IMPORTANT. READ THE FOLLOWING CAREFULLY. BY ACCEPTING THIS AGREEMENT, THE 10 | PERSON, COMPANY OR OTHER ENTITY ON WHOSE BEHALF YOU ARE ACTING IS CONSENTING 11 | TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT.
12 | 13 |THE FOLLOWING SOFTWARE LICENSE AGREEMENT (THIS “AGREEMENT”) CONSTITUTES A 14 | LEGAL AGREEMENT BETWEEN THE ENTITY OR COMPANY YOU REPRESENT (“LICENSEE”) AND 15 | IOVATION, INC. (“IOVATION”). BY ACCEPTING THIS AGREEMENT, YOU UNCONDITIONALLY 16 | AGREE, ON BEHALF OF LICENSEE, TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS 17 | AGREEMENT. THE INDIVIDUAL ACCEPTING THIS LICENSE REPRESENTS THAT SUCH 18 | INDIVIDUAL IS AUTHORIZED TO ACCEPT THE TERMS AND CONDITIONS OF THIS AGREEMENT 19 | ON BEHALF OF THE LICENSEE. IF THE LICENSEE DOES NOT UNCONDITIONALLY AGREE TO 20 | ALL OF THE TERMS OF THIS AGREEMENT, THEN LICENSEE IS NOT AUTHORIZED TO USE 21 | THE SOFTWARE.
22 | 23 |THIS SOFTWARE LICENSE AGREEMENT IS OFFERED ONLY TO COMPANIES OR OTHER 24 | ENTITIES THAT ARE PARTIES TO A SERVICE AGREEMENT WITH IOVATION (AN “IOVATION 25 | CUSTOMER”). IF YOU ARE NOT AN IOVATION CUSTOMER, YOU ARE NOT AUTHORIZED TO 26 | ENTER INTO THIS LICENSE AGREEMENT OR TO USE THE SOFTWARE.
27 | 28 |License. Subject to the terms and conditions of this Agreement, 30 | iovation hereby grants Licensee a nonexclusive, non-transferable, 31 | non-sublicensable, time-limited, restricted, revocable, internal license to 32 | use the downloaded software (the “Software”) solely in support of and 33 | together with the iovation ReputationManager™ service provided by iovation 34 | (the “Service”). Licensee is authorized to use the Software only during the 35 | term of Licensee’s Service Agreement with iovation and only in support of 36 | the Service.
iovation’s Rights. iovation has and will retain all ownership rights 38 | (including without limitation any copyright, patent, trade secret, 39 | trademark or other proprietary and/or intellectual property rights) in and 40 | to the Software. iovation reserves all rights not expressly granted to 41 | Client. iovation reserves the right to make changes in the Software. 42 | iovation reserves the right to amend this Agreement by notice to Licensee.
Restrictions. Licensee shall not copy, modify, reverse engineer, 44 | decompile or disassemble the Software or any part of it. Any use of the 45 | Software other than as specifically authorized herein without the prior 46 | written permission of iovation is strictly prohibited and will terminate 47 | the license granted herein. Such unauthorized use may also violate 48 | applicable laws, including without limitation copyright and other 49 | intellectual property laws.
DISCLAIMER OF WARRANTY. THE SOFTWARE IS PROVIDED “AS IS.” IOVATION DOES 51 | NOT WARRANT THAT THE SOFTWARE WILL BE ERROR-FREE, THAT IT WILL OPERATE WITH 52 | LICENSEE’S SYSTEM, OR THAT IT WILL PRODUCE ANY PARTICULAR RESULTS. IOVATION 53 | MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY 54 | IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR 55 | PURPOSE. LICENSEE’S EXCLUSIVE REMEDY FOR ANY DEFECT IN THE SOFTWARE SHALL 56 | BE TERMINATION OF THIS AGREEMENT. THIS REMEDY CONSTITUTES THE SOLE REMEDY 57 | AGAINST IOVATION FOR ANY CLAIMS CONCERNING THE SOFTWARE OR THIS AGREEMENT.
LIMITATION OF LIABILITY. IN NO EVENT WILL IOVATION BE LIABLE FOR ANY 59 | LOSSES OR DAMAGES INCURRED BY LICENSEE OR ANY OTHER PERSON, WHETHER DIRECT, 60 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL, INCLUDING LOST 61 | OR ANTICIPATED PROFITS, SAVINGS, INTERRUPTION TO BUSINESS, LOSS OF BUSINESS 62 | OPPORTUNITIES, LOSS OF BUSINESS INFORMATION, THE COST OF RECOVERING SUCH 63 | LOST INFORMATION, THE COST OF SUBSTITUTE INTELLECTUAL PROPERTY OR ANY OTHER 64 | PECUNIARY LOSS ARISING FROM THE USE OF, OR THE INABILITY TO USE, THE 65 | SOFTWARE REGARDLESS OF WHETHER IOVATION HAS BEEN ADVISED OF THE POSSIBILITY 66 | OF SUCH DAMAGES. IOVATION’S AGGREGATE LIABILITY IN RESPECT OF ANY AND ALL 67 | CLAIMS WILL BE LIMITED TO ONE HUNDRED DOLLARS ($100.00). THE FOREGOING 68 | LIMITATIONS APPLY REGARDLESS OF THE CAUSE OR CIRCUMSTANCES GIVING RISE TO 69 | SUCH LOSS, DAMAGE OR LIABILITY.
Term and Termination. This Agreement shall commence on the date 71 | Licensee accepts these terms and shall continue until terminated. This 72 | Agreement shall terminate automatically upon termination of iovation’s 73 | contract to provide the Service to Licensee. iovation may terminate this 74 | Agreement immediately on notice to Licensee in the event Licensee breaches 75 | any of the terms hereof.
Confidentiality. Licensee agrees that the Software constitutes 77 | Confidential Information of iovation. Licensee will not disclose or 78 | otherwise disseminate the Software or any information concerning the 79 | Software to any third party. Licensee will use the Software only internally 80 | and in accordance with this Agreement.
General Terms.
This Agreement constitutes the entire agreement between the parties 83 | with respect to the subject matter hereof and replaces all prior 84 | communications. This Agreement may not be modified or waived except in 85 | a writing signed by iovation.
Headings used herein are for convenience only and shall not be 87 | construed a part of, or affect the construction or interpretation of, 88 | any provision of this Agreement.
Each party is an independent contractor. Nothing stated in this 90 | Agreement shall be construed as constituting a partnership agreement or 91 | as creating relationships of employer and employee, master and servant, 92 | or principal and agent between the parties.
This Agreement may not be assigned or sublicensed by Licensee without 94 | obtaining iovation’s prior written consent.
If any provision of this Agreement is held invalid or unenforceable, 96 | the remainder of this Agreement shall nevertheless remain in full force 97 | and effect.
All notices pursuant to this Agreement shall be in writing and shall be 99 | sent via e-mail to iovation atlegal@iovation.com or to Client at the 100 | email address entered at the time the Software is downloaded. Notices 101 | shall be deemed effective upon receipt, or if delivery is not effected 102 | by reason of some fault of the addressee, when tendered.
If arbitration or litigation is commenced by either party to enforce or 104 | interpret any of the provisions of this Agreement, the prevailing party 105 | shall be entitled to recover reasonable costs and attorneys’ fees at 106 | the arbitration, at trial, on appeal, and on any petition for review.
Licensee acknowledges that breach of this Agreement would cause 108 | irreparable harm to iovation. Licensee therefore agrees to the entry of 109 | temporary, preliminary and permanent injunctions by any court of 110 | competent jurisdiction to prevent breach, or to compel performance, of 111 | this Agreement. This remedy is in addition to any other remedy 112 | available to iovation for breach of this Agreement.
This Agreement shall be deemed to have been executed in, and shall be 114 | exclusively governed by and interpreted in accordance with the laws of 115 | the State of Oregon, U.S.A., including federal law, but excluding 116 | choice of law rules. Licensee consents to the jurisdiction of the state 117 | and federal courts of Oregon in connection with any claim arising out 118 | of or related to this Agreement.
FraudForce is now Device Risk. Our device-based products, such as Device Risk and Device-Based Authentication (formerly ClearKey), are critical components of our fraud and identity solutions; the new names make it easy to quickly understand our extensive capabilities. We have united these solutions under the TransUnion TruValidate brand. We have taken care not to update anything that might affect your implementations; as a result you'll still see legacy names in some places.
11 |Follow these steps to implement the TruValidate Device Risk SDK for Android.
13 |TransUnion identifies devices through information collected by the Device Risk SDK run on an end-user’s mobile device. The Device Risk SDK inspects the device to generate a blackbox that contains all device information available. This blackbox must then be transmitted to your servers to be used in a risk check.
15 |The Device Risk SDK integrates with native and hybrid apps. Hybrid apps mix native code with content that runs inside a web view.
16 || 21 | | 22 | |
|---|---|
| SDK Filename | 27 |fraudforce-lib-release-5.3.0.aar | 28 |
| Version | 31 |5.3.0 | 32 |
| Package | 35 |com.iovation.mobile.android.FraudForce | 36 |
| Android SDK Dependencies | 39 |Android SDK 7.0 or higher (SDK level 24) | 40 |
| Library Dependencies | 43 |None | 44 |
| Required Permissions | 47 |None | 48 |
| Optional Permissions | 51 |BLUETOOTH (up to Android 11), BLUETOOTH_CONNECT (starting on Android 12), CAMERA, ACCESS_WIFI_STATE, | 52 |
| 55 | | READ_PHONE_STATE, ACCESS_FINE_LOCATION, ACCESS_BACKGROUND_LOCATION, | 56 |
| 59 | | GET_ACCOUNTS, ACCESS_NETWORK_STATE, DETECT_SCREEN_RECORDING | 60 |
| Supported NDK Architectures | 63 |x86, x86_64, arm64-v8a, armeabi-v7a | 64 |
68 |73 |NOTE Android 12 introduced the BLUETOOTH_CONNECT permission, protected at the dangerous level. Refer to the official Android documentation on how to include it.
69 |NOTE Regarding Android 11 background location changes: The Device Risk SDK neither requires nor requests location when the application is in a background state.
70 |NOTE If the permissions listed are not required by the application, the values collected using those permissions will be ignored. The permissions are not required to obtain a usable blackbox, but they do help obtain some unique device information.
71 |NOTE Android 10 introduced the ACCESS_BACKGROUND_LOCATION permission, protected at the dangerous level as is the case for ACCESS_FINE_LOCATION. Refer to the official Android documentation for when to incorporate this permission.
72 |
Version 5.3.0 of the TruValidate Device Risk SDK for Android supports Android 5.0 or higher.
74 |Download iovation-android-sdk-5.3.0.zip from here: iovation Mobile SDK for Android.
77 |Unzip iovation-android-sdk-5.3.0.zip.
79 |Depending on your IDE, do one of the following:
81 |In Maven, deploy the AAR file to your local Maven repository, using maven-deploy. For more information, see Guide to installing 3rd party JARs.
83 |If you are using Gradle, add the fraudforce-lib-release-5.3.0.aar file to your application module's libs directory. Then, edit the build.gradle file in order to add the libs directory as a flat-file repository to the buildscript and repository sections. This makes the fraudforce-lib-release-5.3.0.aar file accessible to Gradle.
buildscript {
86 | repositories {
87 | flatDir {
88 | dirs 'libs'
89 | }
90 | }
91 | }
92 |
93 | repositories {
94 | flatDir {
95 | dirs 'libs'
96 | }
97 | }
98 | Also in the application module's build.gradle file, make sure that fraudforce-lib-release-5.3.0 is included as a dependency:
dependencies {
100 | ...
101 | implementation(name:'fraudforce-lib-release-5.3.0', ext:'aar')
102 | }
103 | Alternatively, you can include the dependency without exposing your libs folder as a repository by declaring it in the module's build.gradle file as follows:
dependencies {
105 | ...
106 | implementation files('libs/fraudforce-lib-release-5.3.0.aar')
107 | }
108 | Save the build.gradle file.
If you are not already using Java 11 in your project, please include the following code into your application's 'build.gradle' file.
113 | android {
114 | compileOptions {
115 | sourceCompatibility JavaVersion.VERSION_11
116 | targetCompatibility JavaVersion.VERSION_11
117 | }
118 | }
119 | 123 |131 |NOTE If you are using an older version of the Android Gradle Plugin and encounter UnsatisfiedLinkErrors in the course of your testing, you may need to add the following to your ProGuard configuration:
124 |``` 125 | -keep public class com.iovation.mobile.android.details.RP { 126 | public native java.lang.String a(); 127 | public native java.lang.String b(); 128 | } 129 | ``` 130 |
To integrate into native apps:
132 |In your Application class, import the FraudForceManager and FraudForceConfiguration objects.
Java
135 | import com.iovation.mobile.android.FraudForceConfiguration;
136 | import com.iovation.mobile.android.FraudForceManager;
137 | Kotlin
138 | import com.iovation.mobile.android.FraudForceConfiguration
139 | import com.iovation.mobile.android.FraudForceManager
140 | Create a configuration object with your subscriber key, and enable or disable network calls to TransUnion servers. Entering the subscriber key is strongly recommended for all integrations, and it is required for network connections.
144 |145 |148 |NOTE Please review the Network Calls section of this document before enabling network calls.
146 |IMPORTANT Please contact your TransUnion customer success team representative to receive your subscriber key.
147 |
Java
149 | FraudForceConfiguration configuration = new FraudForceConfiguration.Builder()
150 | .subscriberKey([YOUR-SUBSCRIBER-KEY-HERE])
151 | .enableNetworkCalls(true) // Defaults to false if left out of configuration
152 | .build();
153 | Kotlin
154 | val configuration = FraudForceConfiguration.Builder()
155 | .subscriberKey([YOUR-SUBSCRIBER-KEY-HERE])
156 | .enableNetworkCalls(true)
157 | .build()
158 | Initialize the FraudForceManager class using the generated FraudForceConfiguration object, and the application context.
160 |Java
161 | FraudForceManager fraudForceManager = FraudForceManager.INSTANCE;
162 | fraudForceManager.initialize(configuration, context);
163 | Kotlin
164 | FraudForceManager.initialize(configuration, applicationContext)
165 | Call the refresh() method in the same Activity/Fragment/ViewModel where getBlackbox() will be called. The integrating application only needs to call this method on the Fragments where the getBlackbox() method will be called.
168 |171 |NOTE: This method calls updates the geolocation and network information, if enabled.
169 |NOTE: As with initialization, pass the application context when refreshing.
170 |
Java
172 | FraudForceManager.INSTANCE.refresh(context);
173 | Kotlin
174 | FraudForceManager.refresh(applicationContext)
175 | To generate the blackbox, call the getBlackbox(Context context) function on an instance of FraudForceManager. This method is a blocking call so it is recommended to call it on a background thread/coroutine.
177 |Java
178 | String blackbox = FraudForceManager.INSTANCE.getBlackbox(context);
179 | Kotlin
180 | val blackbox : String = FraudForceManager.getBlackbox(applicationContext)
181 | To generate the blackbox using a coroutine, declare the desired scope and call the getBlackbox(Context context) function on an instance of FraudForceManager. You can use the withContext(context: CoroutineContext) suspend function to utilize the blackbox data in another scope.
183 |Kotlin Coroutines Example
184 | private val uiScope = CoroutineScope(Dispatchers.IO)
185 |
186 | uiScope.launch {
187 | ...
188 | val blackbox : String = FraudForceManager.getBlackbox(applicationContext)
189 | withContext(Dispatchers.Main) {
190 | ...
191 | useBlackbox(blackbox)
192 | }
193 | }
194 | Integrate into hybrid apps by implementing the following workflow for collecting and sending blackboxes:
199 |An HTML page loads in a WebView.
201 |The user submits a transaction on the HTML page by submitting a form or completing another action.
203 |This calls the inject_bb function, which creates a hidden iframe that calls the iov:// URL. The iframe then deletes itself.
The shouldOverrideUrlLoading function inside of the WebView object in Java is called. This function detects the iov://blackbox/fill#dom_id URL.The dom_id is the ID of the object on the HTML page where the blackbox will be written, such as a hidden form field.
The shouldOverrideUrlLoading function runs JavaScript that automatically injects the blackbox into that object.
In your Application class, import the FraudForceManager and FraudForceConfiguration objects.
import com.iovation.mobile.android.FraudForceConfiguration;
215 | import com.iovation.mobile.android.FraudForceManager;
216 | Create a configuration object with your subscriber key, and enable or disable network calls to TransUnion servers. Entering the subscriber key is strongly recommended for all integrations, and it is required for network connections.
218 |219 |221 |NOTE Please review the Network Calls section of this document before enabling network calls.
220 |
FraudForceConfiguration configuration = new FraudForceConfiguration.Builder()
222 | .subscriberKey([YOUR-SUBSCRIBER-KEY-HERE])
223 | .enableNetworkCalls(true) // Defaults to false if left out of configuration
224 | .build();
225 | Initialize the FraudForceManager class using the generated FraudForceConfiguration object, and the application context.
227 | FraudForceManager fraudForceManager = FraudForceManager.INSTANCE;
228 | fraudForceManager.initialize(configuration, context);
229 | In your WebView Activity's onCreate() function, set your WebView's shouldOverrideUrlLoading() function, as well as the onPageStarted() function.
wv.setWebViewClient(new WebViewClient() {
232 | @Override
233 | public void onPageStarted(WebView view, String url, Bitmap favicon) {
234 | FraudForceManager.INSTANCE.refresh(getContext());
235 | super.onPageStarted(view, url, favicon);
236 | }
237 |
238 | @Override
239 | public boolean shouldOverrideUrlLoading(WebView view, String url) {
240 | String[] ref = url.split("#");
241 | if (url.startsWith("iov://") && ref.length > 1 && ref[1] != null) {
242 | String injectedJavascript="javascript:(function() { " +
243 | "document.getElementById('" + ref[1] + "').value = '"
244 | + FraudForceManager.INSTANCE.getBlackbox(wv.getContext())
245 | + "';})()";
246 | wv.loadUrl(injectedJavascript);
247 | return true;
248 | }
249 | return false;
250 | }
251 | });
252 | On your HTML page, include a javascript function called inject_bb that injects an iframe with a call to the iov:// URL.
function inject_bb(id) {
255 | var iframe = document.createElement('IFRAME');
256 | iframe.setAttribute('src', 'iov://blackbox/fill#' + id);
257 | iframe.name="ioOut";
258 | document.documentElement.appendChild(iframe);
259 | iframe.parentNode.removeChild(iframe);
260 | iframe = null;
261 | }
262 | You must inject the blackbox into a DOM object for collection. To do this, call the inject_bb function with the ID of the DOM object, which will automatically call the shouldOverrideUrlLoading() function. For example, set ID to a hidden form field where the blackbox will be stored. When the form containing the field is submitted, the blackbox is returned to your server back-end, and can then be sent to TransUnion to evaluate along with the transaction.
The SDK includes the ability to make a network call to TransUnion TruValidate's service. This enables additional functionality in the Device Risk SDK, including:
268 |Collect information on potential high-risk applications on the device
272 |By default this functionality is disabled and will need to be enabled in the configuration object. Usage of this feature requires a subscriber key be provided. Please contact your TransUnion client representative to acquire a subscriber key.
273 |1 In Android Studio, select File | Open or click Open Existing Android Studio Project from the quick-start screen.
277 |From the directory where you unzipped fraudforce-lib-release-5.3.0.zip or cloned the repo, open the android-studio-sample-app directory.
279 |In the project navigation view, open app/src/main/java/com/iovation/mobile/android/sample/MainActivity.java to run the Java sample app. To run the Kotlin sample app, open kotlinApp/src/main/java/com/iovation/mobile/android/sample/MainActivity.kt.
Right-click the file editing view and select Run Main Activity.
283 |IMPORTANT! If the option to run the module does not appear, select FILE -> PROJECT STRUCTURE and open the Modules panel. From there, set the Module SDK drop-down to your target Android SDK version.
285 |Alternatively, you can right-click on the build.gradle file, and select Run 'build'.
286 |Select either an attached physical device, or an Android virtual device to run the app on. The app should now compile and launch.
290 |When the app compiles successfully, you will see a view with a button that allows you to display a blackbox.
292 |Several obfuscation-related updates/fixes, including preservation of base package.
353 |Update target SDK to 29
355 |Updated compileSdkVersion to 29.
360 |Behavioral changes for apps targeting API 29.
362 |Enhanced support for Android 9.0 Pie.
371 |Further improvements to location data collection process.
373 |Resolved Google Play alerts regarding encryption methods.
375 |Support for Android 9.0 Pie.
380 |Fix for issue related to the Turkish character set.
382 |Improved location data collection process.
384 |Improved blackbox data collection performance.
389 |More efficient network calls to iovation.
391 |New API objects, FraudForceConfiguration and FraudForceManager. Prior API objects have been removed.
Compatibility with Android 8.0.
398 |Introduced network calls back to iovation service for additional functionality.
400 |Dropped support for Android API level 8 through API level 15.
402 |Improved permission checking.
415 |Fixes crash with invalid locale.
417 |Fixes error with Bluetooth permission.
419 |More robust error handling.
421 |Compatibility with Android 6.0 permission system.
426 |Enhanced recognition with additional details added in Android 6.0.
428 |Enhanced geolocation services with mock location detection capabilities.
430 |Enhanced carrier detection and home carrier detection.
432 |New API method, getBlackbox, handles low-priority asynchronous collection of device data. The ioBegin method remains for backwards compatibility.
Expanded the android-studio-sample-app with a WebView integration example.
451 |Added WebView integration instructions.
453 |