Fraud Detection:Integrate Device Fraud Detection SDK for iOS

Prerequisites

The app into which you want to integrate Device Fraud Detection SDK for iOS runs iOS 9.0 or later.

Compliance terms

1. The app must post the privacy policy of Device Fraud Detection SDK when users start the app for the first time. This helps obtain the consent from users to use Device Fraud Detection SDK. Users must read and agree to the privacy policy before they proceed. Do not make an assumption that users read and agree to the privacy policy by default.

2. The privacy policy must inform users of the following items:

• SDK name: Device Fraud Detection SDK

• Service type: detection of abnormal devices such as tampering devices, emulators, and malicious scripts.

• Device information to be collected: When you use Fraud Detection and integrate Device Fraud Detection SDK, the following information from end users is required to detect fraudulent and cheating behavior, and verify the authenticity of their devices:

  • Basic information: device manufacturer, device brand, device type and model, device name, device operating system information, device memory and storage capacity, sensor list, battery and battery usage information, baseband information, boot time, screen brightness and resolution, CPU information, system time zone, system language, charging status, and system kernel information.

  • Identification information (required): identifier for vendors (IDFV).

  • Identification information (optional): International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), MAC address, Integrated Circuit Card Identifier (ICCID), hardware serial number, identifier for advertisers (IDFA), Android device ID, open anonymous device identifier (OAID), Google advertising ID (AID), and Bluetooth MAC.

  • Network information: IP address (optional), nearby WIFI list (optional), basic service set identifier (BSSID), service set identifier (SSID), carrier information, network type, network status, SIM card status, and network card information. BSSID and SSID are optional.

  • App information: the information about the app into which the SDK is integrated, including the app name, app version, and installation time, and the app list (optional).

• Privacy policy link: https://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud202111120818_92724.html

3. Make sure that users agree to the privacy policy before Device Fraud Detection SDK is used to collect information. If not necessary, do not collect device information when you start the app to prevent excessive or premature data collection.

Permission description

Before you publish the app to App Store, make sure that the fields and descriptions in the following table are added to the Info.plist file of the app. This improves the efficiency of fraud detection. If you do not add the fields or descriptions, the app may fail to be published to App Store.

Download and configure Device Fraud Detection SDK

1. Download Device Fraud Detection SDK for iOS and create an app key in the Fraud Detection console. The SDK package is a standard static framework package for Xcode.

2. Copy the deviceiOS.framework file in the SDK package to the iOS project directory.

3. Select the required project, choose Build Phases > Link Binary With Libraries, and then add deviceiOS.framework and the dependencies.

AppTrackingTransparency.framework
CoreTelephony.framework
libresolv.tbd
Security.framework
AdSupport.framework
libz.tbd
libc++.tbd
deviceiOS.framework

4. Download the Objective-C Demo package. On the Device App Keys tab, click Download Device SDK. On the page that appears, download the SDK. The version of SDK for Android starts with A., and the version of SDK for iOS starts with I.

5. Select an SDK based on your business requirements. If the SDK version has the idfa suffix, sensitive information can be collected. For more information, see the SDK download list.

Collect data by using Device Fraud Detection SDK

To collect data by using Device Fraud Detection SDK, make sure that users agree to the privacy policy. In risk scenarios, collect data by using Device Fraud Detection SDK at the earliest opportunity.

• Function

@interface SecurityDevice : NSObject
- (void)initDevice:(NSString *)userAppKey 
  	withOptions:(NSMutableDictionary *)options 
    callback:(void (^)(int))initCallback;
// ...
@end

• Parameter

userAppKey: the identity of the user. You can obtain the identity on the Device App Keys tab in the Fraud Detection console.

options: the optional parameters for collecting data. The default value can be nil. The following table describes the optional parameters.

initCallback: the callback operation for data collection by using Device Fraud Detection SDK, which can be used to determine whether data collection is successful. For more information about the value range of the code parameter, see the HTTP status codes section of this topic.

• Return value

None.

Note: If the code value returned by initCallback is not 10000, you can call the initDevice operation to collect data in subsequent operations until the data collection is successful.

Obtain a client token

Obtain a client token, report the token to the server, and then obtain the device risk information based on the event parameters and response parameters. For more information, see Service event parameters and response parameters for Device Risk Detection

• Function

@interface SecurityDevice : NSObject
// ...
- (SecurityToken *) getDeviceToken;
@end

• Parameter

None.

• Return value

The value is a SecurityToken class.

code: the call status code of the operation. You can check whether the call is successful based on the status code. For more information about the value range of the code parameter, see the HTTP status codes section of this topic.

token: the token that is returned to the client. The token can be used to call Device Fraud Detection operations.

@interface SecurityToken : NSObject

// The result of the operation that obtains the token.
@property(atomic) int code;

 // The token string.
@property(copy, atomic) NSString *token;

@end

Suggestions for obtaining the token:

1. Obtain the token if the initDevice callback returns 10000 for the code parameter.

2. If you do not want to wait for the return result of the initDevice callback after you call the initDevice operation, we recommend that you wait for at least 2 seconds before you call the getDeviceToken operation. This is due to possible latency issues in data reporting.

3. Obtain a new token when you need to query the device risk information. The validity period of the token is seven days.

HTTP status codes

Sample code

When you use Device Fraud Detection SDK to collect data, you need to call the initDevice operation at the earliest opportunity in risk scenarios.

Note: The privacy policy of Apple stipulates that the use of the IDFA must be explained in the Info.plist file and a message must be displayed to ask for user consent to use the IDFA. Therefore, make sure that Xcode 12 or later is installed in the development environment.

typedef void (^IDFARequestBlock)(bool success);

API_AVAILABLE(ios(14))
static bool isATTrackingEnabled(ATTrackingManagerAuthorizationStatus status) {
    if (ATTrackingManagerAuthorizationStatusAuthorized == status) {
        return true;
    }
    return false;
}

- (void)helperRequestIDFAPermissionWithBlock:(IDFARequestBlock) complete {
    if (@available(iOS 14, *)) {
        ATTrackingManagerAuthorizationStatus authStatus = ATTrackingManager.trackingAuthorizationStatus;
        if (ATTrackingManagerAuthorizationStatusNotDetermined == authStatus) {
            [ATTrackingManager requestTrackingAuthorizationWithCompletionHandler:^(ATTrackingManagerAuthorizationStatus status) {
                if (nil != complete) {
                    return complete(isATTrackingEnabled(status));
                }
            }];
        } else if (nil != complete) {
            return complete(isATTrackingEnabled(authStatus));
        }
    }
}

- (void)initSecurityDevice {
    SecurityDevice *securityDevice = [SecurityDevice sharedInstance];
    [securityDevice initDevice: @ "ALIYUN_APPKEY": ^ (int code) {
        NSString * initResult = [NSString stringWithFormat: @ "init code: %d", code];
        NSLog(@ "%@", initResult);
        if (10000 != code) {
            NSLog(@ "init error.");
        } else {
            NSLog(@ "init success");
        }
    }];
}

- (void)viewDidLoad {
    [super viewDidLoad];
    
    // For iOS 14 and later, obtain the permissions to use the IDFA by using a pop-up dialog box. 
    if (@available(iOS 14, *)) {
        [self helperRequestIDFAPermissionWithBlock:^(bool success) {
            if (success) {
                NSLog(@"IDFA Permission OK.");
            } else {
                NSLog(@"No IDFA Permission.");
            }
            
            [self initSecurityDevice];
        }];
    } else {
        [self initSecurityDevice];
    }
}

In business scenarios in which fraud detection is required, such as account registrations and promotional activities, you must obtain the token of the client and submit the token to the server. Then, you can query the device risk information.

SecurityDevice *securityDevice = [SecurityDevice sharedInstance];
SecurityToken * deviceToken = [securityDevice getDeviceToken];
NSString * rs = [NSString stringWithFormat: @ "[%d]%@", deviceToken.code, deviceToken.token];
NSLog(@ "deviceToken: %@", rs);

// Send the token to the self-managed server and call the Device Fraud Detection operations. 
// ...

Call the Device Fraud Detection operations

Use the deviceToken parameter and other related parameters to call Device Fraud Detection operations. For more information, see the following topics:

Service event parameters and response parameters for Device Fingerprint Fraud Detection