# Device Intelligence Check ## Run a device intelligence check This check can only be initiated through a Workflow Session and is not supported for direct API calls. [Learn more about Device Intelligence Checks](https://app.gitbook.com/s/KyFKMqftsmT6qln9zo5y/digital-fraud-intelligence/device-intelligence-check). {% hint style="info" %} Get in touch with your Account Manager or [contact us](https://www.complycube.com/sales) to enable this service. {% endhint %} ## Result object The `result` object is only returned when the status of the check is `complete` . It has two components - `outcome` and `breakdown`. ### Outcome The outcome attribute represents the overall check result. Returned values include: 1. `clear`: Indicates every analysis type conducted returned a successful result. 2. `attention`: Indicates at least one of the analysis results requires attention. ### Breakdown The breakdown comprises the following objects: `physicalDeviceAnalysis` **object** The physical device analysis results. It has the following constituents: * `deviceEmulator`: Indicates if the device is an emulator (:android: Android only). * `rootedApp`: Indicates the app has been rooted (:android: Android only). * `browserTampering`: Indicates the browser has been tampered with. * `jailbrokenDevice`: Indicates the device has been jailbroken (:apple: iOS only). * `clonedApp`: Indicates the presence of app cloning, such as a fully duplicated application or one launched within a non-primary profile (:android: Android only). * `virtualMachine`: Indicates if a browser running inside a virtual machine (e.g. VMWare) was used. * `locationSpoofing`: Indicates if a mobile device has location spoofing enabled. * `fridaDetection`: Indicates if Frida was being used. * `previouslyEnrolledDevice`: Indicates if the device has been used by other clients before during onboarding. `networkAnalysis` **object** The network analysis results. It has the following constituents: * `vpnDetection`: Indicates whether a virtual private network (VPN) was used. * `relayDetection`: Indicates whether the originating IP address belongs to a known relay service provider. `botDetectionAnalysis` **object** The bot detection analysis results. It has the following constituents: * `botDetection`: Indicates whether a bot was used. `timelineAnalysis` **object** The timeline analysis results. It has the following constituents: * `deviceTimelineAnalysis`: Indicates whether the client’s use of devices across multiple sessions is suspicious. * `networkTimelineAnalysis`: Indicates whether the client’s use of networks across multiple sessions is suspicious. `deviceData` **object** Data extracted about the devices. It has the following constituents: * `devices`: Array of the devices used. * `deviceId`: A unique identifier for the device. * `outcome`: Whether the device is suspicious, either `attention`, `not_processed` or `clear` . * `operatingSystem`: The operating system of the device. * `appName`: The name of the app being used. * `majorVersion`: The major version of the app. * `fullVersion`: The full version of the app. * `device`: The type of device e.g. `iOS-Device`. * `userAgent`: The user agent. * `incognito`: A boolean with `true` if the browser was in incognito or private mode. * `sessionsWhenDetected`: A list of sessions when the device was detected. * `sessionId` : ID of the workflow session. * `timestamp`: When the device was logged in this session. `deviceTimelineData` **object** Data extracted about the devices over multiple verification sessions. It has the following constituents: * `incidents`: A list of the suspicious incidents. * `sessionId`: ID of the session where it was suspicious. * `reason`: A [reason code](#device-incident-reason-codes) relating to the reason this incident was suspicious. `networkData` **object** Data extracted about the networks. It has the following constituents: * `networks`: Array of the networks used. * `ipAddress`: The IP address of the network. * `sessionsWhenDetected`: A list of sessions when the device was detected. * `sessionId` : ID of the session. * `timestamp`: When the device was logged in this session. * `networkSignals`: Data on network characteristics. * `timezoneMismatch`: Indicates if the browser timezone doesn't match the timezone inferred by the IP address. * `publicVPN`: Indicates whether the IP address is owned and used by a public VPN service provider. * `auxiliaryMobile`: Indicates if a VPN was detected through additional, mobile-specific network checks. * `deviceSignature`: Indicates whether the operating system detected from browser is different to the operating system inferred from the network. * `relayDetection`: Indicates if the request IP address belongs to a relay service provider such as [Apple Private relay](https://support.apple.com/en-us/102602) or [Cloudflare Warp](https://developers.cloudflare.com/warp-client/). * `geoLocationDetails`: Data about the location of the IP address of the associated network. * `accuracyRadius`: The IP address is likely to be within this radius (in km) of the specified location. * `address` : This will be the structured address, which includes the following: * `line`: The address line. * `city`: The address city. * `state`: The address state. * `postalCode`: The address postal code. * `latLong`: The address latitude and longitude. * `country`: The address country. This will be the [two-letter country ISO code](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).. * `asn`: Data about the autonomous system managing the network. * `asn`: The autonomous system number (ASN) associated with the IP address. * `name`: The name of the organization that owns the ASN. * `network`: The network range associated with the ASN. * `datacenter`: Indicates if the IP address belongs to a known data centre or cloud hosting provider. * `result`: Boolean indicating whether the IP address is associated with a data centre. * `name`: The name of the data centre or hosting provider if available. `networkTimelineData` **object** Data extracted about the networks over multiple verification sessions. It has the following constituents: * `incidents`: A list of the suspicious incidents. * `sessionId`: ID of the session where it was suspicious. * `reason`: A [reason code](#network-incident-reason-codes) relating to the reason this incident was suspicious. #### **Device incident reason codes**
CodeDescription
new_operating_system_detectedA device with an operating system that has not been used before was recorded in this session. Does not flag on the first device used.
many_devices_used_in_sessionMore than one device was used during this session. The only exception is in cross-device scenarios, such as when a session begins on a laptop and is later continued on a phone, which is a common scenario.
#### **Network incident reason codes** | Code | Description | | ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | | `large_network_location_variation` | The location of networks detected within a session varied by more than 100km (or what was configured in the workflow) | | `networks_in_different_countries` | The location of the networks detected across all sessions varied in terms of country. | | `new_country_detected` | A network with location from an unseen country was detected in this session. Does not flag for the first seen country. | | `multiple_new_countries_detected` | Multiple networks with locations from unseen countries were detected in this session. | | `many_networks_used_in_session` | Six or more networks were used in a single session. | ## Sample Response ```javascript { "id": "6231d54079f59b1530fc76e3", "entityName": "John Doe", "type": "device_intelligence_check", "clientId": "6230d4ab58ed4a434afbf2cc", "status": "complete", "result": { "outcome": "clear", "breakdown": { "physicalDeviceAnalysis": { "deviceEmulator": "clear", "rootedApp": "clear", "browserTampering": "clear", "jailbrokenDevice": "clear", "clonedApp": "clear", "virtualMachine": "clear", "locationSpoofing": "clear", "fridaDetection": "clear", "previouslyEnrolledDevice": "clear" }, "networkAnalysis": { "vpnDetection": "clear", "relayDetection": "clear" }, "botDetectionAnalysis": { "botDetection": "clear" }, "timelineAnalysis": { "deviceTimelineAnalysis": "clear", "networkTimelineAnalysis": "clear" }, "deviceData": { "devices": [ { "deviceId": "......", "outcome": "clear", "operatingSystem": "iOS", "appName": "CcSampleApp", "majorVersion": "67", "fullVersion": "67", "device": "iOS-Device", "userAgent": "CcSampleApp/67 CFNetwork/1568.200.51 Darwin/24.1.0" "incognito": false, "sessionsWhenDetected": [ { "sessionId": "l23j4ll2342", "timestamp": 7399001291 } ] }, { "deviceId": "......", "outcome": "attention", "operatingSystem": "iOS", "appName": "CcSampleApp", "majorVersion": "67", "fullVersion": "67", "device": "iOS-Device", "userAgent": "CcSampleApp/67 CFNetwork/1568.200.51 Darwin/24.1.0" "incognito": false, "sessionsWhenDetected": [ { "sessionId": "l23j4ll2342", "timestamp": 7399001291 } ], "clientsPreviouslyEnrolledWith": [ "jom3on9823c231230ss" ] } ] }, "deviceTimelineData": { "incidents": [ { "sessionId": "al3k4l2l3m4", "reason": "many_devices_used_in_session" }, { "sessionId": "l23j4ll2342", "reason": "new_operating_system_detected" } ] }, "networkData": { "networks": [ { "ipAddress": "82.2.156.115", "sessionsWhenDetected": [ { "sessionId": "l23j4ll2342", "timestamp": 7399001291 } ], "networkSignals": { "timezoneMismatch": "clear", "publicVPN": "clear", "auxiliaryMobile": "clear", "deviceSignature": "clear", "relayDetection": "clear" }, "geoLocationDetails": { "accuracyRadius": 10, "address": { "country": "GB", "city": "Tower Hamlets", "postalCode": "E14", "latLong": "51.5064,-0.02", }, "timezone": "Europe/London" }, "asn": { "asn": "4087", "name": "Virgin Media", "network": "83.2.0.0/16" }, "datacenter": { "result": false, "name": "" } } ] }, "networkTimelineData": { "incidents": [ { "sessionId": "al3k4l2l3m4", "reason": "multiple_new_countries_detected" }, { "sessionId": "al3k4l2l3m4", "reason": "many_networks_used_in_session" }, { "sessionId": "l23j4ll2342", "reason": "large_network_location_variation" } ] } } }, "updatedAt": "2025-01-01T12:17:06.046Z", "createdAt": "2025-01-01T12:17:04.809Z" } ```