Download App Protector SDK
App Protector SDK is a mobile security component built into the application's code enabling runtime protection as well as a variety of mobile application hardening techniques, including jailbreak detection.
Available for both iOS and Android, this feature allows the app to detect when a call is in progress while the application is running.
Why does that matter?
Phone calls have become one of the most dangerous attack vectors in modern mobile fraud.
Ongoing Call Detection adds an extra line of defense against voice-based social engineering attacks, helping identify situations where users may share confidential information over the phone while using your app.
It starts with a phone call.
A scammer poses as someone from the user’s bank or a trusted support team. They explain there's a problem with the user’s account - perhaps suspicious activity or a blocked transaction. To "resolve" it, they ask the user to open their mobile banking app immediately.
Trusting the voice on the line, the user unlocks their phone and opens the app.
At that moment, Ongoing Call Detection activates.
The app notices that a call is in progress. Depending on the configuration, one of two things happens:
“You're currently on a call. Be cautious - never share login credentials or security codes over the phone.”
This subtle disruption can be all it takes to break the attacker’s momentum and make the user think twice.
These attacks aren’t theoretical. They happen every day, especially to less tech-savvy users. But with Ongoing Call Detection, your app becomes part of the defense - alert, aware, and ready to intervene at the exact moment when necessary.
One of the key strengths of the Ongoing Call Detection feature is how configurable and adaptive it is. Much like other mobile threat detections, such as screen recording, jailbreak, or rooting, this detection is fully integrated into the configuration wizard, allowing for tailored responses based on app requirements or individual user profiles.
Here are the available reaction options when a call is detected:
The app can show a clear, contextual warning to the user, such as:
“You're currently on a call. Be cautious about sharing sensitive information. This call may not be secure.”
This soft intervention is ideal for encouraging safer behavior without interrupting the user experience.
In higher-risk environments, such as financial, government, or enterprise apps, the app can be configured to automatically shut down when a call is detected, especially during sensitive operations like logging in, accessing data, or making payments.
This hard stop ensures no information is unintentionally leaked or submitted under pressure.
A unique and clever security approach - the app can be set to return fake or redacted information during a call session. For example, instead of showing real account balances, personal details, or confirmation codes, the app may display placeholder or zero values until the call ends.
This approach protects users from being manipulated in real time while maintaining session continuity.
This detection is not one-size-fits-all. You can configure responses at two levels:
Important to mention, Ongoing Call Detection is not classified as a “mobile app attack” and is treated separately in reporting and monitoring. This ensures accurate analytics and better separation between environmental context and actual device compromise.
Here are some realistic scenarios where this feature can prove to be useful:
A user receives a call claiming to be from their bank’s fraud department while logging in to the mobile banking app. The scammer would typically claim something like “We've just detected suspicious activity, please confirm your credentials.” Ongoing call detection would stop the user from logging in to the banking app and unknowingly share sensitive information with the scammer.
During a call from someone pretending to be a merchant or family member, a user opens a peer-to-peer payment app to send money. The scammer guides them through steps to send funds under false pretenses. In case the ongoing call detection is implemented, such scams would simply fail.
Scammers sometimes convince users to read out one-time passcodes (OTPs) from their authenticator apps.
If Ongoing Call Detection is active when the user attempts to generate an OTP, the app could:
A remote employee on a call with someone impersonating IT support opens a corporate app. The app detects the call and triggers a warning about potential phishing or data leaks, encouraging the employee to confirm the support agent’s identity.
Ongoing Call Detection adds context awareness to mobile security - a crucial step in staying ahead of fraudsters who rely not on technical exploits, but human vulnerability.
Security isn't just about encryption and authentication anymore. It's about understanding the context in which users interact with your app. By recognizing the risks introduced by phone calls during sensitive moments, we can protect users at their most vulnerable.
Let us know how you’re planning to integrate Ongoing Call Detection in your app, and stay tuned for more proactive security tools in the pipeline.
App Protector SDK is a mobile security component built into the application's code enabling runtime protection as well as a variety of mobile application hardening techniques, including jailbreak detection.
