Limitations

Exit URLs are primarily designed to provide useful feedback to the end user on why the application stopped working. They are not a reliable reporting mechanism for the app owner.

An exit URL is loaded in the device's main browser and could end up as a lingering browser tab/window until the user closes it. This can cause the browser to trigger additional page loads of the configured URL when the user activates the browser at a later point, flips through the various tabs/windows, or uses the back button to revisit the page. This behavior can lead to misleading statistics, if you track page views on your server.

Furthermore, App Shielding cannot guarantee that the URL is ever loaded, or that it is loaded only once. In the event that an attacker is probing the defenses of the app—for example, attempting to attach a debugger to the application—this would cause App Shielding to shut down the application and open the configured exitOnDebuggerURL. This is opened in the main browser. The attacker can easily prevent this, for example by putting the device in flight mode. This prevents your customer from depending on this data, and should have no presumptions that any such "hacking attempts" will always be reported to and seen on their server.