One SDK. Three platforms. Zero egress. You own the data, train your own models, and read every line — instead of renting a vendor's score. Everything Burein is, at a glance.
Burein is an on-device SDK for web, iOS, and Android that produces a signed BureinReport describing the device, the environment, the user, the threats, and a risk score. The host application invokes a public collect() method, receives the report in-process, and attaches it to its own outgoing API — typically as an X-Burein-Report header — over whatever transport your stack already runs. Your team turns the report into the fraud, identity, and authentication solutions you choose to build, from friction-minimised 2FA on day one to deeper detections on your timeline. Burein-the-company never sees the data — which means the models you build on top of it are yours to keep, not a vendor's to resell.
1,000+ signal collectors. Modular. Lazy-loaded. Each is stateless and reads a specific surface of the device, browser, or OS — sensors, APIs, runtime state, behavioral entropy.
Rules + on-device ML. Cross-correlates signals into named threats. Emits a tunable risk score and decision hints — entirely deterministic, entirely local.
Builds the BureinReport, canonicalizes it (RFC 8785), signs with your Ed25519 key, and hands the object to your code. JSON, CBOR, or protobuf.
No collector, no engine, no packager makes a network call. CI enforces this; SBOM and reproducible builds let you verify.
All rules, models, and thresholds ship in the SDK binary. Updates require a version bump. There is no channel to swap our logic at runtime.
IMEI, MAC, MSISDN, ad-ID — all gated behind explicit host opt-in and the platform permission. Off unless you turn them on.
Same device + same state ⇒ same visitor_id and the same component contributions. Auditable, testable, replayable.
Every report is signed with your private key, embedded at build time. Your server verifies before trusting any field.
Pick a signal set: full, balanced, or minimal. Override severities. Bring your own rules.
~65 KB gzipped core. ESM, CJS, UMD. WebAssembly for entropy-heavy collectors. Works in iframes. 600+ signals.
Read more →SPM, CocoaPods, XCFramework. ≤1.8 MB. Cold start <250 ms. App Attest, DeviceCheck, jailbreak & tweak detection.
Read more →AAR via Maven Central. minSdk 21+. ≤1.8 MB. Play Integrity, Frida/Xposed/Magisk detection, screen-share defense.
Read more →Talk to us about your fraud and integrity goals — we'll show you the signals that matter for your stack.