Version 2.1.2, compiled with Xcode 15.4

AppProtection.podspec

@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
   s.cocoapods_version   = '>= 1.10'
   s.name                = "AppProtection"
-  s.version             = "2.1.1"
+  s.version             = "2.1.2"
   s.summary             = "Malwarelytics AppProtection by Wultra"
   s.homepage            = "https://www.wultra.com/malwarelytics"
   s.social_media_url    = 'https://twitter.com/wultra'
@@ -19,7 +19,7 @@ Pod::Spec.new do |s|
   LICENSE
   }
   s.prepare_command = <<-CMD
-    ./prepare.sh 2.1.1 37008aa00a9f6f74c2b0a20d924c985772f75775539fe5c8e970ca13653b95d8
+    ./prepare.sh 2.1.2 4afdd53186a287aff1c0e81dc3e8f049768ffae8332a790f4e8ef6bea0f4e96c
   CMD
   s.vendored_frameworks = "AppProtection.xcframework"
   s.platform            = :ios

Package.swift

@@ -12,7 +12,7 @@ let package = Package(
     targets: [
         .binaryTarget(
             name: "AppProtection",
-            url: "https://wultra.jfrog.io/artifactory/malwarelytics-apple-release/AppProtection-2.1.1.xcframework.zip",
-            checksum: "37008aa00a9f6f74c2b0a20d924c985772f75775539fe5c8e970ca13653b95d8")
+            url: "https://wultra.jfrog.io/artifactory/malwarelytics-apple-release/AppProtection-2.1.2.xcframework.zip",
+            checksum: "4afdd53186a287aff1c0e81dc3e8f049768ffae8332a790f4e8ef6bea0f4e96c")
     ]
 )

docs/Active-Call-Detection.md

@@ -0,0 +1,71 @@
+# Active Call Detection
+
+Social engineering scams pose a serious problem for today's banking and fintech apps. Malicious actors try to trick users into sending money away or into performing other harmful activities such as approving access to their accounts. This is often performed by direct phone calls. The actor first gains the user's trust and then instructs him/her directly to perform a harmful action. For this reason, active call detection is an integral part of a financial app. The app can use the detection to prevent the user from doing sensitive operations while off-hook.
+
+Malwarelytics for Apple is able to detect active calls.
+
+## Configuration
+
+```swift
+let raspConfig = AppProtectionRaspConfig(
+    callDetection: SimpleDetectionConfig
+    // configuration of other RASP features
+)
+```
+
+Available values of `SimpleDetectionConfig`:
+
+| Value       | Description                                                                                                                           |
+| ----------- | ------------------------------------------------------------------------------------------------------------------------------------- |
+| `.noAction` | indicates that an active call will not be automatically detected. A manual check is still possible.                                   |
+| `.notify`   | indicates that an active call will be automatically detected and the delegates will be notified via the `onCallChanged(Bool)` method. |
+
+
+Active call detection defaults to `.notify`.
+
+## Usage 
+
+After service creation, the active call detection feature can be accessed via `AppProtectionRasp`. This can be used to add a delegate or to trigger a manual active call detection check.
+
+### Observing Detection
+
+Active call detection can trigger a certain action. To achieve that, a delegate needs to be added.
+
+Delegate configuration:
+
+```swift
+class RaspDelegate: AppProtectionRaspDelegate {
+
+    // other delegate code
+
+    func onCallChanged(isOnCall: Bool) {
+        // handle active call detection
+    }
+}
+```
+
+The delegate can be added in `AppProtectionRasp`. When it is no longer needed, it can be removed again.
+
+```swift
+let raspDelegate = RaspDelegate()
+appProtection.rasp.addDelegate(raspDelegate)
+appProtection.rasp.removeDelegate(raspDelegate)
+```
+
+### Triggering a Manual Check
+
+Active call detection check can be triggered manually in `AppProtectionRasp` by getting the `isOnCall` property value. A simple `Bool` answer is given. 
+
+```swift
+let isOnCall = appProtection.rasp.isOnCall
+```
+
+<!-- begin box info -->
+
+More information on general RASP feature configuration and usage can be found in [this overview](./RASP-Feature-Overview.md).
+
+<!-- end -->
+
+## Read Next
+
+- [App Presence Detection](./App-Presence-Detection.md)

docs/App-Presence-Detection.md

@@ -0,0 +1,117 @@
+# App Presence Detection
+
+Some mobile applications, while being legitimate apps with their use cases, pose a great danger to banking and fintech applications. Such apps are often used to scam users and perform financial fraud.
+
+An important category of these apps are so-called "remote desktop apps". These apps allow remote access and control of mobile devices. Unfortunately, these apps recently became a vital part of many fraudulent attacks.
+
+Malwarelytics for Apple is able to detect some unwanted remote desktop apps.
+
+## Configuration
+
+Configuration of this feature is more complex than other detections. It consists of two parts:
+
+1. Configuration of query URL schemes in the application's `Info.plist`.
+2. Configuration of `appPresence` in `AppProtectionRaspConfig`.
+
+Every app that should be detected has to be added in both places. This also means that the list of detected apps is limited by the compile-time configuration of `Info.plist` file.
+
+### Configuration of Query URL Schemes
+
+Query URL schemes have to be configured in the application's `Info.plist`. A query scheme of each app has to be added as an item in the "Queried URL Schemes" key.
+
+The step-by-step process is:
+
+1. Open the Xcode project.
+2. In the Project Navigator, find the app's `Info.plist` file and open it.
+3. Click the "+" button in the top-right corner of the Info.plist editor.
+4. In the new row, set the key to "Queried URL Schemes"
+5. Click the arrow next to "Queried URL Schemes" to expand it.
+6. Click the "+" button next to "Queried URL Schemes" and add the URL scheme for the app you want to detect.
+7. Save the changes.
+
+Some of the frequently used remote desktop apps' with their URL schemes can be found in the SDK in the `KnownApps` struct.
+
+
+### App Presence Configuration in AppProtectionRaspConfig
+
+Configuration of the detection in `AppProtectionRaspConfig` is similar to other RASP features:
+
+```swift
+let raspConfig = AppProtectionRaspConfig(
+    appPresence: AppPresenceDetectionConfig
+    // configuration of other RASP features
+)
+```
+
+Available values of `DetectionConfig`:
+
+| Value                                   | Description                                                                                                                                           |
+| --------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `.manual(`<br/>`apps: [DetectableApp])` | indicates that app presence will not be automatically detected. A manual check is still possible.                                                     |
+| `.notify(`<br/>`apps: [DetectableApp])` | indicates that app presence will be automatically detected and the delegates will be notified via the `installedAppsChanged([DetectableApp])` method. |
+
+The app presence detection defaults to `.manual([])`.
+
+List of available parameters for some config values:
+
+| Parameter               | Description                          |
+| ----------------------- | ------------------------------------ |
+| `apps: [DetectableApp]` | defines the list of detectable apps. |
+
+### Detectable App Configuration
+
+A detectable app is defined by several properties:
+
+| Property                      | Description                                                                                                                                  |
+| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
+| `deeplinkProtocols: [String]` | specifies deep links defined for the app.                                                                                                     |
+| `name: String`                | specifies name of the application. The name can be chosen at will and does not need to reflect the name in the AppStore or of an installed app. |
+| `category: Category`          | specifies category of the application. Currently only `.remoteDesktop` is available.                                                         |
+| `tag: String?`                | specifies any additional information that should be passed to the remote server.                                                             |
+
+## Usage 
+
+After service creation, the app presence detection feature can be accessed via `AppProtectionRasp`. This can be used to add a delegate or to trigger a manual app presence detection check.
+
+### Observing Detection
+
+The app presence detection can trigger a certain action. To achieve that, a delegate needs to be added.
+
+Delegate configuration:
+
+```swift
+class RaspDelegate: AppProtectionRaspDelegate {
+
+    // other delegate code
+
+    func installedAppsChanged(installedApps: [DetectableApp]) {
+        // handle app presence detection
+    }
+}
+```
+
+The delegate can be added in `AppProtectionRasp`. When it is no longer needed, it can be removed again.
+
+```swift
+let raspDelegate = RaspDelegate()
+appProtection.rasp.addDelegate(raspDelegate)
+appProtection.rasp.removeDelegate(raspDelegate)
+```
+
+### Triggering a Manual Check
+
+The app presence detection check can be triggered manually in `AppProtectionRasp` by getting the `installedApps` property value. The method returns `[DetectableApp]`. 
+
+```swift
+let installedApps = appProtection.rasp.installedApps
+```
+
+<!-- begin box info -->
+
+More information on general RASP feature configuration and usage can be found in [this overview](./RASP-Feature-Overview.md).
+
+<!-- end -->
+
+## Read Next
+
+- [User Screenshot Detection](./User-Screenshot-Detection.md)

docs/Configuration.md

@@ -1,11 +1,11 @@
 # Configuration
 
-## Minimum configuration
+## Minimum Configuration
 
-AppProtection can run without any configuration. Be aware that in such settings [RASP](./RASP-Feature-Overview.md) features will only report security incidents to your delegate.
+AppProtection can run without any configuration. However, in such settings, [RASP](./RASP-Feature-Overview.md) features will only report security incidents to your delegate.
 
 <!-- begin box info -->
-Reporting to the Malwarelytics web console is turned off in the minimal configuration.
+Reporting to the Malwarelytics web console is turned off in case of the minimal configuration.
 <!-- end -->
 
 ## Online Service
@@ -18,15 +18,15 @@ The `Username`, `Password`, and `Signature Public Key` can be obtained in the [G
 
 ## Configuring the AppProtection
 
-To enable requested AppProtection features in your app, you must create a properly configured instance of the `AppProtectionService` class and set the `AppProtectionRaspDelegate` to obtain callbacks.
+To enable AppProtection features in your app, you must create a properly configured instance of the `AppProtectionService` class and set the `AppProtectionRaspDelegate` to obtain callbacks.
 
 You should implement the following configurations:
 
 - `AppProtectionRaspConfig` - Configures which RASP features are enabled and default actions for the detections.
 - `AppProtectionOnlineConfig` - Configuration of the online part of the AppProtection.
 	- `AppProtectionIdentificationConfig` - Configures user identification. This can be changed later at runtime.
 	- `AppProtectionEventConfig` - Configures which RASP events are emitted and sent to the back-end services.
-	- `AppProtectionCustomerGroupingConfig` - Configuration of customer grouping and naming in the web application. For more details visit [Customer Grouping and Naming](#customer-grouping-and-naming)
+	- `AppProtectionCustomerGroupingConfig` - Configuration of customer grouping and naming in the web application. For more details, visit [Customer Grouping and Naming](#customer-grouping-and-naming)
 
 Based on the configuration, the `AppProtectionRaspDelegate` receives updates about various RASP events.
 
@@ -157,22 +157,22 @@ class AppSecurity: AppProtectionRaspDelegate {
     func systemBiometryConfigurationChanged(enabled: Bool) {
         // react to biometry configuration changed
     }
-    
+
     func screenCapturedChanged(isCaptured: Bool) {
         // react to screen capturing (casting to different device)
     }
-    
+
     func vpnChanged(active: Bool) {
-		// react to VPN state changes
-	}
-	
-	func onCallChanged(isOnCall: Bool) {
-	   // on call status has changed
-	}
-	
-	func installedAppsChanged(installedApps: [DetectableApp]) {
-		// installed apps list has changed
-	}
+        // react to VPN state changes
+    }
+
+    func onCallChanged(isOnCall: Bool) {
+        // on call status has changed
+    }
+
+    func installedAppsChanged(installedApps: [DetectableApp]) {
+        // installed apps list has changed
+    }
 }
 
 enum RaspIncident {
@@ -211,13 +211,13 @@ Be aware that the creation of __2 instances__ of `AppProtectionService` is consi
 <!-- end -->
 
 <!-- begin box warning -->
-Before deiniting (removing all references to) the `AppProtectionService` object, you need to call `release()` that will stop all its functionality. __Deiniting without release__ will result in __application crash__.
+Before deiniting (removing all references to) the `AppProtectionService` object, you need to call `release()` to stop all its functionality. __Deiniting without release__ will result in __application crash__.
 <!-- end -->
 
 ## Customer Grouping and Naming
-The SDK allows to pass custom values that are used to group data in Malwarelytics web console application.  
-The configuration items in `AppProtectionCustomerGroupingConfig` add extra metadata that are passed into the web console.  
-The data allow to split data into groups and obtain different views on the data.
+The SDK allows passing custom values that are used to group data in the Malwarelytics web console application.  
+The configuration items in `AppProtectionCustomerGroupingConfig` add extra metadata that is passed into the web console.  
+The data allows to split data into groups and obtain different views on the data.
 
 The data can be defined with:
 
@@ -229,7 +229,7 @@ let groupingConfig = AppProtectionCustomerGroupingConfig(
 )
 ```
 
-Limitations for the strings are following:  
+Limitations for the strings are the following:  
 
 - Max length of `sourceBundleId ` is 255 characters  
 - Max length of `appBundleId` is 255 characters  
@@ -241,4 +241,4 @@ The last option `audienceGroupId` is used to distinguish users from different cu
 
 ## Read Next
 
-- [Release Notes](./Release-Notes.md)
+- [Recommended Responses to Security Issues](./Recommended-Responses-To-Security-Issues.md)