp.utils.getNestedArraySafe
 import com.aheaditec.freerasp.utils.toEncodedJSArray
@@ -37,7 +41,11 @@ class FreeraspPlugin : Plugin() {
             }
             call.resolve(JSObject().put("started", true))
         } catch (e: Exception) {
-            call.reject("Error during Talsec Native plugin initialization - ${e.message}", "TalsecInitializationError", e)
+            call.reject(
+                "Error during Talsec Native plugin initialization - ${e.message}",
+                "TalsecInitializationError",
+                e
+            )
         }
     }
 
@@ -57,6 +65,11 @@ class FreeraspPlugin : Plugin() {
         }
     }
 
+    override fun handleOnDestroy() {
+        super.handleOnDestroy()
+        backgroundHandlerThread.quitSafely()
+    }
+
     /**
      * Method to get the random identifiers of callbacks
      */
@@ -107,13 +120,44 @@ class FreeraspPlugin : Plugin() {
         call.resolve(JSObject().put("result", true))
     }
 
+    /**
+     * Method retrieves app icon for the given parameter
+     * @param packageName package name of the app we want to retrieve icon for
+     * @return PNG with app icon encoded as a base64 string
+     */
+    @PluginMethod
+    fun getAppIcon(call: PluginCall) {
+        val packageName = call.getString("packageName")
+        if (packageName.isNullOrEmpty()) {
+            call.reject(
+                "Package name argument is missing or empty in the call",
+                "MissingArgumentError"
+            )
+            return
+        }
+        // Perform the app icon encoding on a background thread
+        backgroundHandler.post {
+            val encodedData = Utils.getAppIconAsBase64String(context, packageName)
+            mainHandler.post { call.resolve(JSObject().put("result", encodedData)) }
+        }
+    }
+
     internal fun notifyListeners(threat: Threat) {
         notifyListeners(THREAT_CHANNEL_NAME, JSObject().put(THREAT_CHANNEL_KEY, threat.value), true)
     }
 
     internal fun notifyMalware(suspiciousApps: MutableList<SuspiciousAppInfo>) {
-        notifyListeners(THREAT_CHANNEL_NAME, JSObject().put(THREAT_CHANNEL_KEY, Threat.Malware.value).put(
-            MALWARE_CHANNEL_KEY, suspiciousApps.toEncodedJSArray(context)), true)
+        // Perform the malware encoding on a background thread
+        backgroundHandler.post {
+
+            val encodedSuspiciousApps = suspiciousApps.toEncodedJSArray(context)
+            mainHandler.post {
+                val params = JSObject()
+                    .put(THREAT_CHANNEL_KEY, Threat.Malware.value)
+                    .put(MALWARE_CHANNEL_KEY, encodedSuspiciousApps)
+                notifyListeners(THREAT_CHANNEL_NAME, params, true)
+            }
+        }
     }
 
     private fun buildTalsecConfigThrowing(configJson: JSObject): TalsecConfig {
@@ -140,7 +184,10 @@ class FreeraspPlugin : Plugin() {
             .toString() // name of the channel over which threat callbacks are sent
         private val THREAT_CHANNEL_KEY = (10000..999999999).random()
             .toString() // key of the argument map under which threats are expected
-        val MALWARE_CHANNEL_KEY = (10000..999999999).random()
+        private val MALWARE_CHANNEL_KEY = (10000..999999999).random()
             .toString() // key of the argument map under which malware data is expected
+        private val backgroundHandlerThread = HandlerThread("BackgroundThread").apply { start() }
+        private val backgroundHandler = Handler(backgroundHandlerThread.looper)
+        private val mainHandler = Handler(Looper.getMainLooper())
     }
 }

android/src/main/java/com/aheaditec/freerasp/utils/Extensions.kt

@@ -68,7 +68,7 @@ internal fun PackageInfo.toCapPackageInfo(context: Context): CapPackageInfo {
         packageName = this.packageName,
         appName = Utils.getAppName(context, this.applicationInfo),
         version = this.versionName,
-        appIcon = Utils.getAppIconAsBase64String(context, this.packageName),
+        appIcon = null, // this requires heavier computations, so appIcon has to be retrieved separately
         installerStore = Utils.getInstallationSource(context, this.packageName)
     )
 }

android/src/main/java/com/aheaditec/freerasp/utils/Utils.kt

@@ -74,7 +74,10 @@ internal object Utils {
                 context.packageManager.getInstallerPackageName(packageName)
             }
         } catch (e: Exception) {
-            Log.e("Talsec", "Could not retrieve app installation source for ${packageName}: ${e.message}")
+            Log.e(
+                "Talsec",
+                "Could not retrieve app installation source for ${packageName}: ${e.message}"
+            )
             null
         }
     }

dist/esm/definitions.d.ts

@@ -17,6 +17,11 @@ export interface FreeraspPlugin {
     }): Promise<{
         result: boolean;
     }>;
+    getAppIcon(options: {
+        packageName: string;
+    }): Promise<{
+        result: string;
+    }>;
 }
 export type FreeraspConfig = {
     androidConfig?: AndroidConfig;

dist/esm/definitions.js.map

@@ -4,5 +4,6 @@ declare const setThreatListeners: <T extends NativeEventEmitterActions>(callback
 declare const removeThreatListeners: () => void;
 declare const startFreeRASP: <T extends NativeEventEmitterActions>(config: FreeraspConfig, reactions: T & Record<Exclude<keyof T, keyof NativeEventEmitterActions>, []>) => Promise<boolean>;
 declare const addToWhitelist: (packageName: string) => Promise<boolean>;
+declare const getAppIcon: (packageName: string) => Promise<string>;
 export * from './definitions';
-export { Freerasp, startFreeRASP, setThreatListeners, removeThreatListeners, addToWhitelist, };
+export { Freerasp, startFreeRASP, setThreatListeners, removeThreatListeners, addToWhitelist, getAppIcon, };

dist/esm/index.d.ts

@@ -3,11 +3,19 @@
   font-weight: 600;
   color: grey;
 }
+
 .listItem {
   font-size: 1rem;
   padding-bottom: 5;
   color: grey;
 }
+
+.malwareCard {
+  width: 100%;
+  border-radius: 1.5rem;
+  background-color: rgb(218, 242, 249);
+}
+
 .icon {
   width: 2.5rem;
   height: 2.5rem;
@@ -23,12 +31,6 @@
   height: 3.5rem;
 }
 
-.malwareCard {
-  width: 100%;
-  border-radius: 1.5rem;
-  background-color: rgb(218, 242, 249);
-}
-
 .malwareCardInner {
   margin: 0;
   padding: 0;

dist/esm/index.js

@@ -1,5 +1,6 @@
-import { addToWhitelist, SuspiciousAppInfo } from 'capacitor-freerasp';
-import React from 'react';
+import { addToWhitelist, getAppIcon } from 'capacitor-freerasp';
+import type { SuspiciousAppInfo } from 'capacitor-freerasp';
+import React, { useEffect } from 'react';
 import { useState } from 'react';
 import {
   IonText,
@@ -16,7 +17,15 @@ import { chevronDown, chevronUp } from 'ionicons/icons';
 
 export const MalwareItem: React.FC<{ app: SuspiciousAppInfo }> = ({ app }) => {
   const [expanded, setExpanded] = useState<boolean>(false);
+  const [appIcon, setAppIcon] = React.useState<string>('');
 
+  useEffect(() => {
+    (async () => {
+      // retrieve app icons for detected malware
+      const appIcon = await getAppIcon(app.packageInfo.packageName);
+      setAppIcon(appIcon);
+    })();
+  }, []);
   const appUninstall = async () => {
     alert('Implement yourself!');
   };
@@ -43,7 +52,7 @@ export const MalwareItem: React.FC<{ app: SuspiciousAppInfo }> = ({ app }) => {
           <IonRow>
             <IonImg
               className="icon centered"
-              src={`data:image/png;base64,${app.packageInfo.appIcon}`}
+              src={`data:image/png;base64,${appIcon}`}
             />
             <div className="titleTextContainer">
               <IonText className="titleText">{app.packageInfo.appName}</IonText>
@@ -77,10 +86,10 @@ export const MalwareItem: React.FC<{ app: SuspiciousAppInfo }> = ({ app }) => {
             </IonText>
             <br />
             <IonText className="listItemTitle">App Icon:</IonText>
-            {app.packageInfo.appIcon ? (
+            {appIcon ? (
               <IonImg
                 className="icon iconBig"
-                src={`data:image/png;base64,${app.packageInfo.appIcon}`}
+                src={`data:image/png;base64,${appIcon}`}
               />
             ) : (
               <>

dist/esm/index.js.map

@@ -1,6 +1,6 @@
 {
   "name": "capacitor-freerasp",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "Capacitor plugin for improving app security and threat monitoring on Android and iOS mobile devices",
   "main": "dist/plugin.cjs.js",
   "module": "dist/esm/index.js",

example/src/components/MalwareItem.css

@@ -11,6 +11,7 @@ export interface FreeraspPlugin {
   addToWhitelist(options: {
     packageName: string;
   }): Promise<{ result: boolean }>;
+  getAppIcon(options: { packageName: string }): Promise<{ result: string }>;
 }
 
 export type FreeraspConfig = {

example/src/components/MalwareItem.tsx

@@ -45,8 +45,17 @@ const prepareMapping = async (): Promise<void> => {
 };
 
 // parses base64-encoded malware data to SuspiciousAppInfo[]
-const parseMalwareData = (data: string[]): SuspiciousAppInfo[] => {
-  return data.map(entry => toSuspiciousAppInfo(entry));
+const parseMalwareData = async (
+  data: string[],
+): Promise<SuspiciousAppInfo[]> => {
+  return new Promise((resolve, reject) => {
+    try {
+      const suspiciousAppData = data.map(entry => toSuspiciousAppInfo(entry));
+      resolve(suspiciousAppData);
+    } catch (error: any) {
+      reject(`Parsing app data failed: ${error}`);
+    }
+  });
 };
 
 const toSuspiciousAppInfo = (base64Value: string): SuspiciousAppInfo => {
@@ -61,7 +70,7 @@ const setThreatListeners = async <T extends NativeEventEmitterActions>(
   const [channel, key, malwareKey] = await getThreatChannelData();
   await prepareMapping();
 
-  await Freerasp.addListener(channel, (event: any) => {
+  await Freerasp.addListener(channel, async (event: any) => {
     if (event[key] === undefined) {
       onInvalidCallback();
     }
@@ -106,7 +115,7 @@ const setThreatListeners = async <T extends NativeEventEmitterActions>(
         callbacks.systemVPN?.();
         break;
       case Threat.Malware.value:
-        callbacks.malware?.(parseMalwareData(event[malwareKey]));
+        callbacks.malware?.(await parseMalwareData(event[malwareKey]));
         break;
       case Threat.ADBEnabled.value:
         callbacks.adbEnabled?.();
@@ -144,11 +153,22 @@ const addToWhitelist = async (packageName: string): Promise<boolean> => {
   return result;
 };
 
+const getAppIcon = async (packageName: string): Promise<string> => {
+  if (Capacitor.getPlatform() === 'ios') {
+    return Promise.reject(
+      'App icon retrieval for Malware detection not available on iOS',
+    );
+  }
+  const { result } = await Freerasp.getAppIcon({ packageName });
+  return result;
+};
+
 export * from './definitions';
 export {
   Freerasp,
   startFreeRASP,
   setThreatListeners,
   removeThreatListeners,
   addToWhitelist,
+  getAppIcon,
 };