Skip to main content

Android - Security Module Interface

The SecurityModule interface allows you to implement custom security checks at critical points within your application. These security checkpoints act as gatekeepers for sensitive operations and user flows. You have complete control over what security validations are performed and how they're implemented. When any security check returns an Insecure result, the associated flow is immediately canceled or blocked, protecting your application from potential security threats.

Implementation

Create a class that implements the SecurityModule interface. Once implemented, override the provided methods and add your custom security logic as required.

/**
 * Example SecurityModule implementation.
 *
 * A SecurityModule hooks into critical security checkpoints within the application.
 * Through this interface, you can implement custom security validations such as device
 * integrity checks, authentication requirements, and access control policies.
 */
class SecurityModuleExample(private val sdkUtils: SdkUtils): SecurityModule {

    override fun isDeviceSecure(): SecurityResult {
        // Implement your device security checks here
        // Examples: root detection, screen lock validation, etc.
    }

    override fun allowLogin(): SecurityResult {
        // Implement your login authorization checks here
        // Examples: time-based restrictions, location validation, etc.
    }
}

/**
 * Security Result Types
 *
 * Return values for SecurityModule interface methods. Use these predefined
 * result types to indicate the outcome of security checks.
 *
 * - Secure: Device passes all security checks and the flow can continue
 * - Insecure: Security violation detected with a descriptive message explaining the issue
 */
sealed class SecurityResult {
    object Secure : SecurityResult()
    data class Insecure(val message: String) : SecurityResult()
}

Security Methods

isDeviceSecure()

This method is called before sensitive operations to validate the overall security posture of the device. Common implementations include checking for device rooting, verifying screen locks are enabled, or validating device encryption status.

allowLogin()

This method is invoked during the authentication process to determine if login should be permitted under current conditions. Typical use cases include enforcing time-based access restrictions, validating user location, or checking network security requirements.

Update Your settings.json

Ensure your settings.json file in the root of the DevApp is updated to reflect your module changes. Learn more in Configuring settings.json.