Location Identity for Mobile Apps

SDK and API Developer Resources

How Incognia Works

You will need both a mobile app and a backend server to integrate and start using the Incognia SDK and APIs.

As an example here is a login authentication workflow illustrating how to integrate Incognia.

  • 01

    Add the Incognia SDK to your app and initialize. Incognia.init()

  • 02

    Update your app's login request to pass the Incognia installation_id as a header or a property of the request. requestBuilder.header("Incognia-Installation-ID", Incognia.getInstallationId())

  • 03

    Read the Incognia installation_id on your backend and call the Incognia API. A risk assessment, along with other evidence, will be returned for the login attempt. This assessment uses both location and device data collected by the SDK. Use the API response risk_assessment to make a decision on the login.

  • 04

    If Incognia returns a low_risk , the login attempt is safe and it can proceed without friction.

  • 05

    If Incognia returns a high_risk , the login attempt might not be safe and additional authentication factors should be prompted.

Want to learn more about our risk evidence list?

Our risk-based evidence list considers key information about device integrity, device reputation, location behavior and location sensors to support decision making for each solution - Onboarding, Authentication, and Payments.

Login details

Incognia Login Details Example

Key features

  • Privacy and security

    GDPR, CCPA, LGPD and SOC 2 compliant

  • Lightweight SDK

    Small and efficient SDK with low battery consumption

  • 99.76% uptime

    The Incognia APIs have high availability

The Incognia anti-fraud mobile SDK was chosen as the Best Innovation in Fintech at Developers Week -  2021


2021 DEVIES Award Winner

Access the Incognia documentation, designed by and for developers, to understand how to implement the Incognia SDK and API.

Choose the documentation for your app operating system and use-case.


Do you have questions about the use of Incognia? Check out the frequently asked questions and answers.

  • How big is the SDK?

    The Android SDK has a size of 415KB, while the iOS SDK increases the size of your app by 1.5MB.

  • How much battery is used by the SDK?

    On average, the Incognia SDK consumes just 0.5% of a device's battery per day. Our Android SDK has a default configuration that maximizes detecting location without impacting the battery. As we collect location in the background, we avoid waking the application whenever possible and reduce network and GPS requests.

  • What is the API response time?

    The response time is the sum of the Incognia API internal process time, which takes 66ms, plus the traffic latency. On average, requests may take 100ms to 300ms to be completed depending on the traffic latency.

  • Where do I find the Incognia privacy policy?

    You can access the Incognia privacy policy using this link.

  • How does Incognia protect user privacy?

    Incognia is committed to respecting and putting user privacy first. At Incognia, we view ensuring the privacy of location data as paramount. We follow privacy by design and take a privacy-first approach to location. You can read more about our commitment to privacy here. 

  • What information is collected from the device?

    You can check the information about data collection here: https://www.incognia.com/policies/incognia-policy

  • How does Incognia handle location data?

    We consider location data as extremely sensitive, and treat it accordingly, applying extended anonymization techniques to obscure and protect all location data. 100% of our features use zero-knowledge proofing. We continue to invest in research on homomorphic encryption, multi-part computing (MPC) and differentially private data structures.
  • How is location permission used by Incognia?

    Incognia uses motion sensors, network signals and device intelligence to create a location fingerprint for each user, based on their unique location behavior, that delivers a strong trust signal for mobile apps.

    Location permission is necessary in order for Incognia to provide value to the user. With location permission, the Incognia SDK can start detecting location points. Users that don't accept the location permission will not generate location data, and thus, will not be able to benefit from Incognia fraud detection.

  • How should I ask for location permission in my app?

    Android applications:
    The Android system has two different types of location permission: foreground <ACCESS_FINE_LOCATION> and background <ACCESS_BACKGROUND_LOCATION> location permission.  Using background location allows Incognia to deliver better results for your application.

    Applications that need background access have to ask for both <ACCESS_FINE_LOCATION> and <ACCESS_BACKGROUND_LOCATION> permissions. Applications using only foreground access will ask only for the <ACCESS_FINE_LOCATION> permission. The Incognia SDK checks the status of these permissions and changes behavior accordingly.

    If the ACCESS_FINE_LOCATION permission is not granted, the Incognia SDK will be blocked from acquiring any location data. If the ACCESS_BACKGROUND_LOCATION permission is not granted, the Incognia SDK will only collect location data when the application is in the foreground. If your application is targeting Android 11, you must ask for ACCESS_FINE_LOCATION and ACCESS_BACKGROUND_LOCATION separately, as well as following the new background location access guidelines (more information can be found in the Android 11 documentation).

    iOS applications:

    For Apple users, the Incognia SDK makes use of Apple's Visits Location Service. You should request users to select the Always authorization. Not being able to acquire this authorization may greatly reduce the frequency of location-based features. More about the Visits Location Service can be found here. The Incognia SDK checks the status of these permissions and changes its behavior accordingly.

    Keep in mind that, to maximize the power of the Incognia technology, as many users as possible must grant location permissions. The description of why location is used must be clear and present direct value to the user. If the permission request is hidden or linked to a feature that does not give real value, the acceptance percentage will be small and fewer users will be able to benefit from Incognia services.

  • What happens if a user doesn't agree to share their location?

    The Incognia SDK depends on the device's location services to gather location data, which is used to create the location fingerprints.

    Users that don't accept the location permissions or disable the location services on their device won't generate location points, and thus will not be able to fully benefit from the Incognia features.

    These users, however, will still generate device integrity data.

Featured posts

  • Challenges of running gRPC services in production (part 2)

    Read more
  • Handling (messy) address data

    Read more
  • How we implemented the Incognia API Gateway

    Read more

Start using private location awareness in your app.