Talsec is a mobile application security platform that provides runtime protection (RASP), app hardening, and API integrity verification for mobile apps. The company claims protection across 2 billion+ devices and 5,000+ applications.
The platform follows a freemium model: freeRASP is a free, open-source SDK available on GitHub (446 stars), while the paid RASP+ and AppiCrypt products add advanced protections, monitoring dashboards, and backend API security. Talsec is ISO/IEC 27001 certified.
What is Talsec?
Talsec focuses on runtime protection rather than pre-release vulnerability scanning. Where tools like Oversecured or Zimperium zScan scan app binaries for vulnerabilities before deployment, Talsec’s SDK embeds directly into your app to detect and respond to threats at runtime — rooting, hooking, tampering, emulators, and more.
The SDK is available for nine platforms: Android, iOS, Flutter, React Native, Capacitor, Cordova, Kotlin Multiplatform, Unity, and Unreal Engine. That coverage extends beyond phones to tablets, smart TVs (Apple TV, Android TV, Fire TV), and other connected devices.
Key Features
| Feature | freeRASP (Free) | RASP+ (Paid) |
|---|---|---|
| Root/Jailbreak Detection | Basic | Advanced |
| Frida/Xposed Detection | Yes | Yes |
| App Tampering Detection | Yes | Yes |
| Emulator Detection | Yes | Yes |
| Screen Capture Prevention | Yes | Yes |
| VPN Detection | Yes | Yes |
| Overlay Attack Protection | No | Yes |
| SDK Obfuscation | No | Yes |
| Dynamic TLS Pinning | No | Yes |
| Secret Vault | No | Yes |
| Monitoring Dashboard | Weekly Reports | Real-time |
| Device Limit | Fair Usage Policy | Based on plan tier |
freeRASP
freeRASP is a free, multi-platform runtime protection SDK published under the MIT license. It detects:
- Root/Jailbreak: Magisk, unc0ver, check1rain, Dopamine
- Hooking frameworks: Frida, Xposed, Shadow
- App tampering: Repackaging, code modification, untrusted installation sources
- Device state: Emulator usage, developer mode, ADB access
- Network: VPN usage, unsecured Wi-Fi connections
- Screen capture: Screenshot and screen recording attempts
- Device spoofing: GPS mocking, time manipulation
The SDK also includes freeMalwareDetection for Android, which scans for blocklisted apps, untrusted installations, and risky permissions.
AppiCrypt
AppiCrypt addresses a problem that RASP alone doesn’t solve: API abuse. Even if your app detects tampering, a determined attacker can strip the RASP checks and call your APIs directly.
AppiCrypt generates unique cryptograms evaluated server-side at your API gateway. If the runtime protection has been bypassed or the app instance is compromised, the cryptogram validation fails and the API call is blocked. This makes it harder to abuse APIs through modified app builds, bots, or session hijacking.
App Hardening
The paid tier includes additional hardening features:
- Secret Vault: Dynamic secret provisioning that avoids hardcoded API keys and credentials
- Dynamic TLS Pinning: Certificate pinning that can be updated remotely without app updates, preventing Man-in-the-Middle attacks
- App Data Encryption: Encrypted storage for sensitive application data
Platform Support
Android
iOS
Flutter
React Native
Capacitor
Cordova
Kotlin Multiplatform
Unity
Unreal EngineThe platform also supports Apple TV, Android TV, and Fire TV.
Getting Started
Pricing
| Plan | Monthly Price | Included |
|---|---|---|
| freeRASP | Free | Core RASP protections, weekly reports (Fair Usage Policy) |
| RASP+ Starter | €284 | Up to 10K downloads, Bronze SLA |
| Full Safety Suite Starter | €648 | All features including AppiCrypt, Bronze SLA, 10K downloads |
| Business | Custom | Flexible limits, Silver/Gold SLA |
Compliance
Talsec is ISO/IEC 27001 certified and claims to meet requirements for:
- OWASP MASVS: Resilience requirements for runtime protection
- PSD2 RTS: Payment services security
- eIDAS: Electronic identification standards
- EAL4: Common Criteria evaluation assurance
When to Use Talsec
Talsec is a runtime protection tool, not a vulnerability scanner. It sits on the opposite end of the mobile security lifecycle from tools like MobSF or NowSecure that find issues during development. Talsec protects the deployed app against real-world attacks.
Consider Talsec when:
- You need runtime protection against rooting, hooking, and tampering
- Your app handles sensitive data (financial transactions, healthcare records, authentication tokens)
- API abuse and bot traffic are concerns for your backend services
- You want a free starting point with freeRASP before committing to paid protection
- Cross-platform support across Flutter, React Native, or Unity is a requirement
It’s less relevant if you’re looking for pre-release security scanning (use a MAST tool instead) or if your app doesn’t face meaningful tamper/reverse-engineering threats.
