Device risk intelligence,
silent at the point of decision.
One Android SDK. Nine fraud signals. Runs at KYC and loan disbursal — no user friction, no data stored on device. DPDP compliant.
Loan apps and KYC flows are blind to device-level fraud.
Malware, rooted devices, emulators, and remote control apps compromise the integrity of every decision made on top of them. Most fintechs only detect this after disbursement — if at all.
Malware on device
Loan app malware intercepts OTPs, captures credentials, and manipulates on-screen content at the moment of signing.
Emulator farms
Fraud rings run hundreds of synthetic applications through emulators. No device check means no detection.
Remote control abuse
AnyDesk, TeamViewer, and similar apps allow third parties to operate a victim's device during an active session.
Root & hook exploits
Rooted devices and Frida/Xposed hooks bypass app security controls entirely — including your fraud rules.
Three lines of code. One API call. Instant risk score.
The SDK runs a silent device scan at your chosen checkpoint — KYC, login, or loan disbursal — and returns a structured risk assessment — pilot target under 200ms.
Add the SDK
Drop the .aar into your Android project. No Play Services dependency. Minimum SDK 21.
Trigger at checkpoint
Call ZarelvaRisk.assess(context) at KYC start or before disbursal confirmation. Silent. No UI.
Act on the score
Receive a risk band (LOW / MEDIUM / HIGH) and triggered signal IDs. Block, step up, or flag for review — your logic, your call.
val result = ZarelvaRisk.assess(context, ZarelvaConfig(
apiKey = "key_pilot_zarelva_001",
clientId = "nbfc_xyz",
sessionId = UUID.randomUUID().toString()
))
when (result.riskBand) {
RiskBand.HIGH → blockApplication()
RiskBand.MEDIUM → triggerStepUp()
RiskBand.LOW → proceedNormally()
}
9 deterministic signals. No ML black box.
Every signal maps to a specific fraud vector. Weights are documented and auditable. You see exactly why a device scored HIGH.
Clear thresholds. Actionable outputs.
Score is capped at 100. Every assessment returns a band, a score, and the specific signal IDs that triggered — so your team knows exactly what fired.
Built for Indian regulatory requirements.
Zero PII collected. No data stored on device. API responses are ephemeral. Designed for DPDP Act 2023 compliance from day one.
DPDP Act 2023
No personal data collected or transmitted. Assessment is signal-only.
Zero PII
Device signals are behavioural and technical — no name, phone, Aadhaar, or biometric data.
Audit Trail
Every assessment returns a unique assessment_id. Full signal log available for compliance review.
API Key Auth
Per-client API keys. Rotate or revoke at any time. No shared credentials across tenants.
Integrate in a day.
Validate in two weeks.
Pilot access includes the compiled Android SDK, integration guide, DPDP compliance kit, and a pilot agreement. Scored against your real KYC traffic — not synthetic test data.
Request Pilot Access →- Compiled .aar — drop-in Android integration
- Live API endpoint — no self-hosting required
- SDK Integration Guide (DOCX)
- DPDP Compliance Kit (documentation)
- Pilot Agreement (NDA included)
- Outcome Feedback Template for post-pilot review
- Direct access to Zarelva for integration support
- Risk Scoring Model — fully documented signal weights