<< Back to Categories

Android Fingerprinting SDK

About the Android Fingerprinting SDK

This feature, which combines IPQS's web fingerprinting with the IPQS mobile device fingerprinting SDK , offers a flexible solution for your Android app's fraud detection needs. It can verify new or returning users and identify a wide range of high-risk behaviors, including:

Mobile emulators
Residential botnets
Location spoofing
Bots
Non-human requests
Fake accounts
and hijacked devices.

With this tool, you can easily identify app install quality and gain deeper insights into your audience's KPIs. It also helps you detect duplicate accounts and prevent free trial abuse, fraudulent users, fake installs, and much more.

Setup

In your app's top-level build.gradle file, add the following:

maven { url = uri("https://downloads.ipqualityscore.com/maven2/") credentials { username "ipqs" password "YOUR_API_KEY_HERE" } authentication { basic(BasicAuthentication) } }

As an example, your repository list should now look similar to this:

allprojects { repositories { google() jcenter() maven { url = uri("https://downloads.ipqualityscore.com/maven2/") credentials { username "ipqs" password "YOUR_API_KEY_HERE" } authentication { basic(BasicAuthentication) } } } }
In your app's module build.gradle file, add the following:

implementation 'com.ipqualityscore:FraudEngine:1.2.7'
Sync your gradle.build file.
The IPQS SDK can optionally take advantage of the following permissions if you choose to add them to your app. These permissions help us provide better results and create a better overall picture of your users. These permissions must be added to the «manifest» section of your AndroidManifest.xml file.

We highly recommend adding at least the ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE, and READ_PHONE_STATE permissions listed below.

The location permissions also listed below are only helpful if you intend to use the allowLocationRequest() system or if your app already collects location data from your users.

<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/> <uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/> <uses-permission android:name="android.permission.READ_PHONE_STATE"/> <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" /> <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" /> <uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />

App Integration

Add the SDK inside one of your app's activity sections. Ideally, this should be the main activity section, but it does not necessarily need to be, depending on your specific use case.

import com.ipqualityscore.FraudEngine.IPQualityScore; ... IPQualityScore api = IPQualityScore.getInstance(); api.setAppKey("api_key_here"); api.setActivity(this); // Not required if using the Proxy/Email portions of the SDK.
Call the SDK from within your application's activities. Below is an example of how to retrieve the fraud score for a given device:

import android.widget.Toast; import android.content.Context; import com.ipqualityscore.FraudEngine.MobileTracker; import com.ipqualityscore.FraudEngine.IPQualityScore; import com.ipqualityscore.FraudEngine.Interfaces.OnMobileTrackerResult; import com.ipqualityscore.FraudEngine.Utilities.IPQualityScoreException; ... try { /* * Set custom variables if you have them before calling performFraudCheck() * MobileTracker.addCustomVariable("userID", "1234"); */ MobileTracker.performFraudCheck(new OnMobileTrackerResult(){ @Override public void onResult(MobileTrackerResult result){ // Display a result via a toast. Context context = IPQualityScore.getInstance().getContext(); CharSequence text = "You have a fraud score of " + result.getFraudScore().toString() + "!"; int duration = Toast.LENGTH_SHORT; Toast toast = Toast.makeText(context, text, duration); toast.show(); } }); } catch(IPQualityScoreException e){ // Display the error via toast. Context context = IPQualityScore.getInstance().getContext(); CharSequence text = e.getMessage(); int duration = Toast.LENGTH_SHORT; Toast toast = Toast.makeText(context, text, duration); toast.show(); }

Example App

Below is an example Android app with the Mobile Device Fingerprinting SDK integrated. The app will close if the user's fraud score is greater than 85:

package com.ipqualityscore.testsdk;

import android.os.Bundle;
import android.widget.TextView;

import androidx.appcompat.app.AppCompatActivity;

import com.ipqualityscore.FraudEngine.IPQualityScore;
import com.ipqualityscore.FraudEngine.MobileTracker;
import com.ipqualityscore.FraudEngine.Results.MobileTrackerResult;
import com.ipqualityscore.FraudEngine.Interfaces.OnMobileTrackerResult;
import com.ipqualityscore.FraudEngine.Utilities.IPQualityScoreException;

public class MainActivity extends AppCompatActivity {

	@Override
	protected void onCreate(Bundle savedInstanceState) {
		try {
			IPQualityScore api = IPQualityScore.getInstance();
			api.setAppKey("api_key_here");
			api.setActivity(this);
			
			/*
			* Set custom variables if you have them before calling performFraudCheck()
			* MobileTracker.addCustomVariable("userID", "1234");
			*/
			
			MobileTracker.performFraudCheck(new OnMobileTrackerResult(){
				@Override
				public void onResult(MobileTrackerResult result){
					if(result.getFraudScore() > 85){
						android.os.Process.killProcess(android.os.Process.myPid());
						System.exit(1);
					}
				}
			});
		} catch(IPQualityScoreException e){
				
				// Display the error via toast.
				Context context = IPQualityScore.getInstance().getContext();
				CharSequence text = e.getMessage();

				int duration = Toast.LENGTH_SHORT;
				Toast toast = Toast.makeText(context, text, duration);
				toast.show();
				
		}
	}
}

Additional Settings

The SDK allows you to specify that you'd like us to attempt to capture location information from your user via a permission request check. You can enable this like such:

IPQualityScore api = IPQualityScore.getInstance();
api.setAllowLocationRequest(true);

Our SDK allows you to specify custom variables for statistics, postback, and enhanced scoring purposes. We only accept strings for both the key and values specified. Make sure you cast/convert the type of your data appropriately. You can set a custom variable like such:

MobileTracker.addCustomVariable("userID", "1234");

Some apps may want to avoid collecting the advertising ID or may get flagged by Google for doing so. We've added a method to disable it (You no longer need to include androidx.ads:ads-identifier:1.0.0-alpha04 in your build.gradle):

IPQualityScore api = IPQualityScore.getInstance();
api.setCaptureAdvertisingID(false);

Result Methods

Our SDK offers various result methods and functions to enhance your experience and help prevent fraudulent activity. The variable result below signifies an object of com.ipqualityscore.FraudEngine.Results.MobileTrackerResult.

Name	Function	Description	Type
getRaw	result.getRaw()	Get the raw JSON string response from our API. This can be useful for debugging, providing feedback, and long-term storage.	String
getMessage	result.getMessage()	Get the response message string for this request. This usually returns "Success" but can include administrator-level information on why a request failed.	String
getSuccess	result.getSuccess()	A boolean containing the request's success or failure status. True on success, false on failure.	Boolean
getRequestID	result.getRequestID()	The unique ID associated with this request. Helpful for debugging and postbacks.	String
getFraudScore	result.getFraudScore()	Number 0 - 100 describing how likely this device is to commit fraud. 0 being not at all, 100 being definitively fraudulent. We suggest blocking users greater than 85.	Float
getCountryCode	result.getCountryCode()	A two-character country code based on this user's IP address.	String
getRegion	result.getRegion()	A string describing the region this user's IP is from.	String
getCity	result.getCity()	A string describing the city this user's IP is from.	String
getISP	result.getISP()	A string describing the ISP this user's IP belongs to.	String
getOrganization	result.getOrganization()	A string describing the Organization to which this user's IP belongs.	String
getASN	result.getASN()	The ASN assigned to the ISP to which this user's IP belongs.	Integer
getLatitude	result.getLatitude()	The latitude where this user's IP is located.	Float
getLongitude	result.getLongitude()	The longitude where this user's IP is located.	Float
getIsCrawler	result.getIsCrawler()	Returns true if this user's IP is from a known search engine crawler.	Boolean
getTimezone	result.getTimezone()	Returns the timezone this user's IP is from.	String
getHost	result.getHost()	Returns the hostname of this user's IP address.	String
getIsProxy	result.getIsProxy()	Returns true if this user's IP is a known proxy.	Boolean
getIsVPN	result.getIsVPN()	Returns true if this user's IP is a known VPN.	Boolean
getIsTOR	result.getIsTOR()	Returns true if this user's IP is a known or suspected TOR node.	Boolean
getRecentAbuse	result.getRecentAbuse()	Returns true if this user's IP has been reported for being abusive recently or if this device has been seen performing abusive actions.	Boolean
getBotStatus	result.getBotStatus()	Returns true if this user's IP has been reported for botting or if this device has been seen performing bot-like actions.	Boolean
getConnectionType	result.getConnectionType()	Classification of the IP address connection type as "Residential", "Corporate", "Education", "Mobile", or "Data Center".	String
getDeviceSuspicious	result.getDeviceSuspicious()	Returns true if this device has suspicious properties or has been seen performing suspicious activities recently.	Boolean
getDeviceEmulated	result.getDeviceEmulated()	Returns true if this device has been emulated or appears to have been emulated.	Boolean
getDeviceID	result.getDeviceID()	A unique identifier for this device.	String

Retrieve Results

Note: Before using either of these methods, make sure your initial API request passed a valid userID value (or any variable of your choice) using the addCustomVariable function. The variable name must be set on your custom tracking variables.

Postback Example to Retrieve Latest Request by UserID

This method uses the Postback API to retrieve requests by userID.

Retrieve multiple requests with the Request List API

This method uses the Request List API to search by Device ID and IP Address.

Ready to eliminate fraud?

Start fighting fraud now with 5,000 Free Lookups!

We're happy to answer any questions or concerns.

Chat with our fraud detection experts any day of the week.

Call us at: (800) 713-2618

Schedule a Demo Sign Up