Enhanced mobile app security via UserDetect Api of Safety Detect
HUAWEI Safety Detect: Enhanced mobile app security via fake user detection using UserDetect API
Opportunity
As people rely more on apps for online banking, electronic commerce, instant messaging, and business-related functions, app security threats are becoming a concern. Protecting apps from credential stuffing attacks, activity bonus hunting, batch registration, content crawling, and the likes is becoming increasingly important. As developers always intend to provide users with secure apps and great app user experience, it would be beneficial to integrate security checks in apps to ensure that they are not used by fake or unauthorized users.
What is UserDetect API of HUAWEI Safety Detect?
HUAWEI Safety Detect provides robust security capabilities to protect your apps from security threats. One of these capabilities is fake user detection that is enabled by the UserDetect API. The UserDetect API helps apps prevent batch registration, activity bonus hunting, credential stuffing attacks, and content crawling.
Fig. 1. Screenshot from Huawei Developers, Make your apps secure with HUAWEI Safety Detect (1:27), depicting the detection of fake users.
The UserDetect API identifies fake users by using relevant data and a real-time risk analysis engine. It continuously analyzes user behavior to differentiate normal user behavior from an automated behavior and performs user verification using a more secure verification method as compared to character verification codes.
Fig. 1. Screenshot from Huawei Developers, Make your apps secure with HUAWEI Safety Detect (1:23), depicting how Safety Detect identifies fake users.
How to use the UserDetect API of HUAWEI Safety Detect?
To use the UserDetect API
1. Call the UserDetect API.
a. Call the userDetection() method to initiate a fake user detection request.
b. Send the returned response token from the UserDetect API to the app server.
c. Call the cloud API of HMS core on the app server to obtain fake user detection result.
2. Initialize the UserDetect API.
· Call the initUserDetect() method to initialize fake user detection and enable use of behavior detection capability.
3. Initiate a detection request by calling the userDetection method.
· Use applied appId as input parameter.
· Add OnSuccessListener and OnFailureListener instances.
· Override onSuccess and onFailure to process the detection result.
NOTE: The successful execution of the onSuccess() method in the UserDetect API indicates user completion of human-machine identification detection. With this, the developer still needs to verify the user response token on the background server.
4. Obtain a detection result.
a. Get an access token.
For more information on how to get an access token, go to https://developer.huawei.com/consumer/en/doc/38054564#h1-1579159342331.
b. Call the cloud-side API to get the detection result.
To disable UserDetect in the app
UserDetect can be disabled in the app to release resources. To do so, call shutdownUserDetect().
The Benefits
To the developer
Improve app security in a very efficient manner regarding development, resulting in increased app credibility and faster app development.
To the end users
End users will feel more secure in using their apps knowing that unauthorized use could be prevented through detection of the environment, device signature verification, and use of a more secure verification method.
Learn More
To know more information on how to maximize the features and advantages of HUAWEI Safety Detect, go to https://developer.huawei.com/consumer/en/hms/huawei-safetydetectkit.
Work cited
HUAWEI Developers. (2020, March 4). Make your apps secure with HUAWEI Safety Detect [Video File], YouTube. Retrieved from https://youtu.be/WFbM63JkvzA.
