/

Understand how Monitor protections work

Monitor protection modules are runtime detectors that identify threats, attacks, and security violations as they happen inside your application.

Each module operates independently and can be enabled, disabled, and configured with its own response action. All modules run at configurable intervals to monitor the runtime environment for threats like debuggers, jailbreaks, tampering, and injection.

On-Premise Protections

Passive detectors that run at configurable intervals (intervalMs) to monitor the runtime environment. These modules detect reverse engineering, device compromise, and integrity violations on devices where your application runs.

Debugger Detection

Detects attached debuggers (lldb, Xcode, ptrace, DYLD_INSERT_LIBRARIES)

Jailbreak Detection

Detects jailbroken devices (Cydia, Sileo, checkra1n, unc0ver)

Simulator Detection

Detects iOS Simulator environments (Xcode Simulator, non-physical devices)

Clock Tampering

Detects system time manipulation to bypass time-based restrictions

Memory Dump Detection

Detects memory dumping attempts (Frida, Cycript, GameGuardian)

Tampering Detection

Detects app bundle tampering, Info.plist modifications, and code changes

Process Injection

Detects code injection, Frida gadgets, Cycript, and Substrate hooks

Network Tampering

Detects proxies, MITM tools, VPN connections, and certificate issues

Hardware Binding

Detects hardware fingerprint changes for device binding enforcement

Screen Recording Detection

Detects active screen recording sessions (iOS 11+)

Screenshot Detection

Detects when the user takes a screenshot of the application

Overlay Detection

Detects UI overlays and tapjacking attempts over the application

Library Injection Detection

Detects DYLD library injection, Frida, Substrate, and dynamic linker abuse

Keychain Integrity Detection

Detects Keychain integrity violations, certificate injection, and MITM tampering

Anomaly Detection

Active by default in every project. Anomaly Detection learns your application's normal behavior patterns and flags deviations without requiring predefined rules. It operates across all application types (desktop, mobile, web).

Anomaly Detection is always-on and is not a configurable ProtectionModuleType. Sensitivity is configured from the Cloud Panel.

Configuring Protections

Each module can be enabled individually with its own response action. You can configure protections from the Cloud Dashboard, a JSON configuration file, or the Configuration API.

Previous
Logging
Next
Debugger Detection