|Applies To||RSA Product Set: Adaptive Authentication (OnPrem)|
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
This functionality is available with RSA Mobile SDK. RSA Mobile SDK collects mobile device information in JSON format and later send to AdaptiveAuthentication for risk assessment. One of the device elements includes a positive integer value indicating whether the device is rooted or jailed. This element is only supported with Android and iOS.
Using Mobile SDK requires a different license than AA.
Some basic concepts:
A> Yes, this field information can be used in the Policy Management rules. It can be used in expressions like this:
It will only apply for transactions coming from the mobile channel, so you can also validate the channel when doing so.
A> No, it does not. Mobile web traffic is received as web, so it does not capture the compromised field. This data is only captured by the Mobile SDK in the app.
A> This information about the “Compromised Device” is not available in any logs nor DB. It is used in real time when the transaction is received.
As a workaround, a Test rule can be created with the compromised condition.
That way the rule will be triggered any time a transaction comes from a compromised device, but since it is in test mode it will not create a case. It will be registered in the “EVENT_LOG” table under the [TEST_POLICY_RULE_ID] field and also in the audit and forensic logs.