Configuration

App Shielding configuration options are configured in an XML file, which is parsed by the Shielding Tool and automatically integrated into the app.

There are two configuration templates included in the package named config-release-template.xml and config-debug-template.xml. These can be used as a starting point for customizing the App Shielding configuration.

The debug configuration template is not a recommended configuration to be used when publishing an app, use the release configuration instead.

The release configuration template looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<shield>
    <config>
        <!--
        This file is an example configuration file for Shield.
        It could be used for a public release of an app protected by Shield.
        Options not listed here should only be changed
        if you know what you are doing. Options that are commented out
        can be used to modify Shield's behaviour in ways
        not directly affecting security.
        -->
        <!-- All options are documented in OneSpan App Shielding for iOS Reference Documentation.pdf -->
        
        <!-- Repackaging Detection -->
        <applicationSignerCertificate v="auto"/>
        
        <!-- Jailbreak Detection -->
        <exitOnJailbreak v="false"/> <!-- Recommended: true-->
        <!-- <exitOnJailbreakURL v=""/> -->
        
        <!-- Disabled SIP Detection -->
        <!-- System Integrity Protection could be disabled during Apple's AppStore review -->
        <exitOnSipDisabled v="false"/>
        <!-- <exitOnSipDisabledURL v=""/> -->
        
        <!-- Emulator Detection -->
        <exitOnEmulator v="true"/>
        <!-- <exitOnEmulatorURL v=""/> -->
        
        <!-- Library Injection Detection -->
        <!-- <exitOnLibraryInjectionURL v=""/> -->
        
        <!-- Hooking Framework Detection -->
        <!-- <exitOnHookingFrameworksURL v=""/> -->
        
        <!-- Block Screenshots -->
        <blockScreenshots v="true"/>
        
        <!-- Block External Screens -->
        <blockExternalScreens v="true"/>
        
        <!-- User Screenshot (Obsolete) -->
        <!-- <exitOnUserScreenshot v="false"/> -->
        <!-- <exitOnUserScreenshotURL v=""/> -->
        
        <!-- System Screenshot (Obsolete) -->
        <!-- <preventSystemScreenshot v="true"/> -->
        <!-- <preventSystemScreenshotOnlyInBackground v="false"/> -->
        <!-- <preventSystemScreenshotBGColor v="ffffff"/> -->
        <!-- <preventSystemScreenshotImagePath v=""/> -->
        <!-- <preventSystemScreenshotBlurStrength v="0"/> -->
        
        <!-- Screen Recording (Obsolete) -->
        <!-- <exitOnScreenRecording v="false"/> -->
        <!-- <exitOnScreenRecordingURL v=""/> -->
        
        <!-- Developer Mode -->
        <checkDeveloperMode v="true"/>
        <exitOnDeveloperMode v="false"/>
        <!-- <exitOnDeveloperModeURL v=""/> -->
        
        <allowiOSAppOnMacOSX v="false"/>
        <!-- <exitOnDeniediOSAppOnMacOSXURL v=""/> -->
    </config>
</shield>

Any configuration option which is not specified in the appointed configuration file will automatically be set to the default option. Thus, a minimal configuration file using all default options could look as simple as this one:

<?xml version="1.0" encoding="UTF-8"?>
<shield>
    <config>
        <applicationSignerCertificate v="auto"/>
    </config>
</shield>

All configuration options must be placed between <shield> <config> and </config> </shield>. Any options outside these boundaries are ignored.

Some default/release settings purposefully crash an app if it is debugged in Xcode. If these settings hinder your development process, then you can use the --debug option with the Shielding Tool to inject a debug version of App Shielding where these protection settings can be manually overridden (i.e., by setting blockDebugger and exitOnDebugger to 0).