Mobile Apps

PreLogin is the first line of defense: a set of runtime checks that fire the instant your mobile app is launched, before the user interacts with the login screen. Compromised sessions are flagged (or blocked) before they ever reach authentication.

SDK Installation

Before integrating, install the SDK in Getting Started → Install the SDK →

Security Monitoring

Start continuous RASP monitoring in the background using securityCheckConfig . The detectionAction fires on every scan cycle with the aggregated result.

Where to initialize

Android / Flutter: call this in Application.onCreate() or the root widget's State.initState(). iOS / Capacitor iOS: call this in AppDelegate.application(_:didFinishLaunchingWithOptions:) or the equivalent entry point in your framework.

Kotlin

// Application.onCreate()
val smartIDPrevention = SmartID.securityCheckConfig(
    license   = "YOUR_KEY",
    channelId = 1,
    config    = SmartID.Config(
        interval             = 1,
        timeout              = 1,
        permissions          = listOf(SmartID.Permission.CAMERA),
        overlayProtection    = true,
        blockCellphoneScreen = true
    ),
    detectionAction = { detected, categories ->
        if (detected) {
            // block, redirect, or send categories to your backend
        }
    }
)
smartIDPrevention.startSecurityChecks()

To stop monitoring:

Kotlin

// onDestroy() or onStop()
smartIDPrevention.stopSecurityChecks()

Swift

// AppDelegate.application(_:didFinishLaunchingWithOptions:)
SmartID.shared.startLocation()

let smartIDPrevention = SmartID.shared.securityCheckConfig(
    license:   "YOUR_KEY",
    channelId: 1,
    config: SmartID.Config(
        interval:             1,
        timeout:              1,
        permissions:          [.camera],
        overlayProtection:    true,
        blockCellphoneScreen: true
    ),
    detectionAction: { detected, categories in
        if detected {
            // block, redirect, or send categories to your backend
        }
    }
)
smartIDPrevention.startSecurityChecks()

To stop monitoring:

Swift

// applicationWillResignActive or sceneDidEnterBackground
smartIDPrevention.stopSecurityChecks()

Dart

// State.initState()
final _prevention = SmartID.securityCheckConfig(
    license:   'YOUR_KEY',
    channelId: 1,
    config: SmartID.Config(
        interval:             1,
        timeout:              1,
        permissions:          [SmartID.Permission.camera],
        overlayProtection:    true,
        blockCellphoneScreen: true,
    ),
    detectionAction: (detected, categories) {
        if (detected) {
            // block, redirect, or send categories to your backend
        }
    },
);
_prevention.startSecurityChecks()

To stop monitoring:

Dart

// State.dispose()
_prevention.stopSecurityChecks()

TypeScript

import { SmartID } from 'capacitor-smartid';

// iOS only — initialize GPS sensor before monitoring
await SmartID.startLocation();

await SmartID.startSecurityChecks({ license: 'YOUR_KEY', channelId: 1 });

SmartID.addListener('securityReasons', (result) => {
    if (result.reasons.length > 0) {
        // block, redirect, or send result.reasons to your backend
    }
});

// Android only — screen capture protection
await SmartID.startBlockCellphoneScreen({ enableScreen: true, enableApp: true });

// Android only — overlay attack protection
const overlay = await SmartID.enableOverlayProtection();

To stop monitoring:

TypeScript

await SmartID.stopSecurityChecks();
SmartID.removeAllListeners();

Important — permissions

Only pass in permissions the permissions already declared in your AndroidManifest.xml / Info.plist and granted by the user at runtime. The SDK will not request them.

Reference

securityCheckConfig

Parameter	Type	Description
`license`	`String`	SmartID license key
`channelId`	`Int`	Channel identifier
`config`	`SmartID.Config`	Scan cycle configuration
`detectionAction`	`(Boolean, List<String>) -> Unit`/`(Bool, [String]) -> Void`	Callback fired on every scan cycle

detectionAction — callback parameters

Parameter	Type	Description
`detected`	`Boolean`/`Bool`	true if any RASP control fired
`categories`	`List<String>`/`[String]`	Names of the controls that triggered

SmartID.Config

Parameter	Type	Description
`interval`	`Int`	Seconds between consecutive scans
`timeout`	`Int`	Max seconds per individual scan
`permissions`	`List<Permission>`/`[Permission]`	Permissions already declared and granted
`overlayProtection`	`Boolean`/`Bool`	Blocks overlay attacks while monitoring is active
`blockCellphoneScreen`	`Boolean`/`Bool`	Prevents screen capture or mirroring

SmartID.Permission

Android

Value	AndroidManifest permission
`CAMERA`	`android.permission.CAMERA`
`LOCATION`	`ACCESS_FINE_LOCATION`
`PHONE_STATE`	`READ_PHONE_STATE`
`BLUETOOTH`	`BLUETOOTH_CONNECT`

iOS

Value	Info.plist key
`.camera`	`NSCameraUsageDescription`
`.location`	`NSLocationWhenInUseUsageDescription`
`.motion`	`NSMotionUsageDescription`
`.bluetooth`	`NSBluetoothAlwaysUsageDescription`

What to do on detection

Android/iOS/Flutter: when detected = true, the categories array contains the names of the RASP controls that fired. Capacitor: result.reasons contains numeric codes of the triggered controls. Common responses: block the login screen, redirect to an error flow, or forward the data to your backend for risk scoring.

Continue: Login Mobile GetRawData · Android, iOS, Flutter & Capacitor →