Documentation Index

Fetch the complete documentation index at: https://docs.darwinium.com/llms.txt

Use this file to discover all available pages before exploring further.

Mobile SDK Permissions AndroidManifest.xml

Prev Next

Some profiling attributes require special permissions in your AndroidManifest.xml. Profiling will continue to operate without them, albeit with values missing.
The following are optional permissions that can be enabled:

<uses-permission android:name="android.permission.READ_PHONE_NUMBERS" />

Provides details around the profiled device's telephone number, namely:
profiling.android.sim_info[AndroidSimContext].line_number

<uses-permission android:name="android.permission.READ_PHONE_STATE" />

Provides enhanced details around the device's SIM card. These are particularly useful for identifying attacks such as sim swapping and users on multiple networks. Provides the following attributes:
profiling.android.sim_info[AndroidSimContext].state
profiling.android.sim_info[AndroidSimContext].meid
profiling.android.sim_info[AndroidSimContext].country
profiling.android.sim_info[AndroidSimContext].imei.identifier
profiling.android.sim_info[AndroidSimContext].is_primary
profiling.android.sim_info[AndroidSimContext].msisdn
profiling.android.sim_info[AndroidSimContext].sim_operator
profiling.android.sim_info[AndroidSimContext].multi_sim_configuration
profiling.android.sim_info[AndroidSimContext].mms_user_agent
profiling.android.sim_info[AndroidSimContext].network_operator
profiling.android.sim_info[AndroidSimContext].network_operator_name
profiling.android.sim_info[AndroidSimContext].network_type
profiling.android.sim_info[AndroidSimContext].sim_serial_number
profiling.android.sim_info[AndroidSimContext].sim_country
profiling.android.sim_info[AndroidSimContext].sim_carrier_id
profiling.android.sim_info[AndroidSimContext].sim_carrier_name
profiling.android.sim_info[AndroidSimContext].subscriber_id
profiling.android.sim_info[AndroidSimContext].voice_mail_number
profiling.android.sim_info[AndroidSimContext].voice_message_count
profiling.android.sim_info[AndroidSimContext].sim_operator_name
profiling.android.sim_info[AndroidSimContext].call_state
profiling.android.sim_info[AndroidSimContext].voice_network_type
profiling.android.sim_info[AndroidSimContext].is_idle
profiling.android.sim_info[AndroidSimContext].is_offhook

Using the above intelligence, Darwinium also provides calculated insight attributes:
profiling.android.sim_info[AndroidSimContext].imei.score.trust
profiling.android.sim_info[AndroidSimContext].imei.score.age
profiling.android.sim_info[AndroidSimContext].imei.score.bot
profiling.android.sim_info[AndroidSimContext].imei.score.scam
profiling.android.sim_info[AndroidSimContext].imei.score.mule
profiling.android.sim_info[AndroidSimContext].imei.score.linkage_node_strength
profiling.android.sim_info[AndroidSimContext].imei.score.linkage_page_rank
profiling.android.sim_info[AndroidSimContext].imei.score.linkage_h_index
profiling.android.sim_info[AndroidSimContext].imei.score.linkage_lobby_index
profiling.android.sim_info[AndroidSimContext].imei.score.linkage_node_strength_quantile
profiling.android.sim_info[AndroidSimContext].imei.score.linkage_page_rank_quantile
profiling.android.sim_info[AndroidSimContext].imei.score.linkage_h_index_quantile
profiling.android.sim_info[AndroidSimContext].imei.score.linkage_lobby_index_quantile
profiling.android.sim_info[AndroidSimContext].imei.signals

<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" /> , <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />

These provide insight around Android device Geolocation - this is in addition to geo insights provided from sources such as IP addresses.
Note that in order to receive these insights your app must also implement the following dependency:
com.google.android.gms:play-services-location:xx.x.x

These attributes are useful in determining geo anomalies, such as the device location differing from the IP address location, or spoofed locations. Captured attributes include:
profiling.android.location.is_mock
profiling.android.location.is_mock_provider
profiling.android.location.mock_provider
profiling.android.location.latitude
profiling.android.location.longitude
profiling.android.location.altitude
profiling.android.location.coordinate
profiling.android.location.accuracy
profiling.android.location.provider
profiling.android.location.time
profiling.android.location.speed
profiling.android.location.speed_accuracy
profiling.android.location.vertical_accuracy
profiling.android.location.bearing
profiling.android.location.bearing_accuracy

The following attributes are also calculated on Darwinium's backend when these permissions are enabled:
profiling.android.location.geoname_id
profiling.android.location.country
profiling.android.location.nearest_country
profiling.android.location.nearest_country_distance
profiling.android.location.state
profiling.android.location.nearest_state
profiling.android.location.nearest_state_distance
profiling.android.location.locality
profiling.android.location.nearest_locality
profiling.android.location.nearest_locality_distance

<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />

This permission enables enhanced insights around Wifi. These are particularly useful when trying to determine if a user has a variety of devices that are potentially part of a device farm connected to a single problematic access point.

Attributes provided include:
profiling.android.wifi.state
profiling.android.wifi.bssid
profiling.android.wifi.network_id
profiling.android.wifi.mac_address
profiling.android.wifi.ssid
profiling.android.wifi.frequency
profiling.android.wifi.rssi
profiling.android.wifi.ap_state
profiling.android.wifi.enabled
profiling.android.wifi.score
profiling.android.wifi.security_type
profiling.android.wifi.dhcp_info.server_address
profiling.android.wifi.dhcp_info.netmask
profiling.android.wifi.dhcp_info.ip_address
profiling.android.wifi.dhcp_info.gateway
profiling.android.wifi.dhcp_info.primary_dns
profiling.android.wifi.dhcp_info.secondary_dns
profiling.android.wifi.dhcp_info.lease_duration

<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

Attributes provided by this permission are particularly useful when determining if a device is being emulated. Profiled attributes include:
profiling.android.connection.owner_uid
profiling.android.connection.signal_strength
profiling.android.connection.capabilities"

<uses-permission android:name="com.google.android.gms.permission.AD_ID"/>

This permission enables Darwinium to access the Device's advertising ID. This is typically used for ad retargeting and the permission is requested by a popup notification (which your organization may or may not already be using). Its usage also requires the following implementation dependency:
implementation 'com.google.android.gms:play-services-ads-lite:20.3.0'

This permission provides:
profiling.android.advertising_id - this is a particularly sticky identifier that may be useful across multiple networks, in addition to Darwinium's existing device ID and signatures

<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" tools:ignore="QueryAllPackagesPermission" />

This permission allows the app to query the complete list of installed packages on the device. This can be a sensitive permission, but Google has exception when applied for anti-virus and/or financial institution security purposes. See here.

profiling.android.scanned_packages
profiling.android.system.app_store
profiling.android.input_method.*
profiling.android.all_languages
profiling.android.app_package_source
profiling.android.app_package_installer
profiling.android.package_number
profiling.android.nonsystem_package_number
profiling.android.is_jailbroken  ^
profiling.android.system.root_detection_signals  ^
  • Improved Root Detection: ^ Perform package scan for known root management and cloaking apps; additional signals in profiling.android.system.root_detection_signals:
    • root_busy
    • root_rma
    • root_cloak

Note: If QUERY_ALL_PACKAGES permission is not given , there are other rooted signals which can trigger and contribute to deciding is_jailbroken.

But requesting provides more complete protection, particularly against root cloaking which may evade several of those signals.

See: Root Detection

  • Sideloaded App Detection: Detecting applications installed outside of official routes may indicate compromised security or fraudulent activity. Also can check for the system application store(s) and input methods.
  • Virtual OS suspicion: Counting number of other packages, including system packages can increase likelihood of being a VirtualOS, where environments have fewer installed packages. Will default to 1 if permission not granted (representing the current app).