The Timeline provides a location for viewing, or searching through all recent events that have occurred on your device.
There are some limitations applied to the data stored on your device in order to achieve good performance, these are as follows:
- 250 events can be viewable at a single time on the timeline – prior to v 5.13
- Events are only stored for a 72 hour period before they’re purged from your in app database
The timeline displays a short prediction of what occured in an event, including:
- The deduced risk of the event
- The deduced application which triggered the event
- The event type
- The time and date of an events occurrence
Below we can see a screenshot of an event where the microphone was used, which has been categorised as high risk. The app which we’ve deduced as the most likely app involved is an obfuscated Metasploit payload named “Whatsupp“.
There is a selection of filters on the timeline view, providing you with two main filtering options:
- Filter by risk
- Filter by app name
Whilst Filter by risk is selected, you’ll be provided with a secondary drop down option.
This allows selection of the risk level you’d like to filter by. For example if you’d only like to see high risk events, you could select to do so here.
Filter by app name changes the second filtering option to a search box. Within this search box type the name of the app which you’d like to filter your timeline by to hide other events. This search box is based on the app package name, not it’s display name. For example traced would be represented by app.traced.