Debug your configuration
You can run your configuration in debug mode. Several security features are disabled in this mode to ease the testing of the app during development.
Debug mode must be disabled for a production app! When enabled, the shielded apk or aab is configured in debug mode (i.e. android:testOnly="true" in AndroidManifest.xml). The allow test packages option (i.e. -t) must be used when installing the apk or aab via adb to avoid the INSTALL_FAILED_TEST_ONLY error (e.g. adb install -t myapp.apk).
Configuration options
To configure App Shielding for your applications, select the options on the Configuration Page of the OneSpan Mobile Portal as needed.
Configuration options | |
Option | Description |
|---|---|
Query All Packages Permission | |
Query All Packages Permission | Applications which are compiled for Android 11 and later (compileSdkVersion) have to declare the configuration option queryAllPackagesPermission. Default value: not set For more information, see Query all packages permission. |
Obfuscation | |
Obfuscation for DEX Bytecode | Specifies whether to enable class name obfuscation for all app classes with the default rules or determine the shielding and obfuscation scope with a custom set of rules. Default Default rules enables class name obfuscation for all classes of the app by incorporating a set of default rules to exclude certain well-known exceptions. Without selecting this option, only App Shielding-related classes will be obfuscated. Custom rules You can customize the settings for obfuscation by defining custom rules. This determines how App Shielding will modify the Android application, especially in the context of shielding and obfuscation. For more information about obfuscation rules, see Obfuscation rules. Default value: Custom |
Obfuscation for Native and JavaScript | Protects Android native libraries and JavaScript code. For Android native libraries, this option provides advanced code protection embedded directly into your binaries to prevent reverse engineering and unauthorized modification. It also protects JavaScript code in hybrid mobile apps with layered defenses, combining obfuscation and other mechanisms to counter reverse engineering and debugging. This is a premium feature and requires a valid license. For information how to obtain this, please contact your sales representative. For more information about the feature, see the product documentation (valid license required to access the documents). Default value: not set |
Screenshots | |
Block screenshots | Determines whether to prevent that screenshots of the app are taken. Screenshots can only be blocked on Android version 4.4 and later. This protection applies to both user and system screenshots. System screenshots are automatically taken when recently used applications are listed. You can also exclude an activity from this block if your app wants the users to take a screenshot, for instance to verify payments, receipts etc. Exclude an activity with the Shielding Tool rule allowScreenshotsForActivity: Add an allowScreenshotsForActivity rule to .my-rules.cfg to tell App Shielding to allow screenshots if the specified activity is visible, even if the Block screenshots option is enabled. Default value: Enable |
Rooting | |
Check rooting | Checks if the device on which the app runs is rooted. Default value: Enable |
Check rooting deep scan | Performs additional scanning of executable files to look for potential root shells. This scan can potentially detect more threats, but there is also the risk of false positives. The app will consume more battery and will take longer to launch. A complete file system scan can take anywhere from a few seconds to several minutes, depending on the device. The scan looks for files with suid or sgid attributes or files that look like an su binary. The result of the scan is reported to the ExtendedObserver interface with the FILESYSTEM_SCANNING and FILESYSTEM_WATCHING callbacks. The file system scan is only started once at the start of the application. One consequence is that if an ExtendedObserver implementation is added after the initial scan was started, that observer might not receive all file-system scanning callbacks. If Exit on rooting is enabled in addition to this check, and the scan detects an su binary, the application is terminated. Enabling this option is only recommended for fraud-detection or reporting via callback rather than for strict enforcement of root detection (Exit on rooting). This option is known to cause false positives on some devices due to anomalies on the device introduced by device vendors. Default value: not set |
Exit on rooting | Determines whether to exit the app when the device is rooted. Default value: not set |
Exit on rooting heuristics threshold | Rooting can be detected by calculating a rooting heuristics threshold. With this option you determine whether to exit the application when the configured setting and underlying threshold value is reached. If App Shielding is sure that the device is rooted, and the Exit on rooting option is enabled, the application will shut down. Possible values:
If this option is not set or set to Permissive, App Shielding will not shut down the application based on the heuristics detection. Depends on: Exit on rooting Default value: Restrictive |
Exit on rooting URL | The URL of a web page with an explanation to launch when the app is shut down because it runs on a rooted device. For more information, see Exit URL Launching on Android. Depends on: Exit on rooting Default value: empty |
Advanced Configuration Mode | |
Advanced Configuration | Enable to toggle advanced detectors for specific security evasion tools. When not enabled, the system applies a default configuration that minimizes false positives while maintaining robust security. Enabling specific detectors may affect app performance or increase the likelihood of false positives. Only enable the Advanced Configuration mode when instructed by the OneSpan Support team, as improper use may affect app stability. Default value: not set |
APatch Root detector | Increases the likelihood of false positives on non-rooted devices. Default value: set |
TrickyStore detector | Identifies certain versions of the TrickyStore bypass tool (version <1.4.0) that is used to circumvent security checks. Default value: not set |
Strict hardware-backed Keystore detector | Only effective on Google or OnePlus, and may cause issues on non-Google certified devices and/or older devices. Default value: not set |
Unlocked bootloader detection | |
Check bootloader status | Checks if the bootloader has been unlocked, which allows the device to be flashed and rooted. An unlocked bootloader also suggests that the device might be running a custom and/or malicious OS. Default value: not set |
Exit on bootloader status | Determines whether to exit the app if an unlocked bootlader is detected. Depends on: Check bootloader status Default value: not set |
Exit on bootloader status URL | The URL of a web page with an explanation to launch when the app is shut down because an unlocked bootloader has been detected. For more information, see Exit URL Launching on Android. Depends on: Exit on bootloader status Default value: empty |
Hooking Frameworks | |
Check hooking frameworks | Checks the app for Java-level code hooks created by hooking tools and frameworks. For more information see Code injection protection. Default value: Enable |
Exit on hooking frameworks | Determines whether to exit the app if a hooking framework or Java-level hooks are detected. Depends on: Check hooking frameworks Default value: set |
Exit on hooking frameworks URL | The URL of a web page with an explanation to launch when the app is shut down because a Java-level or hooking framework or was detected. For more information, see Exit URL Launching on Android. Depends on: Exit on hooking frameworks Default value: empty |
Native Code Hooks | |
Check native code hooks | Checks if there are hooks in the native code. Default value: Enable |
Exit on native code hooks | Determines whether to exit the app when there are hooks in the native code. Default value: set In production versions of App Shielding this option is always enabled and cannot be disabled. |
Exit on native code hooks URL | The URL of a web page with an explanation to launch when the app is shut because a native code hook was detected. For more information, see Exit URL Launching on Android. Depends on: Exit on native code hooks Default value: empty |
Repackaging | |
Check repackaging | Checks if the app was repackaged. You also need to set the Application Signer Certificate option to configure this check. Depends on: Application Signer Certificate Default value: Enable |
Exit on repackaging | Determines whether to exit the app when it was repackaged. Default value: set In production versions of App Shielding this option is always enabled and cannot be disabled. |
Untrusted installer | |
Check untrusted installer | Checks if any application on the device has been installed via unknown and/or untrusted sources. Default value: not set This option can only be enabled when the Query All Packages permission is set! |
Exit on untrusted installer | Determines whether to exit the app when one or more untrusted source applications are installed on the device. Depends on: Check untrusted installer Default value: not set |
Exit on untrusted installer URL | The URL of a web page with an explanation to launch when the application is shut down because an untrusted source application was detected. For more information, see Exit URL Launching on Android. Depends on: Exit on untrusted installer Default value: empty |
Check untrusted installer mode | The configuration for the untrusted installer check. Set one of the following values:
Depends on the setting of Query All Packages Permission and checkUntrustedInstaller! Default value: All |
Additional Trusted Installer Signatures | This option allows adding the signing certificate of a trusted app store to an allowlist when the Check untrusted installeroption is enabled. With this option, you can add multiple certificates to include multiple app stores to the allowlist. Add each certificate in a new line of this input field to allow multiple app stores! Depends on: Check untrusted installer Default value: empty |
Additional Trusted Application Signatures | Enable this option to individually trust applications that were either sideloaded or installed via an untrusted app store. Adds the signing certificate of a trusted application to the allowlist when Default value: empty |
Process Name Cloak | |
Process Name Cloak | Determines how App Shielding cloaks the process name of the app. On starting a shielded app, App Shielding cloaks the application ID in /proc/seld/cmdline by selecting a random name from a list. This makes it harder for an attacker to automatically detect your application. Default value: Enable |
Application Signer Certificate | |
Application signer certificate | This option provides the certificate used to sign the app. You can upload up to 10 certificates. This option is not compatible with the Updatable configuration option. For more information, see Application signer certificate option. Default value: Custom certificate |
Original certificate | Insert the original certificate, if the original application is already signed. Default value: not set |
Alipay Support | |
AliPay Support | This option helps to prevent the application from terminating unexpectedly which may happen when AliPay is used. This option should be enabled to support AliPay in such situations. Default value: not set |
Flutter Webview Support | |
Flutter Webview Support | This option provides support to add WebView in Flutter. Default value: not set |
Private Space and Work Profile | |
Check Private Space or Work Profile | Checks if the application runs inside a Private Space (Android 15) or a Work Profile like Google Workspace, Samsung Secure Folder, Xiaomi Dual Apps, Microsoft Workspace etc. When an application runs in a Private Space, or Work Profile, App Shielding cannot verify if a keyboard or screen reader is trusted or not, because Android does not reveal that information to apps running in a Private Space or Work Profile. Thus, if Block untrusted Screen Readers is enabled (that is the default configuration) and the application runs inside a Private Space or a Work Profile, App Shielding blocks any screen reader, whether it is trusted or not. Default value: Enable |
Exit on Private Space | Determines whether to exit the app when the application is launched from inside a Private Space or Work Profile. Depends on: Check Private Space or Work Profile Default value: not set |
Exit on Private Space URL | The URL of a web page with an explanation to launch when the application is shut down because it was launched from a Private Space. For more information, see Exit URL Launching on Android. Depends on: Exit on Private Space Default value: empty |
App in Virtual Space | |
Check app in virtual space | Checks if the application is launched via a virtual space app. Some virtual space apps behave like malware internally, so other App Shielding security features already block them, regardless of this setting. Other virtual spaces have limitations on querying the active keyboard or screen reader. Therefore, the screen reader and keyboard will be untrusted by default while the app is running in the virtual space. If you want to allow running the protected app in virtual space, you must disable the Exit on Untrusted Keyboard option. Default value: not set |
Exit on app in virtual space | Determines whether to exit the app when the application is launched via a virtual space app. Depends on: Check app in virtual space Default value: not set |
Exit on app in virtual space URL | The URL of a web page with an explanation to launch when the application is shut down because it was launched via a virtual space app. Some virtual space apps might trigger other security violations, causing the app to exit, anyway. For more information, see Exit URL Launching on Android. Depends on: Exit on app in virtual space Default value: empty |
Trusted Virtual Space App Signatures | This option allows adding the signing certificate of a trusted virtual space app to an allowlist. With this, App Shielding accepts all virtual space apps signed with this certificate. You can add multiple certificates with the Trusted Virtual Space App Signatures option to include multiple apps to the allowlist. Add each certificate in a new line of this input field to allow multiple applications! Depends on: Check app in virtual space Default value: empty |
Android Debug Bridge | |
Check adb status | Checks if adb is active on the device. Default value: Enable |
Exit when adb enabled | Determines whether to exit the app if adb is enabled on the device. Depends on: Check adb status Default value: set |
Exit when adb enabled URL | The URL of a web page with an explanation to launch when the application is shut down because adb is enabled on the device. For more information, see Exit URL Launching on Android. Depends on: Exit when adb enabled Default value: empty |
Java Debugger | |
Block Java debugger | Block Java debuggers from attaching to the app. This option can be disabled if you want to use a Java debugger on an app that has been protected with a debug version of App Shielding. Otherwise, it is recommended to leave it on by default. However, some third-party security libraries, such as libraries built into payment SDKs, might react to this blocking. In that case, you can set the config option to App Shielding will still check if a Java debugger is attached and exit the app when detected. For more details, see Exit on Java debugger below. Default value: Enable |
Check Java debugger | Checks if a Java-level debugger is attached to the application. We recommend also using the Block Java debugger option, as this will already prevent any debuggers from attaching to the application's process. This feature may be useful in cases where blocking the Java debugger interface fails. Default value: Enable |
Exit on Java debugger | Enable to exit the application when a debugger is attached. If the Block Java Debugger option is enabled, this is unlikely, but can happen if the Android system is modified or otherwise incompatible with the current blocking mechanism. Default value: set |
Exit on Java debugger URL | The URL of a web page with an explanation to launch when the application is shut down because a debugger has been detected. For more information, see Exit URL Launching on Android. Depends on: Exit on debugger Default value: empty |
Developer Options | |
Check developer options | Checks if Developer Options is enabled on the device. Default value: Enable |
Exit when developer options enabled | Determines whether to exit the app if Developer Options is enabled. Depends on: Check developer options Default value: set |
Exit when developer options enabled URL | The URL of a web page with an explanation to launch when the application is shut down because Developer Options is enabled on the device. For more information, see Exit URL Launching on Android. Depends on: Check developer options Default value: empty |
Emulator | |
Check emulator | Checks if the application is run in an emulator, the official Android SDK emulators, or typical virtualization environments. Default value: Enable |
Exit on emulator | Determines whether to exit the app when it is running in an emulator. Default value: set |
Exit on emulator URL | The URL of a web page with an explanation to launch when the application is shut down because the app is run in an emulator. For more information, see Exit URL Launching on Android. Depends on: Exit on emulator Default value: empty |
Emulated Input | |
Check Emulated Input | Checks if the input to the application is emulated or physical. Non-physical inputs (motion events) are characterized as emulated input. Default value: Enable |
Block emulated input | Blocks emulated input that is injected into the screen. Input from all sources except physical input will be blocked. By default, this option is disabled in the OneSpan Mobile Portal Configuration page. When you enable Block emulated input, the portal displays the Emulated input threshold field where you can enter a number. The recommended value for this threshold is between 30 and 35. By default, this value is set to 34. For more information, see Emulated input. Depends on: Check Emulated Input Default value: not set |
Emulated input threshold | App Shielding assigns a score value for each input to determine if the input is emulated. Any input scores above this threshold will be considered as emulated. The recommended threshold is between 30 and 35. When you enable the Block emulated input option, the OneSpan Mobile Portal displays this field, and you can enter the required number. Default value: 34 |
Exit on Emulated Input | Determines whether to exit the app when emulated input is detected. By default, this option is disabled in the OneSpan Mobile Portal Configuration page. Depends on: Check Emulated Input Default value: not enabeld |
Exit on Emulated Input URL | The URL of a web page with an explanation to launch when the application is shut down because emulated input injection has been detected. For more information, see Exit URL Launching on Android. Depends on: Exit on Emulated Input Default value: empty |
Screen mirroring | |
Check screen mirroring | Checks for external screens, or screen mirroring such as ChromeCast, MiraCast, AllShare Cast, Samsung Smart View, and others. Screen mirroring and detection of screen mirroring is available for Android 4.2 (API level 17) and later. Default value: Enable |
Block screen mirroring | Block external screens by drawing an empty view or a customized layout on the secondary displays (see App Shielding screen mirroring). The Check screen mirroring option must be enabled for block screen mirroring to work. When active mirroring is detected, the blocking functionality prevents screen rotation and thus flickering for the duration of the rotation. This flickering would otherwise show the original screen on the projected display. Depends on: Check screen mirroring Default value: set |
Additional Display Name | This setting allows adding a trusted display by entering one or several additional display names in this input field to avoid false positive screen mirroring or screen sharing detection. Default value: empty |
Trusted Keyboard | |
Check trusted keyboard | Checks if the currently used software keyboard is trusted. By default, all system installed keyboards are trusted. It is possible to add specific trusted third-party keyboards using the Additional trusted keyboard signatures option. Default value: Enable |
Exit on untrusted keyboard | Determines whether to exit the app when the currently used software keyboard is untrusted. Depends on: Check trusted keyboard Default value: set |
Exit on untrusted keyboard URL | The URL of a web page with an explanation to launch when the application is shut down because an untrusted keyboard has been detected. For more information, see Exit URL Launching on Android. Depends on: Exit on untrusted keyboard Default value: empty |
Trusted keyboards | With this option you can add the signing certificate of a trusted software keyboard to an allowlist. All keyboards signed with this certificate would then be accepted by App Shielding. You can add multiple trusted keyboards to the allowlist. Add each signature in a new line of this input field to add multiple signatures! Depends on: Check trusted keyboard Default value: empty Please contact OneSpan Support if you need to validate the values for this option. |
Trusted Screen Readers | |
Check trusted Screen Readers | Checks if any currently active screen readers are trusted. If this option is enabled, any screen readers that are installed but not used will not be considered. It is possible to add trusted third-party screen readers to an allowlist by using the Trusted Screen Readers option. Default value: Enable |
Block untrusted Screen Readers | Blocks screen readers if a currently active untrusted screen reader is found. Blocking works in two scenarios:
If an untrusted screen reader is detected, all screen readers will be blocked because it is impossible to block screen readers selectively. Depends on: Trusted screen readers Default value: set |
Exit on untrusted Screen Readers | Determine whether to exit the app when one or more of the active screen readers are untrusted. Depends on: Check trusted screen readers Default value: not set |
Exit on untrusted Screen Readers URL | The URL of a web page with an explanation to launch when the application is shut down because an untrusted screen reader has been detected. For more information, see Exit URL Launching on Android. Depends on: Exit on untrusted Screen Readers Default value: empty |
Trusted Screen Readers | Hash of the certificate of a trusted screen reader's signatures. Please contact OneSpan Support if you need to validate the values for this option. Depends on: Trusted Screen Readers Default value: empty |
Tapjacking | |
Check tapjacking | Checks if the input to the application is obscured by a non-system overlay. Default value: not set |
Exit on tapjacking | Determine whether to exit the app when a non-system overlay obscures the application. Depends on: Check tapjacking Default value: not set |
Exit on tapjacking URL | The URL of a web page with an explanation to launch when the application is shut down because a non-system overlay has been detected. For more information, see Exit URL Launching on Android. Depends on: Exit on tapjacking Default value: empty |
Block tapjacking | This option prevents input from being dispatched to the application when a non-system overlay is detected on the screen. If your application uses a legitimate overlay window, we recommend keeping this configuration option disabled and implement the event blocking yourself to allow for exceptions. For more information, refer to the Android Developer documentation. Default value: not set |
Block non-system overlays | On Android 12 (API level 31) and later, this option prevents non-system overlays from appearing over the application and removes any existing overlays when the application is in use. If your app uses a legitimate overlay window, we recommend keeping this configuration option disabled and implement the event blocking yourself to allow for exceptions. Default value: not set |
Memory Scan | |
Check Memory Scan | Checks for unauthorized memory scanning and dumping activity. Shuts down the app immediately if an unauthorized memory scan is detected. To stop the memory scan as quickly as possible, App Shielding shuts down the app without attempting to capture or configure a shutdown reason. Delaying the shutdown (e.g., by launching an Exit on… URL) could allow the scan to complete, negating the value of this protection. Default value: Enable |
Shutdown Immediately | |
Shutdown Immediately | Determine whether to exit the app immediately when a security policy problem is detected. For more information, see Shutdown immediately option. Default value: not set |
Advanced debug guard | |
Advanced debug guard | Executes security checks to ensure authenticity of the App Shielding guard component. If enabled, App Shielding sends secret commands to the guard component and expects predefined results. It prevents usage of third party debuggers, even if the guard component is circumvented. This option might have a negative effect on performance during runtime. Default value: Enable |
Binding | |
Binding scope for classes | Reduce the number of bindings per class to a minimum. This stops extraction after the first class binding has been extracted. This option speeds up the application startup, however it also reduces the security provided by App Shielding. When using this option, less data can be bound. Use this option only if the number of bindings is very high and it slows down the application startup. Default value: Full |
Binding scope for methods | Reduce the number of bindings per method to a minimum. This stops binding extraction inside a specific method after a binding has already been extracted. This option speeds up the application startup, however it also reduces the security provided by App Shielding. Enabling Limit binding on classes also implies that Limit binding on methods is enabled. When using this option, less data can be bound. Use this option only if the number of bindings is very high and it slows down the application startup. Default value: Full |
Push binding [DEPRECATED] | Limits the push binding that is performed upon application startup. This option speeds up the application startup, however it also reduces the security provided by App Shielding. When using this option, only one binding method is used (pull binding), and thus less data can be bound. Use this option only, if the number of push bindings is very high, and if it slows down the application startup. Default value: Enable |
Architecture support | |
Add support of architectures automatically | If you select Automatic, App Shielding will try to determine the supported architectures by searching for native libraries present in the application. If no native libraries are present, all platforms will be supported. Default value: Automatic |
PIPL Support | |
PIPL Support | Enables support to comply with China’s Personal Information Protection Law (PIPL) for app distribution in China. If enabled, postpones certain checks either partially or fully. For more information, see Integrate App Shielding for App Distribution in China. Default value: not set |
PIPL Support without Consent Activity | Disables PIPL consent activity. Integrators are still able to notify App Shielding of granted consent through the SDK. This configuration option is intended for applications with a single-activity architecture. Default value: not set |
Updatable configuration | |
Updatable configuration | Determines whether the app will use the Automatic Configuration feature. When App Shielding has been integrated in existing apps, the Automatic Configuration feature allows you to deploy a new configuration of App Shielding without the need to re-deploy and re-publish the apps through the various app distribution channels. For more information, see App Shielding configuration. Default value: not set |
Additional notes
Query all packages permission
With the declaration of the Query All Packages permission configuration option, Google restricts apps and packages from viewing other apps / packages installed on an Android device.
As of July 2022, Google Play has restricted the use of privacy sensitive Android permissions, such as QUERY_ALL_PACKAGES, for all new apps or app updates submitted.
An app with this permission can see and access details of all other installed apps on the device.
App Shielding does not require this permission by default, however, one feature — checkUntrustedInstaller — requires the QUERY_ALL_PACKAGES permission to work correctly.
The checkUntrustedInstaller configuration option is intended to be used for apps that require PCI compliance. When this feature is enabled, App Shielding will check if any apps are either side-loaded or installed from non-trusted app sources. This check is performed inside the app, and fundamentally depends on the QUERY_ALL_PACKAGES permission in order to work.
If an application needs to use the QUERY_ALL_PACKAGES permission, or otherwise requires the checkUntrustedInstaller configuration option to be enabled, then the application owner needs to use the Declaration Form in Google Play Console to get acceptance for using this permission.
If the application owner does not submit a declaration form, or if the permission has not been granted, any app updates may be rejected, or the application may be removed from Google Play.
The Shielding Tool normally enables required permissions automatically by default. However, the Shielding Tool will only enable QUERY_ALL_PACKAGES if both the queryAllPackagesPermission and checkUntrustedInstaller are enabled.
Only enable the queryAllPackagesPermission configuration option if this has been explicitly granted by Google Play.
Reference links: QUERY_ALL_PACKAGES Permission, Package visibility filtering on Android.
OneSpan strongly recommends reading the reference links before setting this value. If queryAllPackagesPermission is enabled, the Shielding Tool will insert android.permission.QUERY_ALL_PACKAGES permission to AndroidManifest.xml. Enabling the queryAllPackages permission is going to indicate to App Shielding and the Shielding Tool that the permission is granted by Google Play Console.
If the Query All Packages permission is disabled but e.g. the checkUntrustedInstaller check is switched on, the shielding of the application will fail because the checkUntrustedInstaller requires the Query All Packages permission to be enabled. In contrast, if both settings are either enabled or both are disabled, the shielded .apk file can be downloaded from the OneSpan Mobile Portal.
Application signer certificate option
This option defines the signer certificate(s) that App Shielding trusts when checking for repackaging. When App Shielding verifies the signature of the application, it validates if the configured certificate(s) match. That is, App Shielding assumes the app has been repackaged if the certificate used to sign the app does not match any of the certificates provided here.
You can upload up to 10 custom certificates. This allows you to sign applications from different environments via the submitted configuration after the application has been shielded.
In the following scenarios, some of the uploaded certificates will be removed from your configuration:
When you use App Shielding as of version 7.3.1-a and upload multiple certificates but then change to an earlier version of App Shielding, you must select which certificate to keep, the other certificates will be removed.
When you have uploaded multiple certificates but select in your configuration Application signer certificate > Original certificate, all the uploaded certificates will be deleted and App Shielding adds the original certificate.
The format of the certificates can be the PEM or Base64-encoded DER version of the certificate, or one of the following values:
Custom certificate
Default value. Resolves to the signing certificate configured for the Shielding Tool if the Shielding Tool will sign the target app. For more information, see Signing the Application on Android. If the Shielding Tool will not sign the app, then the original certificate is used. Otherwise, an error is thrown.
Original certificate
Inserts the original certificate, if the original application is already signed. If the application is not signed, or the Shielding Tool fails to extract the certificate, an error is thrown.
The public certificates can be safely extracted from the keystore you will use to sign the app. Upload the certificates in .pem, .der or .cer format. Certificates can be exported from the keystore with the following command:
keytool –keystore $keystore_file –storepass $keystore_password –alias $keyname –exportcert –rfc –file cert.pemIf the original application is already signed, it is possible to insert the original certificate with the corresponding option.
Shutdown immediately option
This option determines whether to exit the app immediately when a security policy problem is detected. If this option is enabled, the app will simply exit as soon as possible. If this option is disabled, an error reporting will be processed, and App Shielding will throw a Java exception and give the user a 30-second grace period to report the problem to Google Play.
A 30-second grace period gives an attacker a time window to perform an attack on the app, even after the app has shut down. However, shutting down immediately may have some side effects such as Android re-launching the app. This may lead to the app launching and exiting in an infinite loop on most Android devices and should therefore be used with care.
For more information about error reporting, see App Shielding Error Reporting on Android.
Launch performance
With very large apps, launch times can suffer from having a very large number of bindings. The purpose of binding is first and foremost to ensure that the app cannot be decoupled from App Shielding to run the app in a less secure manner. However, after a certain point of adding bindings, no real value or benefit is added from a security point of view.
If the app becomes too slow during launch, the following options can be explored to reduce the number of bindings extracted:
Limit binding on classes
Limit binding on methods
Disable push binding
The options to limit bindings per class and method minimize the number of bindings per class and method, respectively, ensuring that there is at least one such binding. This will reduce the number of bindings significantly for most apps, and at the same time retain a good distribution of bindings.
The downside of using these options is that constants such as strings are not as aggressively removed from the code, which reduces the obfuscation side-effect of binding.