UNPKG

react-native-safeguard

Version:

A comprehensive security library for React Native applications that helps protect against various security threats including root detection, malware, tampering, and more.

github.com/rajivnarayana/react-native-safeguard

rajivnarayana/react-native-safeguard

248 lines (200 loc) 7.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
# react-native-safeguard A comprehensive security library for React Native applications that helps protect against various security threats including root detection, malware, tampering, and more. ## Features - Root/Jailbreak Detection - Developer Options Detection - Network Security Checks - Malware and Tampering Detection - Screen Mirroring Detection - App Spoofing Prevention - Key Logger Detection - Configurable Security Levels (SECURE, WARNING, ERROR) ## Installation ### React Native CLI ```sh npm install react-native-safeguard # or yarn add react-native-safeguard ``` ### Expo ```sh expocli install react-native-safeguard ``` Then add the config plugin to your `app.config.js` or `app.json`: ```js module.exports = { // ... other config plugins: [ [ 'react-native-safeguard', { // Android security config securityConfigAndroid: { // your Android-specific settings ROOT_CHECK_STATE: "ERROR", DEVELOPER_OPTIONS_CHECK_STATE: "ERROR", MALWARE_CHECK_STATE: "ERROR", TAMPERING_CHECK_STATE: "ERROR", APP_SPOOFING_CHECK_STATE: "ERROR", NETWORK_SECURITY_CHECK_STATE: "WARNING", SCREEN_SHARING_CHECK_STATE: "WARNING", KEYLOGGER_CHECK_STATE: "ERROR", ONGOING_CALL_CHECK_STATE: "WARNING", CERTIFICATE_MATCHING_CHECK_STATE: "ERROR", EXPECTED_BUNDLE_IDENTIFIER: "com.your.package", EXPECTED_SIGNATURE: "", }, // iOS security config - all values must be 'ERROR', 'WARNING', or 'DISABLED' securityConfigiOS: { ROOT_CHECK_STATE: 'WARNING', DEVELOPER_OPTIONS_CHECK_STATE: 'WARNING', SIGNATURE_VERIFICATION_CHECK_STATE: 'WARNING', NETWORK_SECURITY_CHECK_STATE: 'WARNING', SCREEN_SHARING_CHECK_STATE: 'WARNING', APP_SPOOFING_CHECK_STATE: 'WARNING', KEYLOGGER_CHECK_STATE: 'WARNING', ONGOING_CALL_CHECK_STATE: 'WARNING', CERTIFICATE_MATCHING_CHECK_STATE: 'WARNING', EXPECTED_SIGNATURE: '' // Optional: Your app's expected signature } } ] ] }; ``` ### Android Setup 1. Add the following to your `android/settings.gradle`: ```groovy include ':react-native-safeguard' project(':react-native-safeguard').projectDir = new File(rootProject.projectDir, '../node_modules/react-native-safeguard/android') ``` 2. Add the following to your `android/app/build.gradle`: ```groovy repositories { flatDir { dirs project(':react-native-safeguard').projectDir.toString() + '/libs' } } ``` ### iOS Setup Run `pod install` in your iOS directory: ```sh cd ios && pod install ``` ## Expo Config Plugin When using this library in an Expo project, the config plugin will automatically configure both Android and iOS native code during the build process. The plugin supports the following configuration options: ### Android Configuration Use the `securityConfigAndroid` object to configure Android-specific security settings: ```js securityConfigAndroid: { // your Android-specific settings ROOT_CHECK_STATE: "ERROR", DEVELOPER_OPTIONS_CHECK_STATE: "ERROR", MALWARE_CHECK_STATE: "ERROR", TAMPERING_CHECK_STATE: "ERROR", APP_SPOOFING_CHECK_STATE: "ERROR", NETWORK_SECURITY_CHECK_STATE: "WARNING", SCREEN_SHARING_CHECK_STATE: "WARNING", KEYLOGGER_CHECK_STATE: "ERROR", ONGOING_CALL_CHECK_STATE: "WARNING", CERTIFICATE_MATCHING_CHECK_STATE: "ERROR", EXPECTED_BUNDLE_IDENTIFIER: "com.your.package", EXPECTED_SIGNATURE: "", }, ``` ### iOS Configuration Use the `securityConfigiOS` object to configure iOS security checks. All values must be one of: - `'ERROR'` - Fail if the security check fails - `'WARNING'` - Show a warning if the security check fails - `'DISABLED'` - Disable this security check Available configuration options: ```js securityConfigiOS: { ROOT_CHECK_STATE: 'WARNING', // Root/Jailbreak detection DEVELOPER_OPTIONS_CHECK_STATE: 'WARNING', // Developer options detection SIGNATURE_VERIFICATION_CHECK_STATE: 'WARNING', // App signature verification NETWORK_SECURITY_CHECK_STATE: 'WARNING', // Network security checks SCREEN_SHARING_CHECK_STATE: 'WARNING', // Screen mirroring detection APP_SPOOFING_CHECK_STATE: 'WARNING', // App spoofing prevention KEYLOGGER_CHECK_STATE: 'WARNING', // Keylogger detection ONGOING_CALL_CHECK_STATE: 'WARNING', // Audio call security CERTIFICATE_MATCHING_CHECK_STATE: 'WARNING', // Certificate validation EXPECTED_SIGNATURE: '' // Expected app signature } ``` ## Usage First, initialize the library with your desired security configuration: ```typescript import Safeguard from 'react-native-safeguard'; // Initialize with custom security levels Safeguard.initialize({ rootCheckState: 'ERROR', // Fail if device is rooted/jailbroken developerOptionsCheckState: 'WARNING', // Warn if developer options are enabled malwareCheckState: 'WARNING', // Warn if malware is detected tamperingCheckState: 'WARNING', // Warn if app tampering is detected networkSecurityCheckState: 'WARNING', // Warn if network is not secure screenSharingCheckState: 'WARNING', // Warn if screen mirroring is active appSpoofingCheckState: 'WARNING', // Warn if app spoofing is detected keyloggerCheckState: 'WARNING', // Warn if keylogger is detected expectedPackageName: 'com.your.app', // Optional: Verify app package name expectedCertificateHash: 'your-hash' // Optional: Verify app signature }).catch(error => { console.error('Failed to initialize Safeguard:', error); }); ``` Then use the security check methods as needed: ```typescript // Check all security features try { const result = await Safeguard.checkAll(); console.log('Security check result:', result); } catch (error) { console.error('Security check failed:', error); } // Or check specific features try { const rootStatus = await Safeguard.checkRoot(); const devOptions = await Safeguard.checkDeveloperOptions(); const networkSecurity = await Safeguard.checkNetwork(); const malware = await Safeguard.checkMalware(); const screenMirroring = await Safeguard.checkScreenMirroring(); const appSpoofing = await Safeguard.checkApplicationSpoofing(); const keyLogger = await Safeguard.checkKeyLogger(); console.log('Root Status:', rootStatus); // Handle other results... } catch (error) { console.error('Security check failed:', error); } ``` ### Security Check Results Each security check returns a result object with the following structure: ```typescript interface SecurityCheckResult { status: 'SECURE' | 'WARNING' | 'ERROR'; message: string; } ``` ## Example Check out the [example](example) directory for a complete demo application showing how to use all security features. To run the example app: ```sh # Clone the repository git clone https://github.com/your-username/react-native-safeguard.git # Install dependencies cd react-native-safeguard yarn install # Run the example app cd example yarn install # For iOS cd ios && pod install && cd .. yarn ios # For Android yarn android ``` ## Contributing See the [contributing guide](CONTRIBUTING.md) to learn how to contribute to the repository and the development workflow. ## License MIT --- Made with [create-react-native-library](https://github.com/callstack/react-native-builder-bob)