getDeviceHygiene response for Android
The
getDeviceHygiene
call returns the device hygiene information that is shown in Output fields for on Android, with or without malware information depending on the malware enabled
flag. Attribute | Description |
|---|---|
os | Operating system of the device. |
osVersion | Version of the OS. |
rootdetected | Detects if the device is compromised (rooted or jailbroken). |
emulator | Detects if the app is running in an emulator. |
passcodedisabled | Detects if passcode protection is disabled on the device. |
storageEncryptionDisabled | Detects if storage encryption is disabled on the device. |
developerOptionEnabled | Detects if developer option is enabled on the device. |
debuggerAttached | Detects if a debugger is attached to device. |
untrustedCertificateDetected | Detects if untrusted certificates are present on the device. |
untrustedCertificateList | Displays the list of untrusted certificates, if detected. |
sslStripDetected | Detects an SSL strip attack on the device network. |
sslMITMDetected | Detects an SSL MITM attack on the device network. |
contentTamperDetected | Detects if content has been manipulated on the device network. |
usbDebugEnabled | Detects if USB debugging is enabled on the device. |
osTamper | Detects tampering of the device OS. |
deviceHygiene | Displays the device model, if it needs to be upgrades, and if any vulnerability are present (KRACK). Returns the following attributes:
|
apReputation | Indicates the reputation of the network access point. Returns the following attributes:
|
malwareDetected | Detects if apps that are known to be malware are present on the device. |
malwareList |
Indicates the details of malware, if detected. Returns the following attributes:
|
malwareScanTimestamp | Indicates the timestamp of the last malware scan. |
affected | Indicates if the device is affected by malware. |
unknownSourcesEnabled | Detects if the setting to allow apps from “Unknown Sources” is enabled on the device (through Android 7.0). |
arpSpoofingDetected | Detects an ARP spoofing attack on the device network (through API level 25). |
dnsSpoofDetected | Detects a DNS spoofing attack on the device network. The following value returned for DNS spoofing should be considered a false positive. "dnsSpoofDetected":"ConfigWrapper, stop show by cloud configuration: DNSSpoof"
Equivalent to "dnsSpoofDetected":"false"
|