Version 5.0.5 (June 2023)
  • 28 Oct 2024
  • 3 Minutes à lire
  • Sombre
    Lumière

Version 5.0.5 (June 2023)

  • Sombre
    Lumière

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

Supported platform versions

  • App Shielding version 5.0.5 was successfully tested with Android 13.

  • Android 4.4 (API level 19) – Android 13 (API level 33).

  • Shielding Tool:

    • Windows 10: 64-bit Java 11 or 17

    • Mac OSX (10.9+)

    • Ubuntu Linux 20.04 LTS or 22.04 LTS

  • ShieldGradlePlugin version 2.0 and later are supported. ShieldGradlePlugin version 2 supports Android App Bundles and newer Android build versions.

Deprecations

Google has announced that the next Android Native Development Kit (NDK) (r26) will no longer support KitKat (API levels 19 and 20). The minimum version supported by the NDK for r26 will be Lollipop (API level 21).

App Shielding will switch to NDK r26 after its release as LTS version which is expected for Q3 2023.

Android platform updates

The Android minimum supported version is 4.4 (API level 19).

As of July 1, 2022, App Shielding for Android version 4.2.0.39971 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal.

New features and other updates

Changed naming scheme for bound package

We have changed the naming schema of the bound package contained within a .zip file. The file name prefix has changed from “wrapped” to “shielded”.

  • Old naming schema:

    • wrapped-original package file name.original package file extension

  • New naming schema:

    • shielded-original package file name.original package file extension

Changed obfuscation options

You can now customize the settings for obfuscation by defining rules in the Rules.cfg file. With this, you determine how App Shielding will modify the Android application, especially in the context of shielding and obfuscation.

This feature is only available if Default Obfuscate is disabled.

For examples and more information, refer to the sections on how to configure rules in the Shielding Tool and app obfuscation in theMobile Application Shielding Integration Guide.

Also, the toggle switch for the Default Obfuscate option in the OneSpan Customer Portal has been moved to the left column of the Settings section next to the Rules.cfg option. This serves to facilitate entering keywords for defining obfuscation rules.

Block emulated input

You can now prevent emulated from being injected into the screen.

Non-physical inputs (motion events) are known as emulated input. Emulated input might originate from the Android Debug Bridge (ADB), autoclick applications, screen-mirroring applications, screen reader applications, etc.

When enabled, App Shielding performs a security check to determine if the input is emulated or physical, and blocks input originating from all sources except physical input. The type of input can be touch and/or swipe events.

You can also define an emulated input threshold. App Shielding assigns a score value for each input to determine if the input might be emulated. Input scores above this threshold will be considered as emulated inputs.

When you enable Block emulated input, the portal  displays the Emulated input threshold field where you can enter a number. The recommended value for this threshold is between 25 and 30. By default, this value is set to 30.

The following dependencies must be enabled to use the Block emulated input feature: Check rooting, Check trusted screenreaders, Check adb status.

For more information, refer to the sections with security features on Android on block emulated input and on configuration options for Android in the Mobile Application Shielding Integration Guide.

Fixes and other changes

RASP-3389: Shielding Tool loads application signer certificate

Description: The Shielding Tool can now load the application signer certificate from the apk if the app is signed with APK Signature Scheme 2 or 3 and no longer has the v1 Scheme Signature. The v1 Scheme Signature is no longer added for a default Android Studio project with minSdkVersion > 24. The APK signature is used in the App Shielding repackaging check when the application is configured with applicationSignerCertificateauto (this is the default) or original.

Example:

---
<?xml version="1.0" encoding="UTF-8"?>
<shield>
  <config>
    <applicationSignerCertificate v="auto" />
    <applicationSignerCertificate v="original" />
    ...
  </config>
</shield>
---

For more information, refer to https://source.android.com/docs/security/features/apksigning.

SHAND-3416: Fix unexpected termination on Android 4.4

Description: App Shielding sometimes terminated unexpectedly on Android 4.4 because an internal App Shielding Java class was not available from the first classes.dex file.

Status: This issue has been fixed. This fix is only recommended if your application supports Android 4.4.

SHAND-3476: Fix unexpected termination on application start on Android versions 7 and earlier

Description: Some applications are optimized by R8 in Application.attachBaseContext() which causes a shielded application to terminate unexpectedly upon starting the application. This unexpected termination happens only on Android versions 7 and earlier.

Status: This issue has been fixed. Now the Shielding Tool can handle R8-optimized Application.attachBaseContext() correctly.

Known limitations

The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.

Android App Bundles

The OneSpan Customer Portal support for Android App Bundles does not yet include instant-enabled app bundles.

Detection of root hiding tool on new Android versions

Due to the nature of root hiding tools and the increasing restrictions Android imposes on applications as of Android 9, OneSpan Mobile Application Shielding may not be able to reliably detect a rooted device that uses root hiding tools.


Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle