rc/8.0.0

CHANGELOG.md

@@ -5,6 +5,50 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [8.0.0] - 2026-05-13
+
+- Android SDK version: 18.3.0
+- iOS SDK version: 6.14.4
+
+### Breaking
+
+- `SuspiciousAppInfo.reason` (String) renamed to `reasons` (List\<String\>)
+- Value `"blacklist"` in `reasons` renamed to `"blocklist"`
+- Removed `MalwareConfig` and `AndroidConfig.malwareConfig` — use `SuspiciousAppDetectionConfig` instead
+
+### Flutter
+
+#### Removed
+
+- `MalwareConfig` class and `AndroidConfig.malwareConfig` field — use `SuspiciousAppDetectionConfig` instead
+
+### Android
+
+#### Added
+
+- Added a new sub-check for `HMA` detection to the root detector
+- Added a new sub-check for `KernelSU` detection to the root detector
+- Added a new sub-check for `Frida Server` detection to the hook detector
+- Added Huawei App Market provider to HMA detection queries
+- New API class `SuspiciousAppDetectionConfig` that can be used to configure malware detection
+- New API for malware detection configuration in `TalsecConfig`, see `TalsecConfig.Builder#suspiciousAppDetection`
+
+#### Fixed
+
+- Fixed `VerifyError` caused by `JaCoCo` bytecode instrumentation
+- Fixed a potential cause of crash in the multi-instance detector
+- Fixed crash caused by unhandled `SecurityException` thrown by `UsageStatsManager` in root detection
+- Fixed manifest merge conflicts in HMA detection providers
+- Fixed Java interoperability of `ScreenProtector` methods
+- Fixed Kotlin classpath conflicts in SDK dependency resolution (Kotlin 2.0.0)
+
+#### Changed
+
+- Fine-tuned `KernelSU` detection
+- Fine-tuned hook detection
+- Fine-tuned location spoofing detection
+- Modified malware incident log structure for better aggregation
+
 ## [7.5.1] - 2026-03-24
 
 - Android SDK version: 18.0.4

android/build.gradle

@@ -3,7 +3,7 @@ version '1.0-SNAPSHOT'
 
 buildscript {
     ext.kotlin_version = '2.1.0'
-    ext.talsec_version = '18.0.4'
+    ext.talsec_version = '18.3.0'
     repositories {
         google()
         mavenCentral()

android/src/main/kotlin/com/aheaditec/freerasp/Extensions.kt

@@ -4,8 +4,14 @@ import android.content.Context
 import android.content.pm.PackageInfo
 import android.os.Build
 import com.aheaditec.talsec_security.security.api.ExternalIdResult
+import com.aheaditec.talsec_security.security.api.MalwareScanScope
+import com.aheaditec.talsec_security.security.api.ReasonMode
+import com.aheaditec.talsec_security.security.api.ScopeType
+import com.aheaditec.talsec_security.security.api.SuspiciousAppDetectionConfig
 import com.aheaditec.talsec_security.security.api.SuspiciousAppInfo
 import io.flutter.plugin.common.MethodChannel
+import org.json.JSONArray
+import org.json.JSONObject
 import com.aheaditec.freerasp.generated.PackageInfo as FlutterPackageInfo
 import com.aheaditec.freerasp.generated.SuspiciousAppInfo as FlutterSuspiciousAppInfo
 
@@ -33,7 +39,7 @@ internal inline fun runResultCatching(result: MethodChannel.Result, block: () ->
  * this [SuspiciousAppInfo].
  */
 internal fun SuspiciousAppInfo.toPigeon(context: Context): FlutterSuspiciousAppInfo {
-    return FlutterSuspiciousAppInfo(this.packageInfo.toPigeon(context), this.reason)
+    return FlutterSuspiciousAppInfo(this.packageInfo.toPigeon(context), this.reasons.toList())
 }
 
 /**
@@ -83,3 +89,31 @@ internal fun ExternalIdResult.resolve(result: MethodChannel.Result) {
         is ExternalIdResult.Error -> result.error("external-id-failure", this.errorMsg, null)
     }
 }
+
+internal fun JSONObject.toScanScope(): MalwareScanScope {
+    val scanScope = ScopeType.valueOf(getString("scanScope"))
+    val trustedInstallSources = optJSONArray("trustedInstallSources")
+        ?.let { processArray<String>(it).asList() }
+    return MalwareScanScope(scanScope, trustedInstallSources)
+}
+
+internal fun JSONObject.toSuspiciousAppDetectionConfig(): SuspiciousAppDetectionConfig {
+    val packageNames = optJSONArray("packageNames")
+        ?.let { processArray<String>(it).toMutableSet() }
+    val hashes = optJSONArray("hashes")
+        ?.let { processArray<String>(it).toMutableSet() }
+    val requestedPermissions = optJSONArray("requestedPermissions")
+        ?.let { processArray<Array<String>>(it).mapTo(mutableSetOf()) { it.toMutableSet() } }
+    val grantedPermissions = optJSONArray("grantedPermissions")
+        ?.let { processArray<Array<String>>(it).mapTo(mutableSetOf()) { it.toMutableSet() } }
+    val scanScope = getJSONObject("scanScope").toScanScope()
+    val reasonMode = ReasonMode.valueOf(getString("reasonMode"))
+    return SuspiciousAppDetectionConfig(
+        packageNames,
+        hashes,
+        requestedPermissions,
+        grantedPermissions,
+        scanScope,
+        reasonMode,
+    )
+}

android/src/main/kotlin/com/aheaditec/freerasp/Utils.kt

@@ -14,14 +14,6 @@ import org.json.JSONObject
 import java.io.ByteArrayOutputStream
 
 internal object Utils {
-    @Suppress("ArrayInDataClass")
-    data class MalwareConfig(
-        val blacklistedPackageNames: Array<String>,
-        val blacklistedHashes: Array<String>,
-        val suspiciousPermissions: Array<Array<String>>,
-        val whitelistedInstallationSources: Array<String>
-    )
-
     fun toTalsecConfigThrowing(configJson: String?): TalsecConfig {
         if (configJson == null) {
             throw JSONException("Configuration is null")
@@ -36,36 +28,20 @@ internal object Utils {
         val packageName = androidConfig.getString("packageName")
         val certificateHashes = androidConfig.extractArray<String>("signingCertHashes")
         val alternativeStores = androidConfig.extractArray<String>("supportedStores")
-        val malwareConfig = parseMalwareConfig(androidConfig)
 
-        return TalsecConfig.Builder(packageName, certificateHashes)
+        val builder = TalsecConfig.Builder(packageName, certificateHashes)
             .watcherMail(watcherMail)
             .supportedAlternativeStores(alternativeStores)
             .prod(isProd)
             .killOnBypass(killOnBypass)
-            .blacklistedPackageNames(malwareConfig.blacklistedPackageNames)
-            .blacklistedHashes(malwareConfig.blacklistedHashes)
-            .suspiciousPermissions(malwareConfig.suspiciousPermissions)
-            .whitelistedInstallationSources(malwareConfig.whitelistedInstallationSources)
-            .build()
-    }
 
-    private fun parseMalwareConfig(androidConfig: JSONObject): MalwareConfig {
-        if (!androidConfig.has("malwareConfig")) {
-            return MalwareConfig(emptyArray(), emptyArray(), emptyArray(), emptyArray())
+        androidConfig.optJSONObject("suspiciousAppDetectionConfig")?.let {
+            builder.suspiciousAppDetection(it.toSuspiciousAppDetectionConfig())
         }
 
-        val malwareConfig = androidConfig.getJSONObject("malwareConfig")
-
-        return MalwareConfig(
-            malwareConfig.extractArray("blacklistedPackageNames"),
-            malwareConfig.extractArray("blacklistedHashes"),
-            malwareConfig.extractArray<Array<String>>("suspiciousPermissions"),
-            malwareConfig.extractArray("whitelistedInstallationSources")
-        )
+        return builder.build()
     }
 
-
     /**
      * Retrieves the package name of the installer for a given app package.
      *
@@ -145,11 +121,11 @@ internal object Utils {
     }
 }
 
-private inline fun <reified T> JSONObject.extractArray(key: String): Array<T> {
+internal inline fun <reified T> JSONObject.extractArray(key: String): Array<T> {
     return this.optJSONArray(key)?.let { processArray(it) } ?: emptyArray()
 }
 
-private inline fun <reified T> processArray(jsonArray: JSONArray): Array<T> {
+internal inline fun <reified T> processArray(jsonArray: JSONArray): Array<T> {
     val list = mutableListOf<T>()
 
     for (i in 0 until jsonArray.length()) {
@@ -175,4 +151,4 @@ private inline fun <reified T> processArray(jsonArray: JSONArray): Array<T> {
     }
 
     return list.toTypedArray()
-}
+}

android/src/main/kotlin/com/aheaditec/freerasp/generated/TalsecPigeonApi.kt

@@ -62,20 +62,20 @@ data class PackageInfo (
 /** Generated class from Pigeon that represents data sent in messages. */
 data class SuspiciousAppInfo (
   val packageInfo: PackageInfo,
-  val reason: String
+  val reasons: List<String>
 )
  {
   companion object {
     fun fromList(pigeonVar_list: List<Any?>): SuspiciousAppInfo {
       val packageInfo = pigeonVar_list[0] as PackageInfo
-      val reason = pigeonVar_list[1] as String
-      return SuspiciousAppInfo(packageInfo, reason)
+      val reasons = pigeonVar_list[1] as List<String>
+      return SuspiciousAppInfo(packageInfo, reasons)
     }
   }
   fun toList(): List<Any?> {
     return listOf(
       packageInfo,
-      reason,
+      reasons,
     )
   }
 }

example/lib/main.dart

@@ -38,12 +38,16 @@ Future<void> _initializeTalsec() async {
       packageName: 'com.aheaditec.freeraspExample',
       signingCertHashes: ['AKoRuyLMM91E7lX/Zqp3u4jMmd0A7hH/Iqozu0TMVd0='],
       supportedStores: ['com.sec.android.app.samsungapps'],
-      malwareConfig: MalwareConfig(
-        blacklistedPackageNames: ['com.aheaditec.freeraspExample'],
-        suspiciousPermissions: [
+      suspiciousAppDetectionConfig: const SuspiciousAppDetectionConfig(
+        packageNames: ['com.aheaditec.freeraspExample'],
+        requestedPermissions: [
           ['android.permission.CAMERA'],
           ['android.permission.READ_SMS', 'android.permission.READ_CONTACTS'],
         ],
+        scanScope: ScanScope(
+          scanScope: ScopeType.sideloadedOnly,
+        ),
+        reasonMode: ReasonMode.highestConfidence,
       ),
     ),
     iosConfig: IOSConfig(

example/lib/widgets/malware_bottom_sheet.dart

@@ -75,7 +75,7 @@ class MalwareListTile extends StatelessWidget {
 
         return ListTile(
           title: Text(malware.packageInfo.packageName),
-          subtitle: Text('Reason: ${malware.reason}'),
+          subtitle: Text('Reasons: ${malware.reasons.join(', ')}'),
           leading: appIcon,
         );
       },

lib/src/generated/talsec_pigeon_api.g.dart

@@ -63,25 +63,25 @@ class PackageInfo {
 class SuspiciousAppInfo {
   SuspiciousAppInfo({
     required this.packageInfo,
-    required this.reason,
+    required this.reasons,
   });
 
   PackageInfo packageInfo;
 
-  String reason;
+  List<String> reasons;
 
   Object encode() {
     return <Object?>[
       packageInfo,
-      reason,
+      reasons,
     ];
   }
 
   static SuspiciousAppInfo decode(Object result) {
     result as List<Object?>;
     return SuspiciousAppInfo(
       packageInfo: result[0]! as PackageInfo,
-      reason: result[1]! as String,
+      reasons: (result[1] as List<Object?>?)!.cast<String>(),
     );
   }
 }

lib/src/models/android_config.dart

@@ -12,7 +12,7 @@ class AndroidConfig {
     required this.packageName,
     required this.signingCertHashes,
     this.supportedStores = const [],
-    this.malwareConfig,
+    this.suspiciousAppDetectionConfig,
   }) {
     ConfigVerifier.verifyAndroid(this);
   }
@@ -33,6 +33,6 @@ class AndroidConfig {
   /// List of supported sources where application can be installed from.
   final List<String> supportedStores;
 
-  /// Malware configuration for Android.
-  final MalwareConfig? malwareConfig;
+  /// Suspicious app detection configuration for Android.
+  final SuspiciousAppDetectionConfig? suspiciousAppDetectionConfig;
 }

lib/src/models/models.dart

@@ -1,4 +1,4 @@
 export 'android_config.dart';
 export 'ios_config.dart';
-export 'malware_config.dart';
+export 'suspicious_app_detection_config.dart';
 export 'talsec_config.dart';