Understand how Monitor protections work
Monitor protection modules are runtime detectors that identify threats, attacks, and security violations as they happen inside your application.
Each module operates independently and can be enabled, disabled, and configured with its own response action. All on-premise modules run at configurable intervals to monitor the runtime environment for threats like debuggers, virtual machines, jailbreaks, and tampering.
On-Premise Protections
Passive detectors that run at configurable intervals (intervalMs) to monitor the runtime environment. These modules detect reverse engineering, device compromise, and integrity violations on devices where your application runs. All modules work on both mobile and desktop platforms.
Debugger Detection
Detects attached debuggers (ADB, JDWP, ptrace, native debuggers)
Virtual Machine Detection
Detects VM environments (VMware, VirtualBox, QEMU, Hyper-V)
Emulator Detection
Detects Android emulators (Genymotion, AVD, BlueStacks)
Jailbreak Detection
Detects rooted Android devices (Magisk, SuperSU, Xposed)
Clock Tampering
Detects system time manipulation to bypass time-based restrictions
Memory Dump Detection
Detects memory dumping attempts (Frida, Objection, GameGuardian)
Tampering Detection
Detects APK tampering, signature changes, and code modifications
Process Injection
Detects code injection, Frida gadgets, and Xposed hooks
Network Tampering
Detects proxies, MITM tools, and certificate issues
License Binding
Detects hardware fingerprint changes for license enforcement
Container Detection
Detects Docker, Kubernetes, and LXC containers
Remote Desktop
Detects TeamViewer, AnyDesk, screen sharing, and remote access sessions
Cloud Metadata
Detects cloud environment (AWS, Azure, GCP) metadata endpoints
Web & Cloud Protections
Coming Soon
Cloud protection modules (SQL Injection, XSS, Path Traversal, Command Injection, SSRF, LDAP Injection, XXE, NoSQL Injection, and LLM Prompt Injection) for web API monitoring will be available soon in the Java SDK.
Anomaly Detection
Active by default in every project. Anomaly Detection learns your application's normal behavior patterns and flags deviations without requiring predefined rules. It operates across all application types (desktop, mobile, web).
Anomaly Detection
Automatic detection of authentication anomalies, abnormal request rates, unexpected payloads, and suspicious session activity
Configuring Protections
Each module can be enabled individually with its own response action. You can configure protections from the Cloud Dashboard, a JSON configuration file, or the Configuration API.
{
"protections": [
{
"type": "DebuggerDetection",
"enabled": true,
"action": "close"
},
{
"type": "JailbreakDetection",
"enabled": true,
"action": "close"
}
]
}{
"protections": [
{
"type": "DebuggerDetection",
"enabled": true,
"action": "close"
},
{
"type": "JailbreakDetection",
"enabled": true,
"action": "close"
}
]
}See JSON Configuration for the full list of configuration options.
Next Steps
Actions
All response action types and when to use each one
Cloud Configuration
Configure protections from the web dashboard
JSON Configuration
Full schema reference with per-module configuration
Configuration API
Programmatic configuration with Java and Kotlin