Akamai Botman SDK
The Akamai’s Native App Traffic Protection software development kit (SDK) is called as BMP SDK which detects and defends against bot activity and account takeover in native mobile applications. It collects behavioral data while the user is interacting with the application. This behavioral data, also known as sensor data, includes device characteristics, device orientation, accelerometer data, touch events, etc.
In this blog, we will be discussing how to avoid or overcome false positives to get the full benefit out of BMP SDK.
False Positive in BMP SDK
There are a couple of most occurred False Positive
1. SDK Failed to initialize
This indicates the app is trying to get the sensor data before SDK initialization
2. Telemetry Replay
This indicates the app is sending the same sensor data multiple times
These False Positives are due to improper integration or the request induced by the app flow. In case of improper integration, we need to make sure the SDK is integrated as expected and to make sure all the guidelines are followed.
But in case of a False Positive due to app flow, it will be hard to overcome such an issue. But not to worry I have developed an SDK extension in order to overcome such kind of False Positive. This extension is developed for native iOS(Objective-C), Android(Java), and Cross-Platform(Flutter, React Native) BMP SDK.
This extension won’t help if there is any issue in the integration. First, consult your Solution Architect and identify the root cause of the false positive. If there is any issue with the integration fix it, that will avoid the false positive. If the false positive is due to app flow then this extension will help to avoid these false positives.
In part 1 we will discuss the extension that will avoid “SDK Failed to initialize” false positive
Native iOS
This extension for iOS was developed in Objective-C however, we can use this extension in Swift projects too using the bridging header.
The steps to integrate the extension
- Download the extension using the following link https://github.com/fareethjohn/AkamaiBMPExt/tree/main/iOS
- Import the CYFMonitorExt class
- Now use the getSensorDataInHandler method of CYFMonitorExt instead of the getSensorData method of CYFMonitor to request the sensor data.
[[CYFMonitorExt sharedInstance] getSensorDataIn:^(NSString * _Nonnull sd) {
NSLog(@"%@", sd);
}];
CYFMonitorExt.sharedInstance().getSensorData { sensor in
NSLog(sensor);
}
- This method will ensure the sensor data is delivered by the SDK
Native Android
This extension was developed in Java, let’s see how to integrate it into the Android project
- Download the extension using the following link https://github.com/fareethjohn/AkamaiBMPExt/tree/main/Android
- Include the CYFMonitorExt class in the project
- Now use the getSensorDataInHandler method of CYFMonitorExt instance instead of the getSensorData method of CYFMonitor to request the sensor data.
final CYFMonitorExt mCYFMonitorEXT = new CYFMonitorExt();
mCYFMonitorEXT.getSensorDataInHandler(new SensorDataHandler() {
@Override
public void handle(String sensorData) {
Log.i("CYFMonitor", "handle:"+sensorData);
}
});
- On handle callback, you will receive the sensor data once it is ready
React Native
Use the following steps to integrate the extension into your React Native project
- Download the extension using the following link https://github.com/fareethjohn/AkamaiBMPExt/tree/main/React Native
- import AkamaiBMPExt as mentioned below, with reference to the location of AkamaiBMPExt.js
import {AkamaiBMPExt} from './AkamaiBMPExt.js’
- Initialize the AkamaiBMPExt class and use the getSensorData async method of AkamaiBMPExt instead of the getSensorData method from AkamaiBMP
let bmpExt = new AkamaiBMPExt(); let sd = await bmpExt.getSensorData();
- As it is an async method, it will return the valid sensor data value once it is ready.
Flutter
Use the following steps to integrate the extension into your Flutter project
- Download the extension using the following link and add this to your package https://github.com/fareethjohn/AkamaiBMPExt/tree/main/Flutter
- Import the
AkamaiBMPExt.dartas mentioned below
import 'package:<Your_Package_Name>/AkamaiBMPExt.dart';
- Use the singleton object of AkamaiBMPExt and call the getSensorDataIn async method instead of the getSensorData method from AkamaiBMP as mentioned below.
String? theSD = await AkamaiBMPExt.instance.getSensorDataIn();
- As it is an async method, it will return the valid sensor data value once it is ready.
Conclusion
This extension is built on a retry mechanism which will ensure that the right sensor data is delivered to avoid SDK Failing to initialize false positives. As mentioned earlier, ensure the integration is proper to get the full benefit out of this extension.
Stay tuned for part 2 of this blog, which will address Telemetry Replay false positives!!!!!.
Happy Coding….!
Written By
I’m working as a Sr. Solution Architect in Akamai Technologies. I have more than 12 years of experience in the Mobile app development industry. Worked on different technologies like VR, Augmented reality, OTT, and IoT in iOS, Android, flutter, and other cross-platform apps. Have worked on 45+ apps from scratch which are in the AppStore and PlayStore. My knowledge of mobile development including design/architecting solutions, app development, knowledge around backend systems, cloud computing, CDN, Test Automation, CI/CD, Frida Pentesting, and finding mobile app vulnerabilities
