react-native-device-defense 1.0.1 → 1.0.2

package/README.md

@@ -9,6 +9,7 @@
 - 🎣 **Frida/Xposed Detection** - Detect common hooking frameworks
 - 🐛 **Anti-Debug** - Detect debugger attachment
 - 📱 **Emulator Detection** - Detect Android emulators
+- 🔐 **SSL Pinning Detection** - Native C++ SSL security checks to prevent MITM attacks
 - 🛡️ **App Integrity Check** - Verify app signature and tampering
 - 🔐 **Block on Security Threat** - Automatically block app when security issues detected
 
@@ -22,6 +23,17 @@ yarn add react-native-device-defense
 
 ## Android Setup
 
+### React Native 0.60+ (Autolinking)
+
+No manual setup required! Just install and rebuild:
+
+```bash
+yarn add react-native-device-defense
+npx react-native run-android
+```
+
+### React Native < 0.60 (Manual Linking)
+
 1. Add to `android/settings.gradle`:
 
 ```gradle
@@ -135,6 +147,49 @@ DeviceSecurity.blockOnSecurityThreat({
 });
 ```
 
+### SSL Security Check
+
+Prevent MITM (Man-in-the-Middle) attacks with native SSL security checks:
+
+```typescript
+import DeviceSecurity from 'react-native-device-defense';
+
+// Quick SSL security check
+const hasSSLIssue = DeviceSecurity.hasSSLSecurityIssue();
+
+if (hasSSLIssue) {
+  console.log('SSL security issue detected!');
+  // Block sensitive operations or show warning
+}
+
+// Detailed SSL security status
+const sslStatus = await DeviceSecurity.getSSLSecurityStatus();
+
+console.log({
+  hasSSLValidationBypass: sslStatus.hasSSLValidationBypass,
+  hasSSLPinningBypass: sslStatus.hasSSLPinningBypass,
+  hasProxyConfiguration: sslStatus.hasProxyConfiguration, // Potential MITM
+  hasModifiedSSLLibraries: sslStatus.hasModifiedSSLLibraries,
+  hasCertificateTampering: sslStatus.hasCertificateTampering,
+});
+
+// Check for specific SSL threats
+if (DeviceSecurity.hasSSLPinningBypass()) {
+  // SSL pinning bypass tools detected (Frida, Xposed, etc.)
+  Alert.alert('Security Warning', 'SSL pinning bypass detected. Your connection may not be secure.');
+}
+
+if (DeviceSecurity.hasProxyConfiguration()) {
+  // Proxy configured - potential MITM attack
+  console.warn('Proxy configuration detected - possible MITM');
+}
+
+if (DeviceSecurity.hasCertificateTampering()) {
+  // Excessive user certificates detected
+  Alert.alert('Security Warning', 'Device certificates have been modified.');
+}
+```
+
 ## API Reference
 
 ### Methods
@@ -143,6 +198,7 @@ DeviceSecurity.blockOnSecurityThreat({
 |--------|---------|-------------|
 | `isDeviceSecure()` | `Promise<boolean>` | Check if device is secure (no threats) |
 | `getSecurityStatus()` | `Promise<SecurityStatus>` | Get detailed security status |
+| `getSSLSecurityStatus()` | `Promise<SSLSecurityStatus>` | Get detailed SSL security status |
 | `blockOnSecurityThreat(options)` | `void` | Block app when security threat detected |
 | `isRooted()` | `boolean` | Check if device is rooted (synchronous) |
 | `hasFrida()` | `boolean` | Check if Frida is present |
@@ -150,6 +206,12 @@ DeviceSecurity.blockOnSecurityThreat({
 | `hasMagisk()` | `boolean` | Check if Magisk is present |
 | `isDebuggable()` | `boolean` | Check if app is debuggable |
 | `isEmulator()` | `boolean` | Check if running on emulator |
+| `hasSSLValidationBypass()` | `boolean` | Check if SSL validation is bypassed |
+| `hasSSLPinningBypass()` | `boolean` | Check for SSL pinning bypass tools |
+| `hasProxyConfiguration()` | `boolean` | Check if proxy is configured (MITM risk) |
+| `hasModifiedSSLLibraries()` | `boolean` | Check if SSL libraries are modified |
+| `hasCertificateTampering()` | `boolean` | Check for certificate tampering |
+| `hasSSLSecurityIssue()` | `boolean` | Comprehensive SSL security check |
 
 ### Types
 
@@ -168,6 +230,22 @@ interface SecurityStatus {
   hasMagisk: boolean;
   isDebuggable: boolean;
   isEmulator: boolean;
+  // SSL security fields
+  hasSSLValidationBypass: boolean;
+  hasSSLPinningBypass: boolean;
+  hasProxyConfiguration: boolean;
+  hasModifiedSSLLibraries: boolean;
+  hasCertificateTampering: boolean;
+  hasSSLSecurityIssue: boolean;
+}
+
+interface SSLSecurityStatus {
+  hasSSLValidationBypass: boolean;
+  hasSSLPinningBypass: boolean;
+  hasProxyConfiguration: boolean;
+  hasModifiedSSLLibraries: boolean;
+  hasCertificateTampering: boolean;
+  hasSSLSecurityIssue: boolean;
 }
 
 type SecurityThreat =
@@ -177,7 +255,12 @@ type SecurityThreat =
   | 'magisk_detected'
   | 'debugger_detected'
   | 'emulator_detected'
-  | 'system_props_modified';
+  | 'system_props_modified'
+  | 'ssl_validation_bypass'
+  | 'ssl_pinning_bypass'
+  | 'proxy_configuration'
+  | 'modified_ssl_libraries'
+  | 'certificate_tampering';
 ```
 
 ## Configuration
@@ -219,6 +302,14 @@ Add to `android/app/proguard-rules.pro`:
 - Generic device features
 - Genymotion, Nox, BlueStacks detection
 
+### SSL Security Detection (Native C++)
+- SSL validation bypass detection
+- SSL pinning bypass tools detection (Frida, Xposed, Substrate)
+- Proxy configuration detection (MITM risk)
+- Modified SSL libraries detection
+- Certificate tampering detection
+- User-installed CA certificate monitoring
+
 ## License
 
 MIT

package/android/build.gradle

@@ -83,7 +83,7 @@ dependencies {
   implementation 'com.facebook.react:react-native:+'
 
   // RootBeer for root detection
-  implementation 'com.scottyab:rootbeer:0.1.0'
+  implementation 'com.scottyab:rootbeer-lib:0.1.1'
 
   testImplementation 'junit:junit:4.13.2'
   testImplementation 'org.mockito:mockito-core:5.3.1'

package/android/src/main/cpp/device-security.cpp

@@ -7,6 +7,10 @@
 #include <unistd.h>
 #include <android/log.h>
 #include <stdexcept>
+#include <openssl/opensslv.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
 
 #define LOG_TAG "DeviceSecurityNative"
 #define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__)
@@ -237,6 +241,234 @@ static bool checkFridaInMaps() {
     return false;
 }
 
+/**
+ * Check for SSL validation bypass in system properties
+ */
+static bool checkSSLValidationBypass() {
+    const std::vector<std::string> propFiles = {
+        "/system/build.prop",
+        "/vendor/build.prop",
+        "/default.prop"
+    };
+
+    for (const auto& propFile : propFiles) {
+        if (!fileExists(propFile)) continue;
+
+        std::ifstream file(propFile);
+        std::string line;
+
+        while (std::getline(file, line)) {
+            // Check for SSL validation bypass indicators
+            if (line.find("ssl.untrusted=0") != std::string::npos) {
+                LOGD("Found SSL validation bypass in %s", propFile.c_str());
+                return true;
+            }
+            if (line.find("ro.debuggable") != std::string::npos &&
+                line.find("1") != std::string::npos) {
+                // Debuggable builds may have SSL validation bypassed
+                LOGD("Device is debuggable, SSL may be bypassed");
+                return true;
+            }
+        }
+    }
+
+    return false;
+}
+
+/**
+ * Check for common SSL pinning bypass tools and frameworks
+ */
+static bool checkSSLPinningBypass() {
+    // Check for known SSL pinning bypass tools in /proc/self/maps
+    std::ifstream mapsFile("/proc/self/maps");
+    std::string line;
+
+    const std::vector<std::string> bypassLibraries = {
+        "libssl-bypass",
+        " Frida",
+        "xposed",
+        "substrate",
+        "magisk",
+        "r0puse",
+        "ssl-pin bypass",
+        "trustmekit"
+    };
+
+    while (std::getline(mapsFile, line)) {
+        std::string lowerLine = line;
+        std::transform(lowerLine.begin(), lowerLine.end(), lowerLine.begin(), ::tolower);
+
+        for (const auto& lib : bypassLibraries) {
+            if (lowerLine.find(lib) != std::string::npos) {
+                LOGD("Found SSL pinning bypass tool: %s", lib.c_str());
+                return true;
+            }
+        }
+    }
+
+    // Check for common SSL bypass apps
+    const std::vector<std::string> bypassApps = {
+        "/data/data/de.robv.android.xposed.installer",
+        "/data/data/com.sensei.withakemon",
+        "/data/data/com.solid.pinkyscan",
+        "/data/data/jp.co.cyberagent.android.deviceauthorization"
+    };
+
+    for (const auto& app : bypassApps) {
+        if (directoryExists(app)) {
+            LOGD("Found SSL bypass app: %s", app.c_str());
+            return true;
+        }
+    }
+
+    return false;
+}
+
+/**
+ * Check for proxy configuration that could intercept SSL traffic
+ */
+static bool checkProxyConfiguration() {
+    // Check for HTTP proxy in system properties
+    const std::vector<std::string> propFiles = {
+        "/system/build.prop",
+        "/vendor/build.prop"
+    };
+
+    for (const auto& propFile : propFiles) {
+        if (!fileExists(propFile)) continue;
+
+        std::ifstream file(propFile);
+        std::string line;
+
+        while (std::getline(file, line)) {
+            if (line.find("http.proxy") != std::string::npos ||
+                line.find("https.proxy") != std::string::npos) {
+                LOGD("Found proxy configuration in %s", propFile.c_str());
+                return true;
+            }
+        }
+    }
+
+    // Check for proxy environment variables
+    if (getenv("http_proxy") != nullptr || getenv("https_proxy") != nullptr) {
+        LOGD("Found proxy environment variables");
+        return true;
+    }
+
+    return false;
+}
+
+/**
+ * Check for modified SSL libraries
+ */
+static bool checkModifiedSSLLibraries() {
+    // Check if SSL libraries are from unexpected locations
+    std::ifstream mapsFile("/proc/self/maps");
+    std::string line;
+
+    const std::vector<std::string> trustedPaths = {
+        "/system/lib/libssl",
+        "/system/lib64/libssl",
+        "/apex/com.android.conscrypt/lib",
+        "/data/app/", // App's own lib path
+        "/com.android.conscrypt"
+    };
+
+    while (std::getline(mapsFile, line)) {
+        if (line.find("libssl") != std::string::npos ||
+            line.find("libcrypto") != std::string::npos) {
+
+            // Check if library is from trusted path
+            bool fromTrustedPath = false;
+            for (const auto& trusted : trustedPaths) {
+                if (line.find(trusted) != std::string::npos) {
+                    fromTrustedPath = true;
+                    break;
+                }
+            }
+
+            if (!fromTrustedPath && line.find("r-xp") != std::string::npos) {
+                // Library is executable but not from trusted path
+                LOGD("Found potentially modified SSL library: %s", line.c_str());
+                return true;
+            }
+        }
+    }
+
+    return false;
+}
+
+/**
+ * Check for certificate tampering
+ */
+static bool checkCertificateTampering() {
+    // Check for user-installed CA certificates
+    const std::vector<std::string> certPaths = {
+        "/data/misc/keychain/cacerts-added",
+        "/system/etc/security/cacerts"
+    };
+
+    for (const auto& certPath : certPaths) {
+        if (directoryExists(certPath)) {
+            DIR* dir = opendir(certPath.c_str());
+            if (dir != nullptr) {
+                struct dirent* entry;
+                int certCount = 0;
+
+                while ((entry = readdir(dir)) != nullptr) {
+                    if (entry->d_type == DT_REG) {
+                        certCount++;
+                    }
+                }
+
+                closedir(dir);
+
+                // Too many user certificates might indicate tampering
+                if (certCount > 100) {
+                    LOGD("Suspicious number of certificates: %d", certCount);
+                    return true;
+                }
+            }
+        }
+    }
+
+    return false;
+}
+
+/**
+ * Comprehensive SSL security check
+ */
+static bool checkSSLSecurity() {
+    bool hasIssue = false;
+
+    if (checkSSLValidationBypass()) {
+        LOGD("SSL validation bypass detected");
+        hasIssue = true;
+    }
+
+    if (checkSSLPinningBypass()) {
+        LOGD("SSL pinning bypass detected");
+        hasIssue = true;
+    }
+
+    if (checkProxyConfiguration()) {
+        LOGD("Proxy configuration detected");
+        hasIssue = true;
+    }
+
+    if (checkModifiedSSLLibraries()) {
+        LOGD("Modified SSL libraries detected");
+        hasIssue = true;
+    }
+
+    if (checkCertificateTampering()) {
+        LOGD("Certificate tampering detected");
+        hasIssue = true;
+    }
+
+    return hasIssue;
+}
+
 /**
  * Main root detection function
  */
@@ -269,45 +501,87 @@ static bool performRootDetection() {
     return false;
 }
 
+// Updated JNI functions with new package name
 extern "C" JNIEXPORT jboolean JNICALL
-Java_vn_osp_security_NativeSecurityCheck_isRooted(JNIEnv* env, jobject /* this */) {
+Java_com_devicedefense_NativeSecurityCheck_isRooted(JNIEnv* env, jobject /* this */) {
     return performRootDetection() ? JNI_TRUE : JNI_FALSE;
 }
 
 extern "C" JNIEXPORT jboolean JNICALL
-Java_vn_osp_security_NativeSecurityCheck_hasDangerousBinaries(JNIEnv* env, jobject /* this */) {
+Java_com_devicedefense_NativeSecurityCheck_hasDangerousBinaries(JNIEnv* env, jobject /* this */) {
     return checkDangerousBinaries() ? JNI_TRUE : JNI_FALSE;
 }
 
 extern "C" JNIEXPORT jboolean JNICALL
-Java_vn_osp_security_NativeSecurityCheck_hasSuspiciousSystemProperties(JNIEnv* env, jobject /* this */) {
+Java_com_devicedefense_NativeSecurityCheck_hasSuspiciousSystemProperties(JNIEnv* env, jobject /* this */) {
     return checkSystemProperties() ? JNI_TRUE : JNI_FALSE;
 }
 
 extern "C" JNIEXPORT jboolean JNICALL
-Java_vn_osp_security_NativeSecurityCheck_hasHookFramework(JNIEnv* env, jobject /* this */) {
+Java_com_devicedefense_NativeSecurityCheck_hasHookFramework(JNIEnv* env, jobject /* this */) {
     return checkFridaInMaps() ? JNI_TRUE : JNI_FALSE;
 }
 
 extern "C" JNIEXPORT jboolean JNICALL
-Java_vn_osp_security_NativeSecurityCheck_isDebuggerAttached(JNIEnv* env, jobject /* this */) {
+Java_com_devicedefense_NativeSecurityCheck_isDebuggerAttached(JNIEnv* env, jobject /* this */) {
     return checkTracerPid() ? JNI_TRUE : JNI_FALSE;
 }
 
+// New SSL security functions
+extern "C" JNIEXPORT jboolean JNICALL
+Java_com_devicedefense_NativeSecurityCheck_hasSSLValidationBypass(JNIEnv* env, jobject /* this */) {
+    return checkSSLValidationBypass() ? JNI_TRUE : JNI_FALSE;
+}
+
+extern "C" JNIEXPORT jboolean JNICALL
+Java_com_devicedefense_NativeSecurityCheck_hasSSLPinningBypass(JNIEnv* env, jobject /* this */) {
+    return checkSSLPinningBypass() ? JNI_TRUE : JNI_FALSE;
+}
+
+extern "C" JNIEXPORT jboolean JNICALL
+Java_com_devicedefense_NativeSecurityCheck_hasProxyConfiguration(JNIEnv* env, jobject /* this */) {
+    return checkProxyConfiguration() ? JNI_TRUE : JNI_FALSE;
+}
+
+extern "C" JNIEXPORT jboolean JNICALL
+Java_com_devicedefense_NativeSecurityCheck_hasModifiedSSLLibraries(JNIEnv* env, jobject /* this */) {
+    return checkModifiedSSLLibraries() ? JNI_TRUE : JNI_FALSE;
+}
+
+extern "C" JNIEXPORT jboolean JNICALL
+Java_com_devicedefense_NativeSecurityCheck_hasCertificateTampering(JNIEnv* env, jobject /* this */) {
+    return checkCertificateTampering() ? JNI_TRUE : JNI_FALSE;
+}
+
+extern "C" JNIEXPORT jboolean JNICALL
+Java_com_devicedefense_NativeSecurityCheck_hasSSLSecurityIssue(JNIEnv* env, jobject /* this */) {
+    return checkSSLSecurity() ? JNI_TRUE : JNI_FALSE;
+}
+
 extern "C" JNIEXPORT jstring JNICALL
-Java_vn_osp_security_NativeSecurityCheck_getSecurityStatus(JNIEnv* env, jobject /* this */) {
+Java_com_devicedefense_NativeSecurityCheck_getSecurityStatus(JNIEnv* env, jobject /* this */) {
     bool isRooted = performRootDetection();
     bool hasDangerousBins = checkDangerousBinaries();
     bool hasSuspiciousProps = checkSystemProperties();
     bool hasHook = checkFridaInMaps();
     bool hasDebugger = checkTracerPid();
+    bool hasSSLIssue = checkSSLSecurity();
+    bool hasSSLBypass = checkSSLPinningBypass();
+    bool hasProxy = checkProxyConfiguration();
+    bool hasModifiedSSL = checkModifiedSSLLibraries();
+    bool hasCertTampering = checkCertificateTampering();
 
     std::string json = "{";
     json += "\"isRooted\":" + std::string(isRooted ? "true" : "false") + ",";
     json += "\"hasDangerousBins\":" + std::string(hasDangerousBins ? "true" : "false") + ",";
     json += "\"hasSuspiciousProps\":" + std::string(hasSuspiciousProps ? "true" : "false") + ",";
     json += "\"hasHookFramework\":" + std::string(hasHook ? "true" : "false") + ",";
-    json += "\"isDebuggerAttached\":" + std::string(hasDebugger ? "true" : "false");
+    json += "\"isDebuggerAttached\":" + std::string(hasDebugger ? "true" : "false") + ",";
+    json += "\"hasSSLSecurityIssue\":" + std::string(hasSSLIssue ? "true" : "false") + ",";
+    json += "\"hasSSLValidationBypass\":" + std::string(hasSSLBypass ? "true" : "false") + ",";
+    json += "\"hasProxyConfiguration\":" + std::string(hasProxy ? "true" : "false") + ",";
+    json += "\"hasModifiedSSLLibraries\":" + std::string(hasModifiedSSL ? "true" : "false") + ",";
+    json += "\"hasCertificateTampering\":" + std::string(hasCertTampering ? "true" : "false");
     json += "}";
 
     return env->NewStringUTF(json.c_str());

package/android/src/main/java/com/devicedefense/DeviceSecurityModule.kt

@@ -133,6 +133,107 @@ class DeviceSecurityModule(reactContext: ReactApplicationContext) :
         }
     }
 
+    // ===== SSL Security Methods =====
+
+    /**
+     * Check if SSL validation has been bypassed
+     */
+    @ReactMethod(isBlockingSynchronousMethod = true)
+    fun hasSSLValidationBypass(): Boolean {
+        return try {
+            NativeSecurityCheck.hasSSLValidationBypass()
+        } catch (e: Exception) {
+            Log.e(NAME, "Error checking SSL validation bypass", e)
+            false
+        }
+    }
+
+    /**
+     * Check if SSL pinning bypass tools are present
+     */
+    @ReactMethod(isBlockingSynchronousMethod = true)
+    fun hasSSLPinningBypass(): Boolean {
+        return try {
+            NativeSecurityCheck.hasSSLPinningBypass()
+        } catch (e: Exception) {
+            Log.e(NAME, "Error checking SSL pinning bypass", e)
+            false
+        }
+    }
+
+    /**
+     * Check if proxy is configured (potential MITM)
+     */
+    @ReactMethod(isBlockingSynchronousMethod = true)
+    fun hasProxyConfiguration(): Boolean {
+        return try {
+            NativeSecurityCheck.hasProxyConfiguration()
+        } catch (e: Exception) {
+            Log.e(NAME, "Error checking proxy configuration", e)
+            false
+        }
+    }
+
+    /**
+     * Check if SSL libraries have been modified
+     */
+    @ReactMethod(isBlockingSynchronousMethod = true)
+    fun hasModifiedSSLLibraries(): Boolean {
+        return try {
+            NativeSecurityCheck.hasModifiedSSLLibraries()
+        } catch (e: Exception) {
+            Log.e(NAME, "Error checking modified SSL libraries", e)
+            false
+        }
+    }
+
+    /**
+     * Check if certificates have been tampered with
+     */
+    @ReactMethod(isBlockingSynchronousMethod = true)
+    fun hasCertificateTampering(): Boolean {
+        return try {
+            NativeSecurityCheck.hasCertificateTampering()
+        } catch (e: Exception) {
+            Log.e(NAME, "Error checking certificate tampering", e)
+            false
+        }
+    }
+
+    /**
+     * Comprehensive SSL security check
+     */
+    @ReactMethod(isBlockingSynchronousMethod = true)
+    fun hasSSLSecurityIssue(): Boolean {
+        return try {
+            NativeSecurityCheck.hasSSLSecurityIssue()
+        } catch (e: Exception) {
+            Log.e(NAME, "Error checking SSL security", e)
+            false
+        }
+    }
+
+    /**
+     * Get detailed SSL security status
+     */
+    @ReactMethod
+    fun getSSLSecurityStatus(promise: Promise) {
+        try {
+            val sslStatus = JSONObject().apply {
+                put("hasSSLValidationBypass", NativeSecurityCheck.hasSSLValidationBypass())
+                put("hasSSLPinningBypass", NativeSecurityCheck.hasSSLPinningBypass())
+                put("hasProxyConfiguration", NativeSecurityCheck.hasProxyConfiguration())
+                put("hasModifiedSSLLibraries", NativeSecurityCheck.hasModifiedSSLLibraries())
+                put("hasCertificateTampering", NativeSecurityCheck.hasCertificateTampering())
+                put("hasSSLSecurityIssue", NativeSecurityCheck.hasSSLSecurityIssue())
+            }
+            promise.resolve(sslStatus.toString())
+        } catch (e: Exception) {
+            Log.e(NAME, "Error getting SSL security status", e)
+            promise.reject("SSL_STATUS_ERROR", e.message)
+        }
+    }
+
     /**
      * Get comprehensive security status
      */
@@ -146,6 +247,13 @@ class DeviceSecurityModule(reactContext: ReactApplicationContext) :
             val isDebuggable = debugDetection.isDebuggable()
             val isEmulator = emulatorDetection.isEmulator()
 
+            // SSL security checks
+            val hasSSLValidationBypass = NativeSecurityCheck.hasSSLValidationBypass()
+            val hasSSLPinningBypass = NativeSecurityCheck.hasSSLPinningBypass()
+            val hasProxyConfiguration = NativeSecurityCheck.hasProxyConfiguration()
+            val hasModifiedSSLLibraries = NativeSecurityCheck.hasModifiedSSLLibraries()
+            val hasCertificateTampering = NativeSecurityCheck.hasCertificateTampering()
+
             val threats = mutableListOf<String>()
 
             if (rootResult.isRooted) {
@@ -161,6 +269,11 @@ class DeviceSecurityModule(reactContext: ReactApplicationContext) :
             if (hasMagisk) threats.add("magisk_detected")
             if (isDebuggable) threats.add("debugger_detected")
             if (isEmulator) threats.add("emulator_detected")
+            if (hasSSLValidationBypass) threats.add("ssl_validation_bypass")
+            if (hasSSLPinningBypass) threats.add("ssl_pinning_bypass")
+            if (hasProxyConfiguration) threats.add("proxy_configuration")
+            if (hasModifiedSSLLibraries) threats.add("modified_ssl_libraries")
+            if (hasCertificateTampering) threats.add("certificate_tampering")
 
             val securityStatus = JSONObject().apply {
                 put("isSecure", threats.isEmpty())
@@ -176,6 +289,14 @@ class DeviceSecurityModule(reactContext: ReactApplicationContext) :
                 put("hasMagisk", hasMagisk)
                 put("isDebuggable", isDebuggable)
                 put("isEmulator", isEmulator)
+                // SSL security fields
+                put("hasSSLValidationBypass", hasSSLValidationBypass)
+                put("hasSSLPinningBypass", hasSSLPinningBypass)
+                put("hasProxyConfiguration", hasProxyConfiguration)
+                put("hasModifiedSSLLibraries", hasModifiedSSLLibraries)
+                put("hasCertificateTampering", hasCertificateTampering)
+                put("hasSSLSecurityIssue", hasSSLValidationBypass || hasSSLPinningBypass ||
+                        hasProxyConfiguration || hasModifiedSSLLibraries || hasCertificateTampering)
                 put("details", JSONObject().apply {
                     put("emulatorType", emulatorDetection.getEmulatorType())
                     val nativeLibLoaded = try {
@@ -206,7 +327,8 @@ class DeviceSecurityModule(reactContext: ReactApplicationContext) :
                     !hookDetection.hasXposed() &&
                     !hookDetection.hasMagisk() &&
                     !debugDetection.isDebuggable() &&
-                    !emulatorDetection.isEmulator()
+                    !emulatorDetection.isEmulator() &&
+                    !NativeSecurityCheck.hasSSLSecurityIssue()
 
             promise.resolve(isSecure)
         } catch (e: Exception) {
@@ -233,13 +355,15 @@ class DeviceSecurityModule(reactContext: ReactApplicationContext) :
             val hasMagisk = hookDetection.hasMagisk()
             val isDebuggable = debugDetection.isDebuggable()
             val isEmulator = emulatorDetection.isEmulator()
+            val hasSSLIssue = NativeSecurityCheck.hasSSLSecurityIssue()
 
             val hasThreat = rootResult.isRooted ||
                     hasFrida ||
                     hasXposed ||
                     hasMagisk ||
                     isDebuggable ||
-                    isEmulator
+                    isEmulator ||
+                    hasSSLIssue
 
             if (hasThreat) {
                 Log.w(NAME, "Security threat detected, blocking app")