/

Close Action

Action Type: CLOSE

Terminates the application immediately when a security threat is detected by the Monitor.

Available for: All platforms (Mobile and Desktop)

How It Works

When the Close action is triggered, the application process exits entirely using exit(1). This prevents any further execution of potentially compromised code and ensures the threat cannot propagate.

When to Use

Recommended for:

  • Financial applications handling payment data
  • Healthcare apps with HIPAA-protected information
  • Government or military applications
  • Apps managing cryptographic keys or tokens

Not recommended for:

  • Applications requiring graceful shutdown
  • Apps that need to flush pending data before termination
  • Services requiring cleanup operations

Configuration

JSON Configuration

JSON
{
  "protections": [
    {
      "type": "DebuggerDetection",
      "action": "close",
      "intervalMs": 5000
    },
    {
      "type": "MemoryDumpDetection",
      "action": "close",
      "intervalMs": 3000
    }
  ]
}

Code-Based Configuration (Swift)

Swift
import ByteHideMonitor

BHMMonitor.configure { config in
    config.enableProtection(
        .debuggerDetection,
        action: .close,
        intervalMs: 5000
    )

    config.enableProtection(
        .memoryDumpDetection,
        action: .close,
        intervalMs: 3000
    )
}

Code-Based Configuration (Objective-C)

OBJC
#import <ByteHideMonitor/ByteHideMonitor.h>

[BHMMonitor configure:^(BHMMonitorConfiguration *config) {
    [config enableProtection:BHMProtectionModuleTypeDebuggerDetection
                      action:BHMActionTypeClose
                  intervalMs:5000];

    [config enableProtection:BHMProtectionModuleTypeMemoryDumpDetection
                      action:BHMActionTypeClose
                  intervalMs:3000];
}];

Code Examples

Using exit()

When a threat is detected, the application will immediately call exit(1):

Swift
import ByteHideMonitor

BHMMonitor.configure { config in
    config.enableProtection(
        .debuggerDetection,
        action: .close,
        intervalMs: 5000
    )
}

// When threat is detected:
// exit(1) is called internally

Exit Code Details

The Close action uses the following exit codes:

  • Exit Code 1: Standard abnormal termination due to security threat detection
  • Exit Code 0: Reserved for normal application exit (not used by Close action)

Exit code 1 indicates to the operating system that the application terminated abnormally due to a detected threat.

Interval Configuration

The intervalMs parameter determines how frequently Monitor checks for threats:

  • Shorter intervals (e.g., 1000ms): More frequent checks, faster threat response, higher CPU usage
  • Longer intervals (e.g., 10000ms): Less frequent checks, lower overhead, delayed threat response

For the Close action, recommended intervals are 3000ms to 5000ms for optimal security without excessive performance impact.

Important Considerations

The Close action provides no opportunity for graceful shutdown, data flushing, or cleanup operations. If your application requires graceful termination, consider:

  • Using the Log action in combination with manual shutdown logic
  • Using the Custom action to implement cleanup before exit
  • Using the Erase action to wipe sensitive data before termination

Best Practices

  • Pair with Logging: Use the Log action on other modules to detect patterns before Close is triggered
  • Test Thoroughly: Ensure your application handles unexpected termination gracefully
  • Monitor Exit Behavior: Track application crashes in your analytics to detect when Close is triggered
  • Combine with Custom Actions: Use Custom actions on less critical modules for more nuanced responses
  • Document Sensitive Modules: Clearly identify which modules should trigger Close for security-critical operations

Log Action

Record threats and continue running the application

Erase Action

Wipe sensitive data before termination

Custom Action

Execute custom handler logic on threat detection

Previous
Log
Next
Erase