How to test features?

[prajwal27]

After following the Readme file and implementing the code, I do not know if this is working or not.
The doc says something about Dev and Release version, but not much information.

I tried running the app in Debug mode, hoping that the onDebuggerDetected callback is called, but I don't see any output.

[talsec-app]

Debugging detection you've tried is disabled in debug mode to prevent false positives.

The easiest way to produce an incident (trigger local check and create a record in security report) is to install a release build on an emulator (i.e., Android Emulator, which comes with Android Studio). Both app and freeRASP must be in release mode. You can also use a rooted Android device/emulator, in which case you create an incident even in debug mode.

[prajwal27]

1. How to make sure that freeRasp is in release mode?
2. What's the usecase of onDebuggerDetected callback?

[talsec-app]

First question:
freeRASP copies mode of application:

• application in debug mode = freeRASP in dev mode
• application in release mode = freeRASP in release mode

You can override this behaviour - for example, to run release freeRASP in debug mode.

For Android (Android Studio):
In your Flutter app, navigate to External libraries -> Flutter plugins -> freerasp-1.0.0 -> android -> build.gradle
At the bottom of the file, you should see:

dependencies {
    
    ... some other imports ...
    
    // Talsec Release
    releaseImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:2.6.0-release'

    // Talsec Debug
    debugImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:2.6.0-dev'
}

You can edit this file (Android Studio might need confirmation, that you you are trying to override which does not belong to project) to import dev and/or release version as you need.
Keywords used to import libraries in gradle:

• implementation - import for any development stage (debug and release)
• debugImplementation - import for debug stage only
• releaseImplementation - import for release stage only

Be aware that you are overriding package from pubdev cache, so any other application using freerasp is depending on this cache and will be affected as well (if you compile it at the same time).

For iOS (xCode):
You can edit script so that different version is imported - by changing condition or just swapping directories.
Example (chaning condition):

cd "${SRCROOT}/.symlinks/plugins/freerasp/ios"
if [ "${CONFIGURATION}" = "Debug" ]; then
    rm -rf ./TalsecRuntime.xcframework
    ln -s ./Release/TalsecRuntime.xcframework/ TalsecRuntime.xcframework
else
    rm -rf ./TalsecRuntime.xcframework
    ln -s ./Debug/TalsecRuntime.xcframework/ TalsecRuntime.xcframework
fi

Example (swapping directories):

cd "${SRCROOT}/.symlinks/plugins/freerasp/ios"
if [ "${CONFIGURATION}" = "Release" ]; then
    rm -rf ./TalsecRuntime.xcframework
    ln -s ./Debug/TalsecRuntime.xcframework/ TalsecRuntime.xcframework
else
    rm -rf ./TalsecRuntime.xcframework
    ln -s ./Release/TalsecRuntime.xcframework/ TalsecRuntime.xcframework
fi

Second question:
onDebuggerDetected is called when debugger is detected e.g. debugger is attached to process of application. Attached debugger by someone other than developer cloud mean possible attack.