Menu

Android

Alice - Threat Reporting and Telemetry

Using Alice with DexProtector

Once your app has been released, DexProtector continues to monitor its security as it is being used anywhere in the world, with all data about risks, threats, and attacks being sent automatically to your account in Licel’s Attack Telemetry and Threat Intelligence Service (Alice).

DexProtector Alice integration and functionalities

Alice offers an easy-to-use dashboard where you can keep track of key incidents as they occur, including any cases of HTTP public key pinning anomalies, tampering, and crashes. You can view these incidents according to when and where they took place, and you can tailor the output data to suit your reporting needs.

Alice dashboard
Alice dashboard

DexProtector and Alice can also work in combination with your own risk analysis system, so that you have the security monitoring information you need in the form that works best for your organization.

The result is that you have an easy-to-use overview of every incident, from the moment it happens; a flexible search tool which sorts by attack type and content; and notifications every time DexProtector’s defences are triggered.


Getting started with Alice

1. Get login credentials for Alice

If you are already have an active DexProtector Enterprise license, simply fill out this form with a request for sign-in details to Alice, or contact us at primary@licelus.com.

2. Copy the API key for Alice integration

Log in to alice.licelus.com with the username and password you have received. On the Alice start page, you will find a unique automatically generated key that you can use to integrate Alice when configuring DexProtector.

3. Enter the API key in the DexProtector configuration file

Use DexProtector Studio or edit the configuration file directly by adding the <reportMonitoring> element and <apiKey> nested element, as follows:

'
    <reportMonitoring>
        <apiKey>137feb09-f390-4f00-b43f-ebccf530adf6lt</apiKey>
    </reportMonitoring>
You can also enable Alice via DexProtector Studio by specifying your API key and, if desired, your custom method
You can also enable Alice via DexProtector Studio by specifying your API key and, if desired, your custom method

4. Protect the application and get the first reports

Protect your application using the modified configuration file. Your Alice API key will be integrated into the application during DexProtection. Then, when the application detects a threat, a report will be signed in to Alice using this key. If your key is compromised for any reason, you can generate a new key in Alice and block the old one. You will be able to generate an incident yourself or wait for real incidents. While there are no incidents, Alice displays only the start page and a demo project. As soon as new incidents occur, your application will report to Alice automatically.

Reporting custom data to Alice

It is also possible to report custom data to Alice by implementing a method or number of methods in your code, and then specifying those methods within your <reportMonitoring> configuration using the <customFieldsUpdate> nested element, as follows:

'
   <dexprotector>
    ....
    <reportMonitoring>
        <apiKey>137feb09-f390-4f00-b43f-ebccf530adf6</apiKey>
        <customFieldsUpdate><![CDATA[com.dexprotector.detector.envchecks.AliceCustomizer.updateCustomFields]]></customFieldsUpdate>
        <trace>1000</trace>
    </reportMonitoring>
    ....
</dexprotector>

The method specified must have the following structure:

public class AliceCustomizer {
    public static void updateCustomFields(HashMap values) {
        values.put("Login", "MyVeryNewLogin");
        values.put("Description", "Hello, Bonny");
    }

}

And the value within the configuration file must match the full method name, as in the example below:

<customFieldsUpdate><![CDATA[com.dexprotector.detector.envchecks.AliceCustomizer.updateCustomFields]]></customFieldsUpdate>