« All posts

Codename One Adds RASP, Attestation, and Smart Rating Prompts

Codename One adds a RASP and device attestation API for banking apps, plus a smarter app-review prompt that avoids annoying users.

Codename One, the open-source framework that builds native mobile and desktop apps from a single Java/Kotlin codebase, shipped two new core features this week: DeviceIntegrity and AppReview. Both follow the same design pattern the project has used for years — a portable Java API that calls through to native behavior where the platform supports it, and falls back sensibly elsewhere, with no native interface code required from developers.

DeviceIntegrity is a runtime self-protection (RASP) and attestation API built for high-security apps like banking and payments. It covers four capabilities — Play Integrity, iOS App Attest, root/jailbreak/Frida detection, and an accessibility-service abuse guard — each activatable via a zero-code build hint or a direct Java API call. The author stresses a critical caveat: the client is never the security boundary. Attestation tokens are opaque and must be verified server-side, since RASP signals only raise the cost of attack rather than guaranteeing device integrity.

AppReview tackles a smaller but common problem: prompting users for a rating at the right moment through the right channel. It uses the platform's native review sheet when available, falls back to a built-in widget otherwise, and lets developers either trigger prompts manually or automate them with launch-count, install-age, and cooldown thresholds. Negative feedback is routed to a private channel instead of the public store listing, protecting app ratings from avoidable one-star reviews.

Both features also auto-manage their own dependencies: unused APIs add no extra weight to the compiled app. For cross-platform teams, this gives a way to harden security posture and improve review strategy without bloating the codebase or hand-writing native bridges.