capacitor-freerasp 2.2.2 → 2.4.0

package/CHANGELOG.md

@@ -5,6 +5,111 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.4.0] - 2026-02-13
+
+- Android SDK version: 18.0.2
+- iOS SDK version: 6.13.0
+
+### Capacitor
+
+#### Added
+
+- Added cache for freeRASP callbacks when listener is not registered with the app
+- Added API for `automation` callback into `ThreatEventActions` (Android only)
+
+#### Fixed
+
+- Prevent multiple registration of the freeRASP listeners on the native side
+
+#### Changed
+
+- Updated compile and target SDK versions to 36 on Android
+
+### Android
+
+#### Added
+
+- Added support for `KernelSU` to the existing root detection capabilities
+- Added support for `HMA` to the existing root detection capabilities
+- Added new malware detection capabilities
+- Added `onAutomationDetected()` callback to `ThreatDetected` interface
+  - We are introducing a new capability, detecting whether the device is being automated using tools like Appium
+- Added value restrictions to `externalId`
+  - Method `storeExternalId()` now returns `ExternalIdResult`, which indicates `Success` or `Error` when `externalId` violates restrictions
+
+#### Fixed
+
+- Fixed exception handling for the KeyStore `getEntry` operation
+- Fixed issue in `ScreenProtector` concerning the `onScreenRecordingDetected` invocations
+- Merged internal shared libraries into a single one, reducing the final APK size
+- Fixed bug related to key storing in keystore type detection (hw-backed keystore check)
+- Fixed manifest queries merge
+
+#### Changed
+
+- Removed unused library `tmlib`
+- Refactoring of signature verification code
+- Updated compile and target API to 36
+- Improved root detection capabilities
+- Detection of wireless ADB added to ADB detections
+
+## [2.3.0] - 2025-12-15
+
+- Android SDK version: 17.0.1
+- iOS SDK version: 6.13.0
+
+### Capacitor
+
+#### Added
+
+- Added `killOnBypass` to `TalsecConfig` that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker (Android only) ([Issue 65](https://github.com/talsec/Free-RASP-Android/issues/65))
+- Added API for `timeSpoofing` callback into `ThreatEventActions` (Android only)
+- Added API for `unsecureWifi` callback into `ThreatEventActions` (Android only)
+- Added API for `allChecksFinished` callback into new `RaspExecutionStateEventActions` object
+- Added matched permissions to `SuspiciousAppInfo` object when malware detection reason is `suspiciousPermission`
+
+#### Fixed
+
+- Resolved potential collision in threat identifiers
+
+### Android
+
+#### Added
+
+- Added `killOnBypass` method to the `TalsecConfig.Builder` that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker [Issue 65](https://github.com/talsec/Free-RASP-Android/issues/65)
+- We are introducing a new capability, detecting whether the device time has been tampered with (`timeSpoofing`)
+- We are introducing a new capability, detecting whether the location is being spoofed on the device (`locationSpoofing`)
+- We are introducing a new capability, detection of unsecure WiFi (`unecureWifi`)
+- Removed deprecated functionality `Pbkdf2Native` and both related native libraries (`libpbkdf2_native.so` and `libpolarssl.so`)
+- Added new `RaspExecutionState` which contains `onAllChecksFinished()` method, which is triggered after all checks are completed.
+- Added matched permissions to `SuspiciousAppInfo` object when malware detection reason is `suspiciousPermission`
+- New option to start Talsec, `Talsec.start()` takes new parameter `TalsecMode` that determines the dispatcher thread of initialization and sync checks (uses background thread by default)
+- Capability to check if another app has an option `REQUEST_INSTALL_PACKAGES` enabled in the system settings to malware detection
+
+#### Fixed
+
+- Root detection related bugs causing false positives
+- ANR issue caused by `registerScreenCaptureCallback()` method on the main thread
+- `NullPointerException` when checking key alias in Keystore on Android 7
+- `JaCoCo` issue causing `MethodTooLargeException` during instrumentation
+- `DeadApplicationException` when calling `Settings.Global.getInt` or `Settings.Secure.getInt` on invalid context
+- `AndroidKeyStore` crashes causing `java.util.concurrent.TimeoutException` when calling `finalize()` method on `Cipher` (GC issues)
+- Fixed issue with late initializers and `TalsecMode` coroutines scopes
+
+
+#### Changed
+
+- Deprecated Nexus repository removed (GCP artifact registry is the main supported distribution repository)
+- Shortened the value of threat detection interval
+- Refactoring of internal architecture of SDK that newly uses Coroutines to manage threading
+- Update of internal dependencies and security libraries
+
+### iOS
+
+#### Changed
+
+- Updated internal dependencies
+
 ## [2.2.2] - 2025-08-12
 
 - iOS SDK version: 6.12.1

package/CapacitorFreerasp.podspec

@@ -10,7 +10,11 @@ Pod::Spec.new do |s|
   s.homepage = package['repository']['url']
   s.author = package['author']
   s.source = { :git => package['repository']['url'], :tag => s.version.to_s }
-  s.source_files = 'ios/Plugin/*.{swift,h,m,c,cc,mm,cpp}', 'ios/Plugin/TalsecRuntime.xcframework'
+  s.source_files = 'ios/Plugin/models/*.{swift,h,m,c,cc,mm,cpp}', 
+                   'ios/Plugin/utils/*.{swift,h,m,c,cc,mm,cpp}', 
+                   'ios/Plugin/dispatchers/*.{swift,h,m,c,cc,mm,cpp}', 
+                   'ios/Plugin/*.{swift,h,m,c,cc,mm,cpp}', 
+                   'ios/Plugin/TalsecRuntime.xcframework'
   s.ios.deployment_target  = '13.0'
   s.dependency 'Capacitor'
   s.swift_version = '5.1'

package/README.md

@@ -6,9 +6,9 @@
 
 # freeRASP for Capacitor
 
-freeRASP for Capacitor is a mobile in-app protection and security monitoring plugin. It aims to cover the main aspects of RASP (Runtime App Self Protection) and application shielding.
+freeRASP for Capacitor is a mobile in-app threat detection and security monitoring plugin. It aims to cover the main aspects of RASP (Runtime App Self Protection) and application shielding.
 
-:loudspeaker: [The official documentation has been moved to a new location. You can now find it here](https://docs.talsec.app/docs-and-articles-portal). :loudspeaker:
+:loudspeaker: [The official documentation has been moved to a new location. You can now find it here](https://docs.talsec.app/docs-and-articles-portal?utm_source=github). :loudspeaker:
 
 # Overview
 
@@ -28,7 +28,7 @@ Key features are the detection and prevention of
 - Untrusted installation method
 - App/Device (un)binding
 
-Additional freeRASP features include low latency, easy integration and a weekly [Security Report](https://docs.talsec.app/freerasp/security-report) containing detailed information about detected incidents and potential threats, summarizing the state of your app security.
+Additional freeRASP features include low latency, easy integration and a weekly [Security Report](https://docs.talsec.app/freerasp/security-report?utm_source=github) containing detailed information about detected incidents and potential threats, summarizing the state of your app security.
 
 The commercial version provides a top-notch protection level, extra features, support and maintenance. One of the most valued commercial features is AppiCrypt® - App Integrity Cryptogram.
 
@@ -41,7 +41,7 @@ It allows easy to implement API protection and App Integrity verification on the
 
 It is a unified solution that works across all mobile platforms without dependency on external web services (i.e., without extra latency, an additional point of failure, and maintenance costs).
 
-Learn more about commercial features at [https://talsec.app](https://talsec.app).
+Learn more about commercial features at [https://talsec.app](https://talsec.app?utm_source=github).
 
 Learn more about freemium freeRASP features at [GitHub main repository](https://github.com/talsec/Free-RASP-Community).
 
@@ -54,17 +54,17 @@ After the integration of freeRASP, make sure you visit the [freeMalwareDetection
 
 Visit the [GitBook page](https://docs.talsec.app/freerasp) for comprehensive and up-to-date guides, tutorials, and technical documentation specifically for freeRASP. It serves as your go-to resource, offering everything from basic instructions to advanced tips and tricks to help you get the most out of the project.
 
-:loudspeaker: [The official documentation has been moved to a new location. You can now find it here](https://docs.talsec.app/docs-and-articles-portal). :loudspeaker:
+:loudspeaker: [The official documentation has been moved to a new location. You can now find it here](https://docs.talsec.app/docs-and-articles-portal?utm_source=github). :loudspeaker:
 
 ## :link: Integration Guide
 
-For integrating freeRASP on the Capacitor platform, be sure to follow all the steps in the [Integration Guide](https://docs.talsec.app/freerasp/integration). This guide provides detailed instructions to help you achieve a smooth and efficient integration.
+For integrating freeRASP on the Capacitor platform, be sure to follow all the steps in the [Integration Guide](https://docs.talsec.app/freerasp/integration?utm_source=github). This guide provides detailed instructions to help you achieve a smooth and efficient integration.
 
 Be sure to bookmark it and stay informed! :books: :sparkles:.
 
 # :rocket: What's New and Changelog
 
-Stay informed and make the most of freeRASP by checking out [What's New and Changelog](https://docs.talsec.app/freerasp/whats-new-and-changelog)! Here, you’ll discover the latest features, enhancements, and bug fixes we’ve implemented to improve your experience across all platforms, including Android, iOS, Flutter, React Native, Capacitor, and Cordova. 
+Stay informed and make the most of freeRASP by checking out [What's New and Changelog](https://docs.talsec.app/freerasp/whats-new-and-changelog?utm_source=github)! Here, you’ll discover the latest features, enhancements, and bug fixes we’ve implemented to improve your experience across all platforms, including Android, iOS, Flutter, React Native, Capacitor, and Cordova. 
 
 Don’t miss out on any updates and explore the changelog to see how we’re continually making freeRASP better for you!
 
@@ -76,4 +76,4 @@ You can check out the project board [here](https://github.com/orgs/talsec/projec
 
 # :page_facing_up: License
 
-This project is provided as freemium software, i.e. there is a [fair usage policy](https://docs.talsec.app/freerasp/features-and-pricing-plans#plans-comparison) that imposes some limitations on the free usage. The SDK software consists of open-source and binary parts, which is the property of Talsec. The open-source part is licensed under the MIT License - see the LICENSE file for details.
+This project is provided as freemium software, i.e. there is a [fair usage policy](https://docs.talsec.app/freerasp/features-and-pricing-plans#plans-comparison?utm_source=github) that imposes some limitations on the free usage. The SDK software consists of open-source and binary parts, which is the property of Talsec. The open-source part is licensed under the MIT License - see the LICENSE file for details.

package/android/build.gradle

@@ -27,10 +27,10 @@ apply plugin: 'kotlinx-serialization'
 
 android {
     namespace "com.aheaditec.freerasp"
-    compileSdk 35
+    compileSdk Math.max(36, project.hasProperty('rootProject.ext.compileSdk') ? rootProject.ext.compileSdk as int : 36)
     defaultConfig {
         minSdkVersion 23
-        targetSdkVersion 35
+        targetSdkVersion 36
         versionCode 1
         versionName "1.0"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
@@ -76,5 +76,5 @@ dependencies {
     androidTestImplementation "androidx.test.ext:junit:$androidxJunitVersion"
     androidTestImplementation "androidx.test.espresso:espresso-core:$androidxEspressoCoreVersion"
     
-    implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Capacitor:16.0.2'
+    implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Capacitor:18.0.2'
 }

package/android/src/main/java/com/aheaditec/freerasp/FreeraspPlugin.kt

@@ -1,5 +1,6 @@
 package com.aheaditec.freerasp
 
+import android.content.Context
 import android.os.Build
 import android.os.Handler
 import android.os.HandlerThread
@@ -11,7 +12,11 @@ import com.aheaditec.freerasp.utils.toEncodedJSArray
 import com.aheaditec.talsec_security.security.api.SuspiciousAppInfo
 import com.aheaditec.talsec_security.security.api.Talsec
 import com.aheaditec.talsec_security.security.api.TalsecConfig
-import com.aheaditec.talsec_security.security.api.ThreatListener
+import com.aheaditec.freerasp.events.BaseRaspEvent
+import com.aheaditec.freerasp.events.RaspExecutionStateEvent
+import com.aheaditec.freerasp.events.ThreatEvent
+import com.aheaditec.freerasp.interfaces.PluginExecutionStateListener
+import com.aheaditec.freerasp.interfaces.PluginThreatListener
 import com.getcapacitor.JSObject
 import com.getcapacitor.Plugin
 import com.getcapacitor.PluginCall
@@ -19,11 +24,11 @@ import com.getcapacitor.PluginMethod
 import com.getcapacitor.annotation.CapacitorPlugin
 import org.json.JSONArray
 
+typealias CapacitorCallback = (String, JSObject) -> Unit
+
 @CapacitorPlugin(name = "Freerasp")
 class FreeraspPlugin : Plugin() {
 
-    private val threatHandler = TalsecThreatHandler(this)
-    private val listener = ThreatListener(threatHandler, threatHandler)
     private var registered = true
 
     @PluginMethod
@@ -35,7 +40,15 @@ class FreeraspPlugin : Plugin() {
         }
         try {
             val talsecConfig = buildTalsecConfigThrowing(config)
-            listener.registerListener(context)
+
+            val pluginCallback: CapacitorCallback = { eventName, data ->
+                notifyListeners(eventName, data, true)
+            }
+
+            PluginThreatHandler.threatDispatcher.listener = PluginListener(context, pluginCallback)
+            PluginThreatHandler.executionStateDispatcher.listener = PluginListener(context, pluginCallback)
+            PluginThreatHandler.registerListener(context)
+
             bridge.activity.runOnUiThread {
                 Talsec.start(context, talsecConfig)
                 mainHandler.post {
@@ -67,8 +80,10 @@ class FreeraspPlugin : Plugin() {
     override fun handleOnPause() {
         super.handleOnPause()
         if (activity.isFinishing) {
-            listener.unregisterListener(context)
+            PluginThreatHandler.unregisterListener(context)
             registered = false
+            PluginThreatHandler.threatDispatcher.listener = null
+            PluginThreatHandler.executionStateDispatcher.listener = null
         }
     }
 
@@ -76,7 +91,7 @@ class FreeraspPlugin : Plugin() {
         super.handleOnResume()
         if (!registered) {
             registered = true
-            listener.registerListener(context)
+            PluginThreatHandler.registerListener(context)
         }
     }
 
@@ -97,18 +112,40 @@ class FreeraspPlugin : Plugin() {
      */
     @PluginMethod
     fun getThreatIdentifiers(call: PluginCall) {
-        call.resolve(JSObject().put("ids", Threat.getThreatValues()))
+        call.resolve(JSObject().put("ids", ThreatEvent.ALL_EVENTS))
     }
 
     /**
-     * Method to setup the message passing between native and React Native
-     * @return list of [THREAT_CHANNEL_NAME, THREAT_CHANNEL_KEY]
+     * Method to get the random identifiers of callbacks
+     */
+    @PluginMethod
+    fun getRaspExecutionStateIdentifiers(call: PluginCall) {
+        call.resolve(JSObject().put("ids", RaspExecutionStateEvent.ALL_EVENTS))
+    }
+
+    /**
+     * Method to setup the message passing between native and Capacitor
+     * @return list of [CHANNEL_NAME, CHANNEL_KEY, MALWARE_CHANNEL_KEY]
      */
     @PluginMethod
     fun getThreatChannelData(call: PluginCall) {
         val channelData = JSONArray(
             (listOf(
-                THREAT_CHANNEL_NAME, THREAT_CHANNEL_KEY, MALWARE_CHANNEL_KEY
+                ThreatEvent.CHANNEL_NAME, ThreatEvent.CHANNEL_KEY, ThreatEvent.MALWARE_CHANNEL_KEY
+            ))
+        )
+        call.resolve(JSObject().put("ids", channelData))
+    }
+
+    /**
+     * Method to setup the execution state message passing between native and Capacitor
+     * @return list of [CHANNEL_NAME, CHANNEL_KEY]
+     */
+    @PluginMethod
+    fun getRaspExecutionStateChannelData(call: PluginCall) {
+        val channelData = JSONArray(
+            (listOf(
+                RaspExecutionStateEvent.CHANNEL_NAME, RaspExecutionStateEvent.CHANNEL_KEY
             ))
         )
         call.resolve(JSObject().put("ids", channelData))
@@ -119,7 +156,7 @@ class FreeraspPlugin : Plugin() {
      * Therefore, if this happens, we want to kill the app.
      */
     @PluginMethod
-    fun onInvalidCallback() {
+    fun onInvalidCallback(call: PluginCall) {
         android.os.Process.killProcess(android.os.Process.myPid())
     }
 
@@ -179,7 +216,7 @@ class FreeraspPlugin : Plugin() {
 
         activity?.runOnUiThread {
             try {
-                Talsec.blockScreenCapture(context, enable)
+                Talsec.blockScreenCapture(activity, enable)
                 call.resolve(JSObject().put("result", true))
             } catch (e: Exception) {
                 call.reject(
@@ -224,24 +261,21 @@ class FreeraspPlugin : Plugin() {
                 "Error during storeExternalId operation in freeRASP Native Plugin",
                 "NativePluginError"
             )
+            return
         }
     }
 
-    internal fun notifyListeners(threat: Threat) {
-        notifyListeners(THREAT_CHANNEL_NAME, JSObject().put(THREAT_CHANNEL_KEY, threat.value), true)
-    }
-
-    internal fun notifyMalware(suspiciousApps: MutableList<SuspiciousAppInfo>) {
-        // Perform the malware encoding on a background thread
-        backgroundHandler.post {
-
-            val encodedSuspiciousApps = suspiciousApps.toEncodedJSArray(context)
-            mainHandler.post {
-                val params = JSObject()
-                    .put(THREAT_CHANNEL_KEY, Threat.Malware.value)
-                    .put(MALWARE_CHANNEL_KEY, encodedSuspiciousApps)
-                notifyListeners(THREAT_CHANNEL_NAME, params, true)
-            }
+    @PluginMethod
+    fun removeExternalId(call: PluginCall) {
+        try {
+            Talsec.removeExternalId(context)
+            call.resolve(JSObject().put("result", true))
+        } catch (e: Exception) {
+            call.reject(
+                "Error during removeExternalId operation in freeRASP Native Plugin",
+                "NativePluginError"
+            )
+            return
         }
     }
 
@@ -253,6 +287,7 @@ class FreeraspPlugin : Plugin() {
             .watcherMail(configJson.getString("watcherMail"))
             .supportedAlternativeStores(androidConfig.getArraySafe("supportedAlternativeStores"))
             .prod(configJson.getBool("isProd") ?: true)
+            .killOnBypass(configJson.getBool("killOnBypass") ?: false)
 
         if (androidConfig.has("malwareConfig")) {
             val malwareConfig = androidConfig.getJSONObject("malwareConfig")
@@ -266,16 +301,54 @@ class FreeraspPlugin : Plugin() {
 
 
     companion object {
-        private val THREAT_CHANNEL_NAME = (10000..999999999).random()
-            .toString() // name of the channel over which threat callbacks are sent
-        private val THREAT_CHANNEL_KEY = (10000..999999999).random()
-            .toString() // key of the argument map under which threats are expected
-        private val MALWARE_CHANNEL_KEY = (10000..999999999).random()
-            .toString() // key of the argument map under which malware data is expected
         private val backgroundHandlerThread = HandlerThread("BackgroundThread").apply { start() }
         private val backgroundHandler = Handler(backgroundHandlerThread.looper)
         private val mainHandler = Handler(Looper.getMainLooper())
 
         internal var talsecStarted = false
+
+        internal fun notifyEvent(
+            event: BaseRaspEvent,
+            notifyListenersCallback: CapacitorCallback
+        ) {
+            val params = JSObject().put(event.channelKey, event.value)
+            notifyListenersCallback(event.channelName, params)
+        }
+
+        internal fun notifyMalware(
+            suspiciousApps: MutableList<SuspiciousAppInfo>,
+            context: Context,
+            notifyListenersCallback: CapacitorCallback
+        ) {
+            // Perform the malware encoding on a background thread
+            backgroundHandler.post {
+
+                val encodedSuspiciousApps = suspiciousApps.toEncodedJSArray(context)
+                mainHandler.post {
+                    val params = JSObject()
+                        .put(ThreatEvent.CHANNEL_KEY, ThreatEvent.Malware.value)
+                        .put(ThreatEvent.MALWARE_CHANNEL_KEY, encodedSuspiciousApps)
+                    notifyListenersCallback.invoke(ThreatEvent.CHANNEL_NAME, params)
+                }
+
+            }
+        }
+    }
+
+    internal class PluginListener(
+        private val context: Context,
+        private val pluginCallback: CapacitorCallback
+    ) : PluginThreatListener, PluginExecutionStateListener {
+        override fun threatDetected(threatEventType: ThreatEvent) {
+            notifyEvent(threatEventType, pluginCallback)
+        }
+
+        override fun malwareDetected(suspiciousApps: MutableList<SuspiciousAppInfo>) {
+            notifyMalware(suspiciousApps, context, pluginCallback)
+        }
+
+        override fun raspExecutionStateChanged(event: RaspExecutionStateEvent) {
+            notifyEvent(event, pluginCallback)
+        }
     }
 }

package/android/src/main/java/com/aheaditec/freerasp/PluginThreatHandler.kt

@@ -0,0 +1,121 @@
+package com.aheaditec.freerasp
+
+import android.content.Context
+import com.aheaditec.talsec_security.security.api.SuspiciousAppInfo
+import com.aheaditec.talsec_security.security.api.ThreatListener
+import com.aheaditec.freerasp.dispatchers.ExecutionStateDispatcher
+import com.aheaditec.freerasp.dispatchers.ThreatDispatcher
+import com.aheaditec.freerasp.events.RaspExecutionStateEvent
+import com.aheaditec.freerasp.events.ThreatEvent
+
+internal object PluginThreatHandler {
+
+    internal val threatDispatcher = ThreatDispatcher()
+    internal val executionStateDispatcher = ExecutionStateDispatcher()
+
+    private val threatDetected = object : ThreatListener.ThreatDetected() {
+
+        override fun onRootDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.PrivilegedAccess)
+        }
+
+        override fun onDebuggerDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.Debug)
+        }
+
+        override fun onEmulatorDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.Simulator)
+        }
+
+        override fun onTamperDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.AppIntegrity)
+        }
+
+        override fun onUntrustedInstallationSourceDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.UnofficialStore)
+        }
+
+        override fun onHookDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.Hooks)
+        }
+
+        override fun onDeviceBindingDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.DeviceBinding)
+        }
+
+        override fun onObfuscationIssuesDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.ObfuscationIssues)
+        }
+
+        override fun onMalwareDetected(suspiciousAppInfos: MutableList<SuspiciousAppInfo>) {
+            threatDispatcher.dispatchMalware(suspiciousAppInfos ?: mutableListOf())
+        }
+
+        override fun onScreenshotDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.Screenshot)
+        }
+
+        override fun onScreenRecordingDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.ScreenRecording)
+        }
+
+        override fun onMultiInstanceDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.MultiInstance)
+        }
+
+        override fun onUnsecureWifiDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.UnsecureWifi)
+        }
+
+        override fun onTimeSpoofingDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.TimeSpoofing)
+        }
+
+        override fun onLocationSpoofingDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.LocationSpoofing)
+        }
+
+        override fun onAutomationDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.Automation)
+        }
+    }
+
+    private val deviceState = object : ThreatListener.DeviceState() {
+
+        override fun onUnlockedDeviceDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.Passcode)
+        }
+
+        override fun onHardwareBackedKeystoreNotAvailableDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.SecureHardwareNotAvailable)
+        }
+
+        override fun onDeveloperModeDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.DevMode)
+        }
+
+        override fun onADBEnabledDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.ADBEnabled)
+        }
+
+        override fun onSystemVPNDetected() {
+            threatDispatcher.dispatchThreat(ThreatEvent.SystemVPN)
+        }
+    }
+
+    private val raspExecutionState = object : ThreatListener.RaspExecutionState() {
+        override fun onAllChecksFinished() {
+            executionStateDispatcher.dispatch(RaspExecutionStateEvent.AllChecksFinished)
+        }
+    }
+
+    private val internalListener = ThreatListener(threatDetected, deviceState, raspExecutionState)
+
+    internal fun registerListener(context: Context) {
+        internalListener.registerListener(context)
+    }
+
+    internal fun unregisterListener(context: Context) {
+        internalListener.unregisterListener(context)
+    }
+}

package/android/src/main/java/com/aheaditec/freerasp/ScreenProtector.kt

@@ -11,6 +11,7 @@ import android.view.WindowManager.SCREEN_RECORDING_STATE_VISIBLE
 import androidx.annotation.RequiresApi
 import androidx.core.content.ContextCompat
 import com.aheaditec.talsec_security.security.api.Talsec
+import com.aheaditec.freerasp.events.ThreatEvent
 import java.util.function.Consumer
 
 @RequiresApi(Build.VERSION_CODES.UPSIDE_DOWN_CAKE)
@@ -18,14 +19,35 @@ internal object ScreenProtector {
     private const val TAG = "TalsecScreenProtector"
     private const val SCREEN_CAPTURE_PERMISSION = "android.permission.DETECT_SCREEN_CAPTURE"
     private const val SCREEN_RECORDING_PERMISSION = "android.permission.DETECT_SCREEN_RECORDING"
+
     private var registered = false
-    private val screenCaptureCallback = ScreenCaptureCallback { Talsec.onScreenshotDetected() }
+    private val cachedThreats = mutableSetOf<ThreatEvent>()
+
+    private val screenCaptureCallback = ScreenCaptureCallback { handleThreat(ThreatEvent.Screenshot) }
     private val screenRecordCallback: Consumer<Int> = Consumer<Int> { state ->
         if (state == SCREEN_RECORDING_STATE_VISIBLE) {
-            Talsec.onScreenRecordingDetected()
+            handleThreat(ThreatEvent.ScreenRecording)
+        }
+    }
+
+    private fun handleThreat(threat: ThreatEvent) {
+        if(!FreeraspPlugin.talsecStarted) {
+            cachedThreats.add(threat)
+            return
+        }
+
+        when (threat) {
+            ThreatEvent.Screenshot -> Talsec.onScreenshotDetected()
+            ThreatEvent.ScreenRecording -> Talsec.onScreenRecordingDetected()
+            else -> throw IllegalArgumentException("Unexpected Threat type: $threat")
         }
     }
 
+    internal fun flushCache() {
+        cachedThreats.forEach { handleThreat(it) }
+        cachedThreats.clear()
+    }
+
     /**
      * Registers screenshot and screen recording detector with the given activity
      *

package/android/src/main/java/com/aheaditec/freerasp/dispatchers/ExecutionStateDispatcher.kt

@@ -0,0 +1,38 @@
+package com.aheaditec.freerasp.dispatchers
+
+import com.aheaditec.freerasp.events.RaspExecutionStateEvent
+import com.aheaditec.freerasp.interfaces.PluginExecutionStateListener
+
+internal class ExecutionStateDispatcher {
+    private val cache = mutableSetOf<RaspExecutionStateEvent>()
+
+    var listener: PluginExecutionStateListener? = null
+        set(value) {
+            field = value
+            if (value != null) {
+                flushCache(value)
+            }
+        }
+
+    fun dispatch(event: RaspExecutionStateEvent) {
+        val checkedListener = synchronized(cache) {
+            val currentListener = listener
+            if (currentListener != null) {
+                currentListener
+            } else {
+                cache.add(event)
+                null
+            }
+        }
+        checkedListener?.raspExecutionStateChanged(event)
+    }
+
+    private fun flushCache(registeredListener: PluginExecutionStateListener) {
+        val events = synchronized(cache) {
+            val snapshot = cache.toSet()
+            cache.clear()
+            snapshot
+        }
+        events.forEach { registeredListener.raspExecutionStateChanged(it) }
+    }
+}