Add the Incognia SDK to your app and initialize.
Update your app's login request to pass the Incognia installation_id as a header or a property of the request.
Read the Incognia
installation_id on your backend and call the Incognia API. A risk assessment, along with other evidence, will be returned for the login attempt. This assessment uses both location and device data collected by the SDK. Use the API response
risk_assessment to make a decision on the login.
If Incognia returns a
low_risk , the login attempt is safe and it can proceed without friction.
If Incognia returns a
high_risk , the login attempt might not be safe and additional authentication factors should be prompted.
Our risk-based evidence list considers key information about device integrity, device reputation, location behavior and location sensors to support decision making for each solution - Onboarding, Authentication, and Payments.
GDPR, CCPA, LGPD and SOC 2 compliant
Small and efficient SDK with low battery consumption
The Incognia APIs have high availability
Access the Incognia documentation, designed by and for developers, to understand how to implement the Incognia SDK and API.
Choose the documentation for your app operating system and use-case.
Do you have questions about the use of Incognia? Check out the frequently asked questions and answers.
The Android SDK has a size of 415KB, while the iOS SDK increases the size of your app by 1.5MB.
On average, the Incognia SDK consumes just 0.5% of a device's battery per day. Our Android SDK has a default configuration that maximizes detecting location without impacting the battery. As we collect location in the background, we avoid waking the application whenever possible and reduce network and GPS requests.
The response time is the sum of the Incognia API internal process time, which takes 66ms, plus the traffic latency. On average, requests may take 100ms to 300ms to be completed depending on the traffic latency.
Incognia is committed to respecting and putting user privacy first. At Incognia, we view ensuring the privacy of location data as paramount. We follow privacy by design and take a privacy-first approach to location. You can read more about our commitment to privacy here.
You can check the information about data collection here: https://www.incognia.com/policies/incognia-policy
Incognia uses motion sensors, network signals and device intelligence to create a location fingerprint for each user, based on their unique location behavior, that delivers a strong trust signal for mobile apps.
Location permission is necessary in order for Incognia to provide value to the user. With location permission, the Incognia SDK can start detecting location points. Users that don't accept the location permission will not generate location data, and thus, will not be able to benefit from Incognia fraud detection.
The Android system has two different types of location permission: foreground
<ACCESS_FINE_LOCATION> and background
<ACCESS_BACKGROUND_LOCATION> location permission. Using background location allows Incognia to deliver better results for your application.
Applications that need background access have to ask for both
<ACCESS_BACKGROUND_LOCATION> permissions. Applications using only foreground access will ask only for the
<ACCESS_FINE_LOCATION> permission. The Incognia SDK checks the status of these permissions and changes behavior accordingly.
ACCESS_FINE_LOCATION permission is not granted, the Incognia SDK will be blocked from acquiring any location data. If the
ACCESS_BACKGROUND_LOCATION permission is not granted, the Incognia SDK will only collect location data when the application is in the foreground. If your application is targeting Android 11, you must ask for
ACCESS_BACKGROUND_LOCATION separately, as well as following the new background location access guidelines (more information can be found in the Android 11 documentation).
For Apple users, the Incognia SDK makes use of Apple's Visits Location Service. You should request users to select the Always authorization. Not being able to acquire this authorization may greatly reduce the frequency of location-based features. More about the Visits Location Service can be found here. The Incognia SDK checks the status of these permissions and changes its behavior accordingly.
Keep in mind that, to maximize the power of the Incognia technology, as many users as possible must grant location permissions. The description of why location is used must be clear and present direct value to the user. If the permission request is hidden or linked to a feature that does not give real value, the acceptance percentage will be small and fewer users will be able to benefit from Incognia services.
The Incognia SDK depends on the device's location services to gather location data, which is used to create the location fingerprints.
Users that don't accept the location permissions or disable the location services on their device won't generate location points, and thus will not be able to fully benefit from the Incognia features.
These users, however, will still generate device integrity data.