- 11 Nov 2024
- 4 Minutes to read
- DarkLight
Exit URL Launching
- Updated on 11 Nov 2024
- 4 Minutes to read
- DarkLight
Android
If App Shielding shuts down the application due to a configured policy, a web browser can be launched with a preconfigured URL to explain the problem to the user. If no URL is configured, the web browser is not invoked.
This exit URL can use variable placeholders that are substituted by App Shielding to provide information inside the URL itself.
Some features of exit URL launching have been deprecated and removed:
Exit URL on emulator detection
Exit URL on repackaging detection
The following variable substitutions are available:
Android variable substitutions of the URL | ||
Placeholder | Callback | Substitution |
---|---|---|
%REASON% | All | The reason of the shutdown as a decimal code. (See also App Shielding Error Reporting.) |
%MANUFACTURER% | All | The device manufacturer. |
%MODEL% | All | The device model name. |
%ANDROID% | All | The Android API level of the device. |
%VERSION% | All | The App Shielding version. |
%ROOT% | exitOnRooting | A 4-byte hex value that gives more information about the rooting detected by App Shielding. The first two bytes are the boolean rooting detection value and the heuristics detection value. These values are somewhat obfuscated to make it harder for attackers to use them when trying to circumvent App Shielding. To recover the boolean detection value, subtract 0x3F from the first byte (note that you have to work on 8-bit unsigned integers). To recover the heuristics value, xor the second byte with the first byte and then subtract 0xEA (again, using 8-bit unsigned integers). The last two bytes provide more information about how the rooting was detected. Please supply this value to OneSpan to help diagnosing a problem. |
%KEYBOARD% | exitOnUntrustedKeyboard | The package name of the untrusted keyboard. |
%KEYBOARDNAME% | exitOnUntrustedKeyboard | The name of the untrusted keyboard. |
%KEYBOARDVERSION% | exitOnUntrustedKeyboard | The version of the untrusted keyboard. |
%KEYBOARDSIGNER% | exitOnUntrustedKeyboard | The subject of the signing certificate used to sign the untrusted keyboard. |
%SCREENREADER% | exitOnUntrustedScreenreaders | The package name of the untrusted screen reader. |
%SCREENREADERNAME% | exitOnUntrustedScreenreaders | The name of the untrusted screen reader. |
%SCREENREADERVERSION% | exitOnUntrustedScreenreaders | The version of the untrusted screen reader. |
%SCREENREADERSIGNER% | exitOnUntrustedScreenreaders | The subject of the signing certificate used to sign the untrusted screen reader. |
%VIRTUALSPACEAPP% | exitOnAppInVirtualSpaceURL | The package name of the untrusted virtual space app. |
%VIRTUALSPACEAPPNAME% | exitOnAppInVirtualSpaceURL | The name of the untrusted virtual space app. |
%VIRTUALSPACEAPPVERSION% | exitOnAppInVirtualSpaceURL | The version of the untrusted virtual space app. |
%HOOKINGFRAMEWORKS% | exitOnHookingFrameworks | A 1-byte hex value that provides information about how the hooking framework was detected. Please supply this value to OneSpan to help diagnosing a problem. |
Limitations
Exit URLs are primarily designed to provide useful feedback to the end user on why the application stopped working. They are not a reliable reporting mechanism for the app owner.
An exit URL is loaded in the device's main browser and could end up as a lingering browser tab/window until the user closes it. This can cause the browser to trigger additional page loads of the configured URL when the user activates the browser at a later point, flips through the various tabs/windows, or uses the back button to revisit the page. This behavior can lead to misleading statistics, if you track page views on your server.
Furthermore, App Shielding cannot guarantee that the URL is ever loaded, or that it is loaded only once. In the event that an attacker is probing the defenses of the app—for example, attempting to attach a debugger to the application—this would cause App Shielding to shut down the application and open the configured exitOnDebuggerURL. This is opened in the main browser. The attacker can easily prevent this, for example by putting the device in flight mode. This prevents your customer from depending on this data, and should have no presumptions that any such "hacking attempts" will always be reported to and seen on their server.
iOS
If App Shielding shuts down the application due to a configured policy, a web browser can be launched with a preconfigured URL to explain the problem to the user. If no URL is configured, the web browser is not invoked.
This exit URL can use variable placeholders that are substituted by App Shielding to provide information inside the URL itself.
Some features of exit URL launching have been deprecated and removed:
Exit URL on emulator detection
Exit URL on repackaging detection
The following variable substitutions are provided.
iOS variable substitutions of the URL | ||
Placeholder | Callback | Substitution |
---|---|---|
%REASON% | All | The reason of the shutdown as a decimal code. (See also List of shutdown reasons.) |
%MANUFACTURER% | All | The device manufacturer. |
%MODEL% | All | The device model name. |
%OSVER% | All | The version of the device's operating system. |
%IOS% | All | The iOS version of the device. Use the %OSVER% placeholder instead, as this placeholder will be deprecated in the future. |
%VERSION% | All | The App Shielding version. |
%JAILBREAK% | exitOnJailbreak | A 1-byte hex value providing more detailed information about the jailbreak detected by App Shielding. Please supply this value to technical support to diagnose any problems with jailbreak detection. |
The following %REASON% shutdown codes are possible:
List of shutdown reasons | |
Code | Description |
---|---|
00 | Policy violation: Device is jailbroken. |
01 | Policy violation: Application is being debugged. |
03 | Policy violation: A screenshot of the application was taken. |
04 | Policy violation: An injected library was found in the process. |
05 | Policy violation: A hooking framework was found in the process. |
06 | Policy violation: A screen recording of the application was started. |
07 | Policy violation: iOS app running on macOS. |
08 | Policy violation: Running on emulator. |
09 | Policy violation: Running with Developer Mode enabled. |
An example configuration could look like the following:
|
Limitations
Exit URLs are primarily designed to provide useful feedback to the end user on why the application stopped working. They are not a reliable reporting mechanism for the app owner.
An exit URL is loaded in the device's main browser and could end up as a lingering browser tab/window until the user closes it. This can cause the browser to trigger additional page loads of the configured URL when the user activates the browser at a later point, flips through the various tabs/windows, or uses the back button to revisit the page. This behavior can lead to misleading statistics, if you track page views on your server.
Furthermore, App Shielding cannot guarantee that the URL is ever loaded. For example, the user’s device could be in flight mode and would not have a connection to load the URL in the browser. Thus, you should not rely on this feature as a way to collect data on security issues.