Login
    Contents x
    Version 6.5.3 (June 2024)
    • 28 Oct 2024
    • 6 Minutes to read
    • Dark
      Light
    Contents

    Version 6.5.3 (June 2024)

    • Updated on 28 Oct 2024
    • 6 Minutes to read
    • Dark
      Light
    Article summary

    Supported platform versions

    • App Shielding version 6.5.3 was successfully tested with Android 14.

    • Android 5.0 (API level 21) – Android 14 (API level 34).

    • Shielding Tool:

      • Windows 10: 64-bit Java 17

      • Mac OSX (10.9+)

      • Ubuntu Linux 20.04 LTS or 22.04 LTS

    • The App Shielding Gradle plugin version 2.0 and later is supported.

      The App Shielding Gradle plugin 2.0 supports Android App Bundles and newer Android build versions.

      The plugin and documentation can be downloaded from:

    Android platform updates

    The Android minimum supported version is 5.0 (API level 21). This version of App Shielding supports Android 14.

    As of March 1, 2024, App Shielding for Android version 4.3.11.78273 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/.

    Deprecations

    Platform minimum supported versions

    Android 4.4 (API levels 19 and 20) are no longer supported by App Shielding. The new minimum supported version is Android Lollipop 5.0 (API level 21).

    Android Native Development Kit (NDK)

    Google has announced that Android Native Development Kit (NDK) (r26) will no longer support KitKat (API levels 19 and 20). The minimum version supported by the NDK for r26 will be Lollipop (API level 21).

    App Shielding switches to NDK r26 after its release as LTS version.

    New features and other updates

    OneSpan Mobile Portal

    This section lists new features and updates that are available on the OneSpan Mobile Portal only.

    New App Shielding runtime configuration: Exit on Emulator URL

    If the configuration option exitOnEmulator is enabled, it is now possible to also set the exitOnEmulatorURL option. If a shielded app is launched on an Android emulator, App Shielding terminates the app and opens a browser with the configured URL to display a web page with an explanation. For additional information, see Exit URL Launching.

    The exitOnEmulator option is enabled by default and cannot be disabled for release builds.

    Fixes and other changes

    RASP-3638: Application froze because method was called from main thread

    Description: App Shielding caused the application to freeze because ShieldConfig.requestUpdate was called from the main thread instead from a background thread.

    Status: This issue has been fixed. The sample provided in the product package has been adapted accordingly.

    Trusted accessibility service blocked

    Description: If App Shielding is configured to block untrusted screen readers, which is the default setting, and a trusted accessibility service is enabled while the shielded application is running, the enabled accessibility service is blocked for the application even though it is trusted.

    Status: This issue has been fixed. With this fix, enabled and trusted accessibility services are longer blocked.

    Rare unexpected termination on startup

    Description: In some rare cases App Shielding terminated unexpectedly when trying to lock a mutex (ptread_mutex_lock) on accessing the no.promon.shield.Binding.getStr string binding.

    Researching this issue showed that this may have been caused by a shielded application that tries to load a string binding before App Shielding was completely loaded. Usually, the Shielding Tool ensures that App Shielding is loaded before executing any Java code that may want to use any string binding. However, the Shielding Tool is not able to trace all Java calls, for example if Java reflection is used.

    The only way to fix such a situation is to ensure that a class that is loaded too early does not use any bindings. Since the Shielding Tool cannot detect all these cases automatically, you can tell the Shielding Tool about such a case by adding the following Shielding Tool rule to the Shielding Tool rules.cfg file:

    ~~~cfg
unbind com.example.MyClassThatIsLoadedTooEarly;
~~~

    To help detecting such a case, App Shielding calls abort() when a class tries to get a string binding before App Shielding has been loaded on trying to gain a lock on the mutex, instead of crashing the application or causing an ANR. The debug version of App Shielding adds an adb logcat message when such a class requests a push binding. In that case you can see a logcat message like the following:

    ~~~log
We recommend to add 'unbind com.example.MyClassThatIsLoadedTooEarly;' to the rules.
~~~

    SHAND-4140: Removed obsolete GET_TASKS permission from ShieldSDK-activity-guard

    Description: To support Android versions before Lollipop (API 21, Android 5.0), ShieldSDK-activity-guard library declared android.permission.GET_TASKS in its manifest. This permission has been deprecated in Lollipop. Because App Shielding no longer supports any Android version before Lollipop and this permission caused a warning on Google Play, we have removed the permission from the ShieldSDK-activity-guard library and the sample provided in the product package.

    SHD-4243: Unexpected terminations not reported to Crashlytics

    Description: Certain unexpected terminations related to App Shielding features like KeyboardException and RootingException were not reported to Crashlytics due to a mismatch in the exception handler.

    Status: This issue has been fixed. These Java stack traces from unexpected terminations will now be properly logged in Crashlytics.

    SHAND-4245: Fix Shielding Tool limit for large applications

    Description: On encoding a shielded application, the Shielding Tool had a limit of 42 classes.dex files. If the application had more classes.dex files, the Shielding Tool exited with the following message:

    The application is too large to support adding Application Class. This is going to throw a ClassNotFound error at launch. Consider removing unnecessary code from your application.

    Researching this issue showed that the applications that threw the mentioned ClassNotFound error at launch had inconsistent classes in their classes.dex files.

    Status: This issue has been fixed. The classes of the application were been fixed and the Shielding Tool limit was removed. See also https://issuetracker.google.com/issues/37081229.

    SHAND-4245: Fix false positiv on adb detection

    Description: If ADB detection is enabled, App Shielding may have reported on some devices that ADB is active even though it was actually not active.

    Status: This issue has been fixed.

    ADB detection can be enabled by toggling the corresponding switch in your project configuration on the portal.

    SHAND-4267: Fix unexpected termination of the Shielding Tool on encoding an application

    Description: For some applications, the Shielding Tool terminated unexpectedly when encoding the application after applying bindings and string scrambling.

    Status: This issue has been fixed.

    Known limitations

    The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.

    NFC payment failure in shielded apps with Thales Gemalto SDK

    Description: When using the shielded version of the app, NFC payments fail. This is caused by a compatibility issue with the Thales Gemalto TSH Pay SDK which also provides debugger detection. The SDK incorrectly flags the App Shielding debugger detection as a native debugger.

    Solution: Allowlisting. For implementations integrating both the Thales Gemalto SDK and App Shielding, debuggers coming from the SDK's own debugging processes and sub-processes should be added to an allowlist within theThales Gemalto SDK.

    It is essential to not only add the processes to the allowlist but also their sub-processes. Otherwise, the SDK will still handle App Shielding as a native debugger!

    Magisk and root hider tools on new Android versions

    Root hider tools such as Magisk Hide are designed to hide the fact that the device is compromised (rooted). Android has been increasingly restricted in what can be inspected and observed of the system from inside an app. This means that a rooted system with a root hider tool can be hard to detect due to missing privileges.

    On Android 8+, App Shielding may not able to reliably detect a rooted device with Magisk Hide depending on the version of these tools.

    New Android version with 16k page size

    Google announced that Android is moving from a 4KB page size to a 16KB page size in Android15. 16KB page hardware will be available in the market in the future, as well. The current version of App Shielding does not yet run on the new Android 15 images with a 16KB page size, but OneSpan is working on updating the App Shielding native libraries to no longer assume that the page size is 4K.

    Android App Bundles

    The OneSpan Customer Portal support for Android App Bundles does not yet include instant-enabled app bundles.

    SecureEditText in-app keyboard

    The SecureEditText in-app keyboard has focus problems on dialog windows on tablet devices.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant