getDeviceHygiene response for Android

The
getDeviceHygiene
call returns the device hygiene information that is shown in Output fields for on Android, with or without malware information depending on the
malware enabled
flag.
Output fields for
getDeviceHygiene
on Android
Attribute
Description
os
Operating system of the device.
osVersion
Version of the OS.
rootdetected
Detects if the device is compromised (rooted or jailbroken).
emulator
Detects if the app is running in an emulator.
passcodedisabled
Detects if passcode protection is disabled on the device.
storageEncryptionDisabled
Detects if storage encryption is disabled on the device.
developerOptionEnabled
Detects if developer option is enabled on the device.
debuggerAttached
Detects if a debugger is attached to device.
untrustedCertificateDetected
Detects if untrusted certificates are present on the device.
untrustedCertificateList
Displays the list of untrusted certificates, if detected.
sslStripDetected
Detects an SSL strip attack on the device network.
sslMITMDetected
Detects an SSL MITM attack on the device network.
contentTamperDetected
Detects if content has been manipulated on the device network.
usbDebugEnabled
Detects if USB debugging is enabled on the device.
osTamper
Detects tampering of the device OS.
deviceHygiene
Displays the device model, if it needs to be upgrades, and if any vulnerability are present (KRACK). Returns the following attributes:
  • needUpgrade
  • deviceModel
  • vulnerabilities
apReputation
Indicates the reputation of the network access point. Returns the following attributes:
  • apReputationRating
  • apEncyrptionLevel
malwareDetected
Detects if apps that are known to be malware are present on the device.
malwareList
Indicates the details of malware, if detected. Returns the following attributes:
  • package
  • reputationRating
  • type
  • name
  • vid
malwareScanTimestamp
Indicates the timestamp of the last malware scan.
affected
Indicates if the device is affected by malware.
unknownSourcesEnabled
Detects if the setting to allow apps from “Unknown Sources” is enabled on the device (through Android 7.0).
arpSpoofingDetected
Detects an ARP spoofing attack on the device network (through API level 25).
dnsSpoofDetected
Detects a DNS spoofing attack on the device network.
The following value returned for DNS spoofing should be considered a false positive.
"dnsSpoofDetected":"ConfigWrapper, stop show by cloud configuration: DNSSpoof" Equivalent to "dnsSpoofDetected":"false"