This topic describes how to integrate Device Risk Detection SDK for Android.
Prerequisites
Android 4.0.3 or later and minSdkVersion 15 or later are used.
Compliance guide
1. The first time a user starts an app, make sure that the privacy policy is displayed. The user must agree to the terms and conditions of the privacy policy by selecting the required option.
2. The following terms and conditions must be stated in the privacy policy of the Device Risk Detection SDK:
SDK name: Device Risk Detection SDK
Service scope: Check for malicious scripts and abnormal devices whose data or simulators are tampered with.
Device information to be collected:
Basic information: the manufacturer, brand, model, name, operating system, configuration, and environment.
Identity information: the International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), MAC address, Integrated Circuit Card Identifier (ICCID), Android device ID, hardware SN, open advertising identifier (OAID), Google AID, Bluetooth MAC, identifier for advertisers (IDFA), and identifier for vendors (IDFV).
Network information: the IP address, Wi-Fi information, Basic Service Set Identifiers (BSSID), Service Set Identifier (SSID), carrier information, network type, and network status.
Other information: the information about the app that uses the SDK, such as the app name, app version, and installation time.
3. Before you initialize a Device Risk Detection SDK, make sure that the user has agreed to the terms and conditions of the privacy policy.
Permission
To improve the efficiency of fraud detection, we recommend that you grant specific permissions to Device Risk Detection SDK for Android. The following table describes the permissions.
Permission | Required | Remarks |
android.permission.INTERNET | Yes | The permissions to access networks. If Device Risk Detection SDK for Android does not have the permissions, specific features are unavailable. |
android.permission.ACCESS_NETWORK_STATE | No but recommended | The permissions to obtain the network status of a device. |
android.permission.READ_PHONE_STATE | No but recommended | The permissions are dynamically granted in Android 6.0 or later. If you want to enable relevant permissions, make sure that your app has been granted the relevant permissions before you use and initialize Device Risk Detection SDK for Android. |
android.permission.WRITE_EXTERNAL_STORAGE | No but recommended | |
android.permission.READ_EXTERNAL_STORAGE | No but recommended |
Download and configure Device Risk Detection SDK for Android
Download Device Risk Detection SDK for Android and decompress the SDK package. The SDK package is a standard .aar package for Android.
Copy the .aar SDK package to the libs directory of your project. Add the following dependencies to the build.gradle file of the app module:
// Copy the SDK package.
implementation files('libs/Android-AliyunDevice-Version number.aar')
// Add the third-party network libraries as dependencies.
implementation 'com.squareup.okhttp3:okhttp:3.11.0'
implementation 'com.squareup.okio:okio:1.14.0'You must add the third-party network libraries. Otherwise, Device Risk Detection SDK for Android cannot connect to networks.
Initialize the SDK
When the app starts, you must call the init operation to initialize the SDK at the earliest opportunity.
Function
public interface SecurityInitListener {
// The code parameter specifies the call status code of the operation.
void onInitFinish(int code);
}
public void init(Context ctx,
String appKey,
SecurityInitListener securityInitListener);Parameter
ctx: the context of an application or an activity.
appKey: the identity of a user. You can obtain the identity on the Device APP management tab in the Fraud Detection console.
securityInitListener: the listener for the initialization result of Device Risk Detection SDK for Android. You can check whether the initialization is successful based on the callback notification. For more information about the value range of the code parameter, see the "Status codes" section of this topic.
Return value
None.
Obtain the token of the client
Obtain and send the client session to the application server. You can call the Service event parameters and response parameters for Device Risk Detection on the application server to query the device fingerprint information.
Function
public class SecurityToken {
// The call status code.
public int code;
// The token that is used to query the result on the application server.
public String token;
}
public SecurityToken getDeviceToken();Return value
The value is a SecurityToken class.
code: the call status code of the operation. You can check whether the call is successful based on the status code. For more information about the value range of the code parameter, see the "Status codes" section of this topic.
token: the token that is returned to the client. The token can be used to call the Device Risk Detection Fraud Detection API.
Usage notes:
1. The getDeviceToken operation requires a long period of time to complete. Make sure that the app runs in a child thread. Otherwise, the app may fail due to an Application Not Responding (ANR) error.
2. Make sure that an interval of at least 2 seconds is specified between a call for the init operation and a call for the getDeviceToken operation.
3. In normal network environments, the length of a token is approximately 600 bytes. In abnormal network environments, tokens whose lengths are greater than or equal to 2.5 KB may be returned.
Status codes
SecurityCode | Code | Remarks |
SC_SUCCESS | 10000 | The SDK is initialized. |
SC_NOT_INIT | 10001 | The SDK is not initialized. |
SC_NOT_PERMISSION | 10002 | One or more basic Android permissions are not granted to the SDK. |
SC_UNKNOWN_ERROR | 10003 | An unknown system error occurred. |
SC_NETWORK_ERROR | 10004 | A network error occurred. |
SC_NETWORK_ERROR_EMPTY | 10005 | A network error occurred and the return value is an empty string. |
SC_NETWORK_ERROR_INVALID | 10006 | The format of the response returned over the network is invalid. |
SC_PARSE_SRV_CFG_ERROR | 10007 | The system failed to parse the server settings. |
SC_NETWORK_RET_CODE_ERROR | 10008 | The gateway failed to return a response. |
SC_APPKEY_EMPTY | 10009 | The value of the appkey parameter is empty. |
SC_PARAMS_ERROR | 10010 | Other parameters are invalid. |
SC_FGKEY_ERROR | 10011 | The system failed to calculate the key. |
SC_APPKEY_ERROR | 10012 | The version of the SDK does not match the version of the appkey. |
Sample code
Initialize Device Risk Detection SDK for Android. When the app starts, you must call the init operation at the earliest opportunity.
The value of the ALIYUN_APPKEY parameter is used to identify a user. You can obtain the identity on the Device APP management tab in the Fraud Detection console.
public class CustomApplication extends Application {
private static String ALIYUN_APPKEY = "xxxx";
@Override
public void onCreate() {
super.onCreate();
// Initialize Device Risk Detection SDK for Android. When the app starts, you must call the init operation at the earliest opportunity.
SecurityDevice.getInstance().init(this, ALIYUN_APPKEY, null);
}
}In business scenarios that require fraud detection, such as account registrations and promotional activities, you must obtain the token of the client and submit the token to the application server. Make sure that an interval of at least 2 seconds is specified between a call for the init operation and a call for the getDeviceToken operation.
The getDeviceToken operation requires a long period of time to complete. Do not call the operation in a UI thread.
new Thread() {
@Override
public void run() {
SecurityToken st = SecurityDevice.getInstance().getDeviceToken();
if(null != st){
if(SecurityCode.SC_SUCCESS == st.code){
Log.d("AliyunDevice", "token: " + st.token);
// Send the token to the self-managed application server and call the Device Risk Detection Fraud Detection API.
// sendToAPPServer(st.token);
} else {
Log.e("AliyunDevice", "getDeviceToken error, code: " + st.code);
}
} else {
Log.e("AliyunDevice", "getDeviceToken is null.");
}
}
}.start();Obfuscate code
-keep class net.security.device.api.** {*;}
-dontwarn net.security.device.api.**Call the Fraud Detection API
Use the deviceToken parameter and other related parameters to call the Fraud Detection API. For more information, see the following topic:
Service event parameters and response parameters for Device Risk Detection Fraud Detection
The following figure shows how to integrate and use the SDK. Steps 1 and 2 are required only the first time you load the SDK. You can perform Steps 3 to Step 9 in a loop based on your business requirements.
FAQ
1. Which architectures are supported by a Device Risk Detection SDK?
A Device Risk Detection SDK supports the ARM, ARMv7, and ARM64 architectures.
2. What is the size of a Device Risk Detection SDK?
The size of a mono-architecture SO file is approximately 1.8 MB.
To prevent reverse engineering and ensure the security of data in transit, a Device Risk Detection SDK contains a large number of obfuscation, dilation, and decryption operations. Therefore, the size of the SDK is big.
3. Why is the token that I obtained longer than expected?
In most cases, a token is approximately 600 bytes in length. If the network condition is poor, tokens whose lengths are greater than or equal to 2.5 KB may be returned.
If a large number of long tokens exist in daily operations, perform the following steps: Make sure that all connections between clients and the application server are normal. Then, make sure that an interval of at least 2 seconds is specified between a call for the init operation and a call for the getDeviceToken operation.