Close Action
Action Type: CLOSE
Terminates the application immediately when a security threat is detected by the Monitor.
Available for: All platforms (Mobile and Desktop)
How It Works
When the Close action is triggered, the application process exits entirely using System.exit(1). This prevents any further execution of potentially compromised code and ensures the threat cannot propagate.
When to Use
Recommended for:
- Financial applications handling payment data
- Healthcare apps with HIPAA-protected information
- Government or military applications
- Apps managing cryptographic keys or tokens
Not recommended for:
- Applications requiring graceful shutdown
- Apps that need to flush pending data before termination
- Services requiring cleanup operations
Configuration
JSON Configuration
{
"protections": [
{
"type": "DebuggerDetection",
"action": "close",
"interval": 5000
},
{
"type": "MemoryDumpDetection",
"action": "close",
"interval": 3000
}
]
}{
"protections": [
{
"type": "DebuggerDetection",
"action": "close",
"interval": 5000
},
{
"type": "MemoryDumpDetection",
"action": "close",
"interval": 3000
}
]
}Code-Based Configuration (Kotlin)
import com.bytehide.monitor.Monitor
import com.bytehide.monitor.core.action.ActionType
import com.bytehide.monitor.core.protection.ProtectionModuleType
Monitor.configure { config ->
config.addProtection(
ProtectionModuleType.DEBUGGER_DETECTION,
ActionType.CLOSE,
5000
)
config.addProtection(
ProtectionModuleType.MEMORY_DUMP_DETECTION,
ActionType.CLOSE,
3000
)
}import com.bytehide.monitor.Monitor
import com.bytehide.monitor.core.action.ActionType
import com.bytehide.monitor.core.protection.ProtectionModuleType
Monitor.configure { config ->
config.addProtection(
ProtectionModuleType.DEBUGGER_DETECTION,
ActionType.CLOSE,
5000
)
config.addProtection(
ProtectionModuleType.MEMORY_DUMP_DETECTION,
ActionType.CLOSE,
3000
)
}Code-Based Configuration (Java)
import com.bytehide.monitor.Monitor;
import com.bytehide.monitor.core.action.ActionType;
import com.bytehide.monitor.core.protection.ProtectionModuleType;
Monitor.configure(config -> {
config.addProtection(
ProtectionModuleType.DEBUGGER_DETECTION,
ActionType.CLOSE,
5000
);
config.addProtection(
ProtectionModuleType.MEMORY_DUMP_DETECTION,
ActionType.CLOSE,
3000
);
});import com.bytehide.monitor.Monitor;
import com.bytehide.monitor.core.action.ActionType;
import com.bytehide.monitor.core.protection.ProtectionModuleType;
Monitor.configure(config -> {
config.addProtection(
ProtectionModuleType.DEBUGGER_DETECTION,
ActionType.CLOSE,
5000
);
config.addProtection(
ProtectionModuleType.MEMORY_DUMP_DETECTION,
ActionType.CLOSE,
3000
);
});Code Examples
Using System.exit()
When a threat is detected, the application will immediately call System.exit(1):
import com.bytehide.monitor.Monitor
Monitor.configure { config ->
config.addProtection(
ProtectionModuleType.DEBUGGER_DETECTION,
ActionType.CLOSE,
5000
)
}
// When threat is detected:
// System.exit(1) is called internallyimport com.bytehide.monitor.Monitor
Monitor.configure { config ->
config.addProtection(
ProtectionModuleType.DEBUGGER_DETECTION,
ActionType.CLOSE,
5000
)
}
// When threat is detected:
// System.exit(1) is called internallyUsing Android Process Termination API
For Android applications, you can alternatively use the native Android process termination API:
import android.os.Process
// Kill the current process using Android API
Process.killProcess(Process.myPid())import android.os.Process
// Kill the current process using Android API
Process.killProcess(Process.myPid())Or in Java:
import android.os.Process;
// Kill the current process using Android API
Process.killProcess(Process.myPid());import android.os.Process;
// Kill the current process using Android API
Process.killProcess(Process.myPid());The Monitor framework uses System.exit(1) internally, but both approaches achieve the same result: immediate process termination.
Exit Code Details
The Close action uses the following exit codes:
- Exit Code 1: Standard abnormal termination due to security threat detection
- Exit Code 0: Reserved for normal application exit (not used by Close action)
Exit code 1 indicates to the operating system that the application terminated abnormally due to a detected threat.
Interval Configuration
The intervalMs parameter determines how frequently Monitor checks for threats:
- Shorter intervals (e.g., 1000ms): More frequent checks, faster threat response, higher CPU usage
- Longer intervals (e.g., 10000ms): Less frequent checks, lower overhead, delayed threat response
For the Close action, recommended intervals are 3000ms to 5000ms for optimal security without excessive performance impact.
Important Considerations
The Close action provides no opportunity for graceful shutdown, data flushing, or cleanup operations. If your application requires graceful termination, consider:
- Using the Log action in combination with manual shutdown logic
- Using the Custom action to implement cleanup before exit
- Using the Erase action to wipe sensitive data before termination
Best Practices
- Pair with Logging: Use the Log action on other modules to detect patterns before Close is triggered
- Test Thoroughly: Ensure your application handles unexpected termination gracefully
- Monitor Exit Behavior: Track application crashes in your analytics to detect when Close is triggered
- Combine with Custom Actions: Use Custom actions on less critical modules for more nuanced responses
- Document Sensitive Modules: Clearly identify which modules should trigger Close for security-critical operations
Related Actions
Log Action
Record threats and continue running the application
Erase Action
Wipe sensitive data before termination
Custom Action
Execute custom handler logic on threat detection