Android Native Setup


The Arkose Labs Fraud Detection and Prevention Platform (Arkose Labs Platform) needs client-side and server-side setup.

The user initiates processing by logging in to your system. A call is made to the Arkose Labs Server to establish credentials and check identity. An Enforcement Challenge (EC) is displayed if it is considered necessary by the Arkose Labs Platform. The user response to the EC is handled by the client-side. It is then passed to your server-side processing, which then calls the Arkose Labs Verify Endpoint. The response from the Arkose Labs Verify Endpoint is then passed to your server-side processing, which decides what action to take, based on the response.

This guide includes client-side set up information for native Android and links to server-side instructions.

The Arkose Labs Platform can be implemented into your Android app by triggering a WebView from the button used to submit the data server side in the flow you are protecting.


Fig 1. Flow of information for Arkose Labs Platform


Client-side Set Up

  1. To support WebView in Android, ensure the request INTERNET permission is in the manifest file. You should see a line in the manifest file that looks like the following code. If it is not there, you must add it.

    <uses-permission android:name="android.permission.INTERNET" />
  2. To load the WebView into your application the <webview> element needs to be included into the app's activity layout, as shown in the code below:

    <?xml version="1.0" encoding="utf-8"?>
    <WebView xmlns:android=""
  3. Define an index.html file in your Android assets folder.
    Add the code shown below, adjusted to fit your implementation. This file will be loaded into the WebView and will render the Enforcement Challenge (EC).
    On the callback event there are two functions that callback to Java to return the Arkose Labs session token and then close the WebView windows.

        <script src="" async defer></script>
        <script type="text/javascript">
            function loadChallenge() {
                new ArkoseEnforcement({
                    public_key: PUBLIC_KEY,
                    target_html: "CAPTCHA",
                    callback: function() {
         <div id="CAPTCHA"></div>
  4. In the mainActivity java file add the following changes to import the files needed to:

    1. Load the html file into the WebView

    2. Connect Java to JavaScript using a JavascriptInterface.

      import android.os.Bundle;
      import android.view.View;
      import android.webkit.WebView;
      import android.webkit.JavascriptInterface;
      import android.webkit.WebChromeClient;
      import android.util.Log;
      import android.widget.Button;
  5. Generate a button and the WebView.

    Button b1;
    private WebView wv1;
  6. Setup a JavascriptInterface class that can used within the WebView JavaScript. The class should contain the functions to load the html file into the WebView and to Connect Java to JavaScript.
    The examples shown below retrieve the Arkose Labs token and return it to the out log, and then hide the the WebView after events happen on the JavaScript side.

    final class arkoseJavaScriptInterface {
            public void returnToken(String fctoken) {
                Log.w("Arkose", fctoken );
            public void setInvisible(){
                runOnUiThread(new Runnable() {
                    public void run() {
  7. Add the button and the WebView into your OnCreate method or equivalent.

    protected void onCreate(Bundle savedInstanceState) {
        b1 = (Button) findViewById(;
        wv1 = (WebView) findViewById(;
        wv1.setWebChromeClient(new WebChromeClient());
        wv1.addJavascriptInterface(new arkoseJavaScriptInterface(), "android");
        b1.setOnClickListener(new View.OnClickListener() {
            public void onClick(View v) {
                String url = Uri.parse("file:///android_asset/index.html").toString();

The code example above sets up the button and an onClick event. When the button is clicked, the index.html file is loaded into the hidden WebView which is then made visible. The getSettings() function is used to allow images to be loaded automatically in the WebView and to allow JavaScript to run. Once the challenge loads and is solved, the JavaScript callback event occurs which passes the Arkose Labs token back to Java and closes the WebView window. The token is then passed server side to be validated using the Arkose Labs server-side verification API.


Server-Side Instructions

When you have successfully set up your client-side set up you must go on to the server-side instructions.

Was this article helpful?
0 out of 0 found this helpful