> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/merchant-tokenization/sdk-integration/security/countermesures.md). # Countermesures Thales SDK is designed to provide countermeasures against security threats. The following table shows the list of the known security threats and their corresponding SDK behaviors. | Security threat | Description | Build Type | SDK Countermeasure | | ---------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Debugger attached | A hacker attempts to reverse engineer Mobile Application by using debugger that can be attached while executing Mobile Application. | Release | SDK will return an error when the debugger is detected. | | Man in the middle attack (MITM) | A hacker tries to sniff or interfere with the communication channel between SDK and server. | Release | When using the Release build of the SDK with wrongly configured SSL certificate, SDK will return an error during respective flow. | | Rooted/jailbroken mobile device | Using a rooted/jailbroken phone or device to run Mobile Application. | Debug and Release | SDK will return an error on rooted/jailbroken phone during respective flow. | | Device unlock bootloader on Android | Using a device with bootloader unlocked to run Mobile Application. | Debug and Release | SDK will return an error on device with bootloader unlocked during respective flow. | | Hook detection | A hacker attempts to hook (intercept) method calls in order to monitor/modify the behavior of the methods. | Debug and Release | SDK will return returns an error when the hook is detected. | | Debug SDK in production application on Android | Play store application use Debug SDK variant. | Debug | The SDK returns the error when it detects that application is on Release configuration while using Debug SDK binary. | | Use of emulator on Android | Using an emulator to run Mobile Application. | Debug and Release | The SDK returns the error when the emulator is detected. | | Using non-designated application signing certificate and package name on Android or developer team ID and application bundle identifier on iOS | Mobile Application should always be signed using a designated certificate on Android or designated developer team ID and application bundle identifier on iOS. | Debug and Release | Create binding will fail if the developer signing certificate or package name on Android or developer team ID and application bundle identifier on iOS are not the same as that in the Server. The SDK returns the error when Mobile Application is using non-designated signing certificate on Android or developer team ID and application bundle identifier on iOS. | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.payments.thalescloud.io/merchant-tokenization/sdk-integration/security/countermesures.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.