SIM detection, verified calls, and secure capture on the device.

1) SIM Change Detection (Android)

Subtitle: Detect SIM swaps in real time to protect session integrity and prevent account takeover.

Overview
A lightweight background service monitors the device’s SIM state and reports changes to your STS backend. Typical statuses: NO_CHANGE, SIM_CHANGED, UNKNOWN.

How it works

The SDK periodically checks SIM state (with backoff to respect OS limits).
On change, it sends a minimal, signed payload (status + device/app metadata) to your backend.
Your risk engine applies rules (e.g., step-up auth, session revoke, temporary hold).

SDK & Permissions

Android telephony state permissions per OEM/OS version.
Event callbacks & webhook destinations configurable in STS Admin.

Security & Privacy

No sensitive content—only status and non-PII metadata.
Pseudonymize device identifiers; follow data-minimization policies.

Compatibility & Limitations

Android only; background restrictions apply on Android 10+.
Dual-SIM devices may require extra logic.
Not available on iOS.

Key Metrics (KPIs)

SIM change rate per 1,000 MAU.
Detection-to-action time (ms).
False-positive rate on Dual-SIM.

Integration Steps

Enable SIM Change Detection in STS Admin.
Add the STS SDK module + required permissions.
Implement the webhook endpoint to receive events.
Configure risk rules (e.g., block high-risk transactions within 24–72h after a SIM change).
Test on single-SIM and dual-SIM devices.

2) Secure Call Verification

Subtitle: Verify bank-initiated calls to stop social-engineering and number spoofing.

Overview
Before the user answers, the SDK checks whether an incoming call was initiated by your bank and is safe. It returns: CALL_APPROVED, UNAPPROVED_RECENT_CALL, NO_RECENT_CALL, UNKNOWN.

Reference Architecture
Bank Call Center → STS Secure Call Backend → Mobile App SDK

API: POST /api/v1/ReportCall with phone_number, uid, and context.
SDK method: CheckCallStatus() returning one of the statuses above.

UI Guidance

Approved: Green banner/badge + concise explanation.
Unapproved/Recently flagged: Yellow warning with “Verify identity.”
Unknown: Neutral gray with safety tips.

Security & Privacy

Transmit only minimal metadata needed for verification.
Log decisions for audit; avoid storing raw audio.

Use Cases

Confirming outbound bank calls before sharing sensitive info.
Closing the loop on suspected spoofing.

Key Metrics (KPIs)

% auto-approved vs. challenged calls.
Reduction in social-engineering incidents.
Decision latency (ms).

Integration Steps

Register call numbers & policies in STS Admin.
Integrate the SDK and show inline banners based on status.
Send ReportCall events to backend analytics.
Configure push alerts for “approved call in progress.”
Add in-app education (tooltips) about verified calls.

3) Secure Capture (Front Camera, Real-Time, No Storage)

Subtitle: On-device camera analysis with zero image storage and privacy-first design.

Overview
Secure Capture analyzes frames from the front-facing camera on-device and never stores or uploads images. Only analysis metadata is sent to your backend.

SDK Methods

startCapture() — start local analysis.
stopCapture() — stop analysis and clear buffers immediately.

UX & Permissions

Display a clear purpose statement before capture.
Request camera permission just-in-time.

Security & Privacy

No image transmission—only metadata.
Immediate buffer deletion after analysis.

Use Cases

Passive liveness signals for step-up auth.
Session anomaly detection (multiple faces, occlusions, spoof cues).

Key Metrics (KPIs)

On-device inference latency (ms).
Metadata event throughput (events/min).
False-positive rate on real users.

Integration Steps

Enable Secure Capture in STS Admin.
Add the SDK module and declare camera permission.
Implement handlers to receive analysis metadata.
Tune thresholds/heuristics by client profile.
Provide a concise “Privacy Note” explaining on-device processing.