Mobile SDK — Burein

At a glance

One SDK on both stores. The same artifact your fraud engine already speaks.

iOS: SwiftPM + CocoaPods + XCFramework. minimum iOS 13.
Android: Maven Central AAR. minSdk 21+. ≤1.8 MB.
Flutter, React Native, KMP, MAUI, Unity wrappers.
Cold init < 20 ms. Full report < 800 ms (iOS) / < 900 ms (Android).
subscribe() for streaming updates when threat state changes mid-session.
Signed report, JSON / CBOR / protobuf.

App.kt

// Android. iOS is shape-identical in Swift.
val burein = Burein.Builder(application)
  .publicKey(BuildConfig.BUREIN_PUBKEY)
  .profile(RiskProfile.Banking(Sensitivity.HIGH))
  .build()

lifecycleScope.launch {
  val report = burein.collect()
  api.send(report.toCbor())
}

burein.subscribe { event ->
  if (Threat.SCREEN_SHARE_ACTIVE in event.threats) {
    auth.tearDownSession()
  }
}

Threat coverage

500+ signals across 10 categories.

Device & hardware 70

Model, board, build fingerprint, CPU, RAM, storage, battery, sensors.

Build tags, build.type, security patch
Sensor enumeration with vendors
Multi-display, foldables, Stage Manager

OS state 55

Kernel, bootloader, AVB, SELinux, profiles, MDM.

Verified boot key & state
Dev mode, ADB, mock location
Supervised / managed status

App integrity (RASP) 75

Signing cert, install source, repackaging, code injection, native tamper.

APK / IPA signature validity
Resource & native lib hash diffing
GOT/PLT integrity, text segment hash

Hooking & instrumentation 60

Frida, Xposed, LSPosed, Substrate, Magisk, KernelSU, jailbreak tweaks.

Stealth Frida (mmap, JIT, signal mask)
r2frida / objection tells
Dopamine / palera1n / RootHide

Emulation & virtualization 35

QEMU, Genymotion, BlueStacks, Nox, LDPlayer, MEmu, virtualized apps.

VirtualXposed, Parallel Space, Island
Houdini ARM-on-x86 translation
Work-profile / dual-app detection

Attestation 15

Play Integrity verdicts, App Attest assertion + chain, hardware-backed keys.

MEETS_STRONG_INTEGRITY / VIRTUAL
StrongBox / Secure Enclave presence
Root of trust verification

Network environment 45

Carrier, roaming, VPN tunnels, custom CA, captive portal, MAC randomization.

Cert pinning probe / TLS MITM
tun/utun interface presence
ARP table anomalies

Threat state at runtime 80

Screen capture/share, accessibility abuse, overlays, malware IOCs.

AnyDesk / TeamViewer / RustDesk active
Malicious a11y service detection
Banking trojan package fingerprints

Behavioral & sensors 50

Device-in-hand, gait, tap pressure, sensor tampering, replay detection.

Accel + gyro + light coherence
Constant-value / replay-loop tells
Step counter monotonicity

Inconsistency cross-checks 35

Where the device claims one thing and acts like another.

Model claim vs sensor stack
Carrier claim vs network stack
iOS version claim vs API tells

Why it matters

Most mobile fraud today doesn't need a jailbreak.

Screen-share scams

The fastest-growing fraud vector in India, Brazil, and SEA banking: scammer phones the user, drives them to install AnyDesk / RustDesk, then watches them log in. Burein names this in real time and the host app can tear the session down.

Accessibility abuse

Banking trojans (SharkBot, Anatsa, Brokewell, Crocodilus) abuse accessibility services to read screens and inject taps. Burein ships a curated IOC list and cross-checks active a11y services on every collect.

Repackaging & sideload

Repackaged banking apps re-signed with a new cert and uploaded to third-party stores. Burein verifies the signing chain against your build-time manifest and fails fast.

Virtualized apps

VirtualXposed, Parallel Space, Island — used to clone an app and bypass per-device limits or host Frida modules. Detected at the UID-range, namespace, and data-dir level.

Want to go deeper?

Talk to us about your fraud and integrity goals — we'll show you the signals that matter for your stack.

Talk to us See the platform