In-App
Protection SDK

Secure your app, business, and customers with Talsec SDK, offering in-app and API protection against reverse engineering, app cloning, rooting, API abuse, and more for iOS, Android, and Flutter.

Get full datasheet
Pricing

Honored to be recognized by Ernst & Young with the Cyber Space Innovation trophy for AppiCrypt, acknowledging Talsec's commitment to security.

500 000 000+ Protected Devices

6000+Protected Apps

Handle App Security with a Single Solution

Ensure the security of your application, business, and customers with our comprehensive in-app and API protection Suite. Utilizing a multi-layered approach, Full App Safety Suite effectively combats reverse engineering, app cloning, rooting, API abuse, Frida hooking, Man-in-the-Middle (MitM) attacks, and more. It is available for iOS, Android, and Flutter apps

.RASP+
AppiCrypt®
App Hardening SDK
Malware Detection
Get full datasheet
Get your quote
Plans Сomparison
Runtime Application Self Protection. Due to hundreds of different security controls, RASP-protected App becomes “aware” of risk factors coming from the compromises of the OS and/or app execution environment. Threat signals are also being sent to the monitoring and auditing backend for security analysis and alarming by automatic watchers.
Freemium
Premium
Get it now
 Price
Runtime App Self Protection (RASP)
Runtime Application Self Protection. Due to hundreds of different security controls, RASP-protected App becomes “aware” of risk factors coming from the compromises of the OS and/or app execution environment. Threat signals are also being sent to the monitoring and auditing backend for security analysis and alarming by automatic watchers.
App Shielding SDK
Easy to Integrate SDK. Provides strong protection, flexibility and transparency for developers. All  or only necessary features can be used.  Mature and well-maintained technology proven by thousands of Apps and 500M+ end-users protected.
.freeRASP
.RASP+
Advanced premium version of RASP product tailored for commercial usage to comply with best practices and regulations at banking-grade level.
Resilience to Reverse Engineering and bypass
Basic .freeRASP threats detection mechanisms allow developers to manage reactions on detected security issues. Active threats prevention and configurable reactions make .RASP+ more resilient to bypass techniques. It implies threats prevention vs detection only in .freeRASP (API callbacks that developers would need to obscure and implement). The reactions to threats (like killing the app) can be configured to be triggered from within .RASP+ SDK at a lower level of deeply obscured Native C code. Hence it is much harder to locate and bypass by reverse engineering than reaction maid in App logic code as in .freeRASP.
limited
advanced
SDK obfuscation
.RASP+ binary SDK is built individually with binding to App-specific data (signing cert hash, package name, teamID , etc.). freeRASP SDK is entirely the same binary for all users i.e. "known for attackers". Practically the .freeRASP-protected app may be too weak to pass the professional pentesting because an experienced pentester will be capable of bypassing it.
limited
(same for all users)
advanced
(individually obfuscated build per customer)
Root & jailbreak protections
Rooting/Jailbreaking is a technique of acquiring privileged control over the operating system of an Android/iOS device. While most users root their devices to overcome the limitations put on the devices by the manufacturers, it also enables those with malicious intent to abuse privileged access and steal sensitive information. Many different attack vectors require privileged access to be performed. Tools such as Magisk or Shadow can hide privileged access and are often used by attackers.
basic
advanced
Runtime reverse engineering controls
Debugger
While most developers use debuggers to trace the flow of their program during its execution, the same tool can be attached to an application in an attempt to reverse engineer, check memory values, and steal confidential information.
Emulator / Simulator (e.g. Nox Player, BlueStacks)
Running an application inside an emulator/simulator allows an attacker to hook or trace program execution. Common disadvantages of emulators are:
- leakage of data (malicious emulators)
- cheating in games (gaming emulators)
- broken sandbox (easier to get root privilege)
- sign of reverse engineering.
Hooking protections (e.g. Frida, Cydia Substrate)
The application can be analyzed or modified even though its source code has not been changed, applying a technique known as hooking. This technique can be used to intercept system or application calls and then modify them. An attacker can exploit this by inserting new (often malicious) code or by altering existing one to obtain personal client data. The most well-known hooking frameworks are Frida or Cydia Substrate.
basic
advanced
Runtime integrity controls
App tampering
Every application can be easily modified and then resigned by an attacker. This process is known as application repackaging. There may be many reasons for application repackaging, whether it's trojan-code insertion, RAT weaponization, altering app's behavior, credential/JWT harvesting, or bypassing app licensing. A modified/tampered application is often distributed using third-party stores or other side channels.
Malicious repackaging / cloning
Every application can be easily modified and then resigned by an attacker. This process is known as application repackaging. There may be many reasons for application repackaging, whether it's trojan-code insertion, RAT weaponization, altering app's behavior, credential/JWT harvesting, or bypassing app licensing. A modified/tampered application is often distributed using third-party stores or other side channels.
Sideloading / unofficial store installation
Users can share a copy of the application on unofficial stores or various pirate forums. While some users download these copies to avoid paying for the product, they can include unknown and possibly dangerous modifications. Verifying an official installation consequently protects both the users and the owner. This reaction is also triggered, if you install the application through alternative ways like Android Debug Bridge (ADB) or file manager.
basic
advanced
Device OS security status check
HW security module
Device screen lock
Google Play Services availability
Huawei Mobile Services availability
Last security patch update
System VPN
Developer options
UI protection
Tapjacking / Overlay attack
A screen overlay attack, also known as a tapjacking, is a technique in which a portion of the application screen is obscured by a malicious transparent screen. This deceptive overlay steals user’s clicks (PIN, password, etc.).
Accessibility Services misuse protection
Malicious screen readers are considered one of the weakest points of the Android OS from a security standpoint. These dangerous apps can retrieve any content on the screen by misusing the accessibility features primarily intended for users with disabilities. Captured data typically involve personal information, account balances, and credentials. Hiding the sensitive information is advised in case unwanted screen reader apps are detected.
Remote Configuration
Ability to change the SDK setting and behavior remotely without a need to app re-publishing.
App Hardening Suite
Set of tools for Mobile Apps developers that help to solve and mitigate some specific security issues, like combat a man-in-the-middle (MiTM) attacks, client secrets protection, Application Layer End-2-End Encryption, User/Device Binding, suspicious apps detection .
Security hardening suite
Secret Vault (API keys, tokens, etc.)
If you put your secrets in plain sight without any additional protection, they can be easily stolen from your app. Not only may reverse engineers do this manually but there are even automated scanners that extract secrets from every public app. Protect API keys, encryption keys, tokens, secret strings (URL), certificates, key rotations, and configuration files easily.
With the Secret Vault:
-No secrets in your code
-Secrets can be dynamically updated
Dynamic TLS certificate pinning
Certificate pinning forces the client app to validate the server’s certificate against known characteristics/fingerprint (certificate, public key, hashed public key, etc.). Application without certificate pinning is prone to man-in-the-middle or DNS spoofing attacks.

Implementation of certificate pinning will usually use certificates hard-coded in applications. This approach will enforce both the rebuild of an application and the update for users when the hardcoded certificate is about to expire or is revoked. In applications that are pinning multiple certificates, this enforcement may occur too often.

Talsec implements dynamic certificate pinning. It solves the problem by transferring trust from hard-coded certificates to hard-coded "master" keys. This way, we can separate the lifecycles of certificates and trusted keys.
App Data and E2EE light
TBC
[coming soon]
.freePinning [coming soon]
AppiCrypt® – App Integrity Cryptogram
Innovative technology that allows the backend to control the state of the Client App and mobile OS integrity. It provides and calculates the online risk score and allows filtering the malicious calls at the API gateway or at the backend App logic level.
API protection
Online Fraud detection
Online Risk Scoring
Prevent App Impersonation (API protection by cryptographic proof of app & device integrity)
No third-party web service dependency
Enable User-Device binding
Zero-trust methodology
Malware Detection
Active protection against known malware, ongoing malware campaigns, counterfeit app clones, and other potentially risky apps is essential for the overall security posture.

Malware detection scans the device for blocklisted apps, apps installed from untrusted app stores or side-loaded from elsewhere, and apps requiring risky permissions. Any unwanted findings are reported back to the app and logged.
Malware detection for Android apps
Detection of apps installed from untrusted stores or side-loaded
Detection of apps with suspicious permissions
.freeMalwareDetection 

[coming soon]
App Security Monitoring and Logging
App security monitoring service is shared both for Android and iOS. App security monitoring service (i.e., reports and email alerts) for .freeRASP is provided by Talsec free of charge within FUP.

Only commercial plans currently support customer managed or inhouse audit/monitoring data collection cloud service.
Threat events data collection from SDK
collect by Talsec managed DB
collected by Customer managed DB
Weekly App Security report
up to 100K devices
UI portal for Logging, Data analytics and Auditing
[coming soon]
Customer managed
Support and Maintenance
Silver Support and maintenance for commercial plans with committed Reaction, Restoration and Resolution time.
SLA and maintenance updates
not committed
Fair usage policy (up to 100K Devices)
Placing of “Protected by .freeRASP” button in the App screen(s) required
over 100K downloads
Talsec can use as reference the App name and logo (e.g. "Trusted by" section on the web)
over 100K downloads
Threat signals data collection to Talsec database for processing and product improvement
Price for subscription
Get it now
Price
Show More
Hide

Why is our Protection Right for Your Software?

Our main advantages, or why we are considered a successful advocate for your software? Why we should cooperate.

Protection Against
Complex Threats

Talsec provides comprehensive protection of mobile applications against various types of attacks.

Easy Integration
and Cross-Platform

Talsec offers an SDK that supports various platforms, including Android, iOS.

In-depth Threat
Monitoring and Reporting

The service provides the ability to receive reports and analytics in real time.

API Protection
with AppiCrypt®

AppiCrypt provides an additional layer of security for APIs by generating cryptograms.

Try
now

Simple integration allows you to have your app protected by the end of the day.

Get .freeRASP
.freeRASP
.RASP+
AppiCrypt
AppHardening SDK
MalwareDetection

Get Robust Protection for Free

Talsec .freeRASP provides a free commercial-grade and easy-to-integrate mobile security SDK that safeguards applications and protects against dangerous behavior. freeRASP is supported on Android and iOS, with customized modules for Flutter, Cordova, React Native, and Capacitor developers.
Compliant with OWASP MASVS Resilience Requirements
Easily customized reactions to attacks and detected security threats
Simple integration without impact on performance
Weekly detailed security report via email

Runtime Application Self Protection

Advanced premium version of .RASP+ product tailored for commercial usage to comply with best practices and regulations at banking-grade level. 
Root & Jailbreak protections
Runtime reverse engineering controls 
Runtime integrity controls 
Device OS security status check 
UI protection
Remote SDK Configuration

App Integrity Cryptogram

Innovative technology that allows the backend to control the state of the Client App and mobile OS integrity. It provides and calculates the online risk score and allows filtering the malicious calls at the API gateway or at the backend App logic level.
Ensure Client App Integrity 
Calculate Risk 
Filter Malicious Calls 

App Hardening Suite

Set of tools for Mobile Apps developers that help to solve and mitigate some specific security issues:
Dynamic TLS certificate pinning
Secret Vault (API keys, tokens, etc.)
Enhancing Mobile App Security: 
Combat MiTM Attacks
Protect Secrets
Suspicious apps detection
Encrypt End-to-End

Malware Detection

Active protection against known malware, ongoing malware campaigns, counterfeit app clones, and other potentially risky apps is essential for the overall security posture.

Proactive Defense for your Android Apps:
Shielding Against Malware
Counterfeit Clones
Detect Risky Apps
Respond to targeted malware campaigns
Strengthen Security Posture

Supported Platforms

iOS
Android
React Native
Flutter
Capacitor
Cordova

Comply with Regulatory Standards

PSD2 RTS
We meet the requirements set by the European Banking Authority
eIDAS
We meet the requirements for a high level of reliability
EAL4
We meet the general high-level criteria

Trusted by

What Our Clients are Saying

Using Talsec has been a key factor in enhancing the security of our mobile applications. The platform provides excellent protection that meets all modern cybersecurity requirements. We especially appreciate the simplicity of integrating the Business .RASP+ for our mobile apps, which offers comprehensive protection on both the app and server sides. This ensures robust defense against potential threats across various attack vectors critical for mobile security. Notably, Talsec helps address almost all risks from the Mobile OWASP Top 10, which is an outstanding result, as very few tools can achieve this so quickly and effectively. Communication with the Talsec team is highly efficient, and they offer great support. They are always ready to assist and provide expert advice. The product documentation is also clear and detailed, making integration much more accessible. If you need a reliable mobile security solution, Talsec is a great choice!”
Oleksii Misnik
Information Security Tech Lead at airSlate
The robust runtime protection and jailbreak detection of Business .RASP+ have significantly strengthened the security posture of our mobile applications, ensuring a safer experience for our customers and increased protection of Wizz Air booking flow. The seamless integration and responsive support from the Talsec team have made this partnership invaluable.
Ábris Nagy
Product Security Lead at Wizz Air
Talsec solutions greatly helped us reinforce our Mobile Risk intelligence strategy and better detect abnormal behavior. Also, working closely with the dedicated Talsec team improved the integration time and allowed an efficient use of the services. Highly recommend if you are looking for tailored made and customized fraud prevention and security solutions delivered by a dedicated team.
Yassine Zyad
CPTO at Kenz'up

Our Blog

How to test a RASP? OWASP MAS: RASP Techniques Not Implemented [MASWE-0103]
How to test a RASP? OWASP MAS: RASP Techniques Not Implemented [MASWE-0103]
The updates in the OWASP Mobile Application Standard (MAS) for 2025 will incorporate a new MASWE called "RASP Techniques Not Implemented." Let us preview the contributed draft written by Talsec
Read More
Read More
Talsec is going to BlackHat MEA 2024!
Talsec is going to BlackHat MEA 2024!
Premier cybersecurity event, bringing together over 40,000 security professionals and industry leaders
Read More
Read More
Hacking and protection of Mobile Apps and backend APIs | 2024 Talsec Threat Modeling Exercise
Hacking and protection of Mobile Apps and backend APIs | 2024 Talsec Threat Modeling Exercise
Enjoy the ultimate threat modeling knowledge sharing refined through insights from hundreds of sessions with mobile security experts and shared with many CTOs,
Read More
Read More
Read More
Still not convinced?
Get full Talsec specs
Get full Talseс specs. Download our Datasheet with full information of our service
Get full datasheet
Request Demo
Talsec offers App Safety as a Service. It includes App and API protection SDK, Penetration testing, monitoring service, and User Safety suite.
Products
.freeRASP.RASP+AppiCryptAppHardening SDKMalwareDetection
Pricing
Company
About Us
Resources
Docs PortalBlogTestimonialsFlutter Security
Legal
General Terms and ConditionsPrivacy PolicyCookies
Contact
Contact Us
contact@talsec.app
contact@talsec.app
Subscribe for products updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
©2024 Talsec. All Rights Reserved