Android React Native - Device Intelligence

Device Fingerprinting helps you understand your user’s unique hardware with their device data. It efficiently syncs the data in the background, processes them and the data processed can be used to generate a fingerprint id.

Integration Overview

Integrate Android SDK in your application
Call the API to query device information

SessionKey and UserID is generated from client backend and sent to the SDK.
Invoke the submit function in SDK to pass the data to Bureau backend.
Upon successful transmission of the parameters, a callback is received in the SDK, based on the callback (Success/Failure) next steps can be taken.
If the callback is successful, Invoke Bureau's backend API /v1/suppliers/device-fingerprint to fetch the results.
Use the fingerprint and risk signals to allow, block or redirect the user to a desired flow.

Integration Demo

View: https://videos.ctfassets.net/l8k8fvl7z21i/52iAlY7Xv4bjWrWvqIponk/7a7090738c2a4839a8115c38cba90702/Screen_Recording_2022-12-30_at_12.58.00_AM.mp4

Note : For demo purposes we are generating the fingerprint in the SDK but as a best practice we recommend you to generate if from your backend and pass it to the SDK

Usage

Install the package

npm install react-native-fingerprint-bureau
or 
yarn add react-native-fingerprint-bureau

Initialise the SDK

import {
  initialize_fingerprint_sdk,
  submitFingerPrintData,
} from 'react-native-fingerprint-bureau';

React.useEffect(() => {
    initialize_fingerprint_sdk(
      'client_id'
      'environment',
    );
}, []);

Submit the data

The DataCallback added in the Submit function returns whether the device data has been registered or not.

onPress={() => {
          submitFingerPrintData(session_id, user_id, flow)
            .then(res => {
              // Save in State
              console.log('FINGERPRINT', res);
            })
            .catch(e => console.log('FINGERPRINT', e));
        }}

Parameter Description

Key	Description	Mandatory/Optional
client_id	The client id shared by Bureau.	Mandatory
environment	Environment in which SDK is being used. Possible values 'sandbox' or 'production'.	Mandatory
session_id	Identifier to track a session, note we recommend you to generate it from your backend. This has to be unique for every request.	Mandatory
user_id	Identifier for a user, can be internal customer ID.	Mandatory
flow	Flow in which the SDK is being invoked, can be login signup, deposit, withdrawal, no restrictions.	Optional

Serverside URL's

Sandbox - https://api.overwatch.stg.bureau.id/v1/suppliers/device-fingerprint
Production - https://api.overwatch.bureau.id/v1/suppliers/device-fingerprint

Server side call to get the details

url --location --request POST 'https://api.overwatch.bureau.id/v1/suppliers/device-fingerprint' \
--header 'Authorization: Basic MzNiNxxxx2ItZGU2M==' \
--header 'Content-Type: application/json' \
--data-raw '{
    "sessionKey": "697bb2d6-xxxx-487f-xxxx-548d6a809360"
}'

Response

{
                "GPSLocation": {
                    "city": "Ahmedabad",
                    "country": "IN",
                    "latitude": 23.03499984741211,
                    "longitude": 72.56400299072266,
                    "region": "Gujarat"
                },
                "IP": "43.242.116.163",
                "IPLocation": {
                    "city": "Ahmedabad",
                    "country": "IN",
                    "latitude": 23.03499984741211,
                    "longitude": 72.56400299072266,
                    "region": "Gujarat"
                },
                "IPSecurity": {
                    "VPN": false,
                    "isCrawler": false,
                    "isProxy": false,
                    "isTor": false,
                    "threatLevel": "low"
                },
                "IPType": "v4",
                "OS": "android",
                "VPN": null,
                "conditionsEvaluationStatus": true,
                "debuggable": true,
                "emulator": true,
                "error": null,
                "fingerprint": "ce53c2cd-xxxx-40c3-xxxx-41400751a07e",
                "firstSeenDays": 11,
                "isAppCloned": false,
                "isAppTampered": false,
                "mockgps": false,
                "model": "sdk_gphone64_arm64",
                "package": "com.rxxxo.app.staging",
                "riskLevel": "HIGH",
                "rooted": false,
                "status": "OK",
                "totalUniqueUserId": 3,
                "userId": "9xxxx6x4"
            }
        }

{
  "data": null,
  "errors": {
    "status": 401,
    "errorCode": "UNAUTHORIZED",
    "service": "Overwatch"
  },
  "message": "",
  "meta": {
    "length": 0,
    "took": 0,
    "total": 0
  }
}

{
  "error": {
    "code": 0,
    "description": "",
    "message": "Server encountered an error",
    "metadata": null,
    "referenceId": "86529a18-a5cb-4da9-91b0-8d04cdb9167e",
    "type": "INTERNAL_SERVER_ERROR"
  },
  "merchantId": "auth0|61dfxxxx0071be7021",
  "requestId": "c69d86f0-xxxx-4ef0-xxxx-e687d595a507",
  "statusCode": 500,
  "timestamp": 1657009043753
}

{
    "error": {
        "code": 422,
        "description": "Failed to find fingerprint for given session key",
        "message": "NO_RECORD_FOUND",
        "metadata": null,
        "referenceId": "",
        "type": "NO_RECORD_FOUND"
    },
    "merchantId": "auth0|61dfbbxxxx420071be7021",
    "requestId": "24e1aa7f-xxxx-404d-xxxx-5f8a0227e8f0",
    "statusCode": 422,
    "timestamp": 1658402132141
}

{
    "statusCode": 400,
    "error": {
        "code": 0,
        "type": "BAD_REQUEST",
        "message": "Session key is missing",
        "description": "request does not contain additionalData.sessionKey param in request",
        "referenceId": "24f94ae8-xxxx-48a4-xxxx-b25f99fb06d9",
        "metadata": null
    },
    "timestamp": 1658402143450,
    "merchantId": "auth0|61dfbbxxxx3420071be7021",
    "requestId": "66403193-xxxx-44bc-xxxx-14735a45dfeb"
}

Response Description

Key	Description
GPSLocation(city, country, latitude, longitude, region)	GPS Based location of the user, user's consent is required to be taken to get this details.
IPLocation(city, country, latitude, longitude, region)	IP based location of the user.
IP	IP address of the user.
VPN	Flag to indicate if the IP being used by the user is a VPN. (Note the VPN within the `IPSecurity` JSON object should be used and not the one outside.
isCrawler	Flag to indicate if the IP being used by the user is associated with a crawler.
isProxy	Flag to indicate if the IP being used by the user is a proxy.
isTor	Flag to indicate if the IP being used by the user is of a Tor network.
threatLevel	The threat level associated with the IP. Possible values can be ["low", "medium", "high"]
IPType	The type of IP, ["v4", "v6"]
OS	The OS of the user's device.
debuggable	Flag to indicate if the app is in debug mode.
emulator	Flag to indicate if the app is being run on an emulator
fingerprint	A hash generated for the device, this identifier will be unique for a device.
firstSeenDays	The number of days from which the device is identified on Bureau's network.
isAppCloned	Flag to indicate if the app is cloned.
isAppTampered	Flag to indicate if the app is tampered.
mockgps	Flag to indicate if the user is spoofing their GPS location. This will need users permission for background location.
model	The device model.
package	The package name.
riskLevel	Risk level of the user, calculated based on the flags that are exposed in the above sections. Possible values ["LOW", "MEDIUM", "HIGH"]
rooted	Flag to indicate if the device is rooted.

Go live checklist

For determining the app tamper check, we would require your package name and signature hash code, kindly ensure this is shared before going live. The hash code can be obtained from PackageManager GET_SIGNING_CERTIFICATES signingInfo.signingCertificateHistory this will be a byte array.