Documentation Index

Fetch the complete documentation index at: https://docs.onespan.com/llms.txt

Use this file to discover all available pages before exploring further.

Release Notes Mobile Application Shielding for iOS Version 8.0.1 (October 2025)

  • Published on Oct 27, 2025
  • 5 minute(s) read
Prev Next

Introduction

Welcome to Mobile Application Shielding for iOS 8.0.1!

This is a critical release of Mobile Application Shielding that updates the signing certificate for the Shield SDK library. All previous versions of the Shield SDK have an invalid certificate and cannot be used. It also finalizes support for iOS 26, and removes some deprecated features and support for older versions of iOS.

For information about configuring and using Mobile Application Shielding, see the Mobile Application Shielding Integration Guide.

Supported platform versions

  • iOS 14.0 – iOS/iPadOS 26

    With the end of support for iOS 9.0, support for 32-bit architectures also ended.

  • Shielding Tool:

    • Windows 10: 64-bit Java 17

    • Mac OSX (10.15+)

      The Shielding Tool requires a macOS system to sign applications.

    • Ubuntu Linux 20.04 LTS or 22.04

  • Xcode 15 and later. We recommend using the latest stable Xcode version.

iOS platform updates

App Shielding version 8.0.1 is compatible with the latest iOS/iPadOS 26 developer previews.

As of March 1, 2025, App Shielding for iOS version 5.0.5.95564 and earlier are no longer supported. For more information, refer to the OneSpan Mobile Portal.

Deprecations

Platform minimum supported version: support for iOS 12 and 13 stopped

As of this version of App Shielding, iOS 12 and iOS 13 are no longer supported. The minimum supported version is now iOS 14. App Shielding no longer supports iOS 13.

Documentation available online only

The documentation is now available online on the OneSpan Documentation Portal. We have removed the PDFs from the product package. However, a PDF copy can still be downloaded from the Documentation Portal.

OneSpan Customer Portal decommissioned

As announced previously, with the launch of our new OneSpan Mobile Portal, we have now decommissioned our previous portal, the OneSpan Customer Portal. Our new OneSpan Mobile Portal offers enhanced features, stronger security, and a more intuitive user interface, designed to provide you with a superior experience. For more information about the OneSpan Mobile Portal, see How to use the OneSpan Mobile Portal.

Xcode bitcode

As of Xcode 14, Apple has deprecated bitcode.

As of App Shielding version 6.0.0, the Shielding Tool no longer supports bitcode-based code obfuscation!

Deprecated API

As of App Shielding version 6.5.0, the ShieldCallback API has been deprecated and will be removed in a future version. This API has been replaced with the new PRMShieldEventManager and PRMShieldEventDelegate protocols that have been integrated into the ShieldSDK callback APIs.

Deprecated callback: libraryInjectionPrevented

The libraryInjectionPrevented callback is now deprecated. On iOS 17 and later, the callback is never triggered, and the app terminates unexpectedly instead.

New features and other updates

New Shield SDK library certificate

The Shield SDK library (ShieldSDK.xcframework) has been signed with a new certificate. All previous versions of the SDK are invalid and cannot be used anymore. This only affects projects that have added the library to Xcode, whether that is to use Shield SDK APIs (e.g., callbacks) or integrate the Shielding Tool into a build post-action.

Support for iOS 26

With this version of App Shielding, support for iOS 26 has been finalized.

Fixes and other changes

SHIOS-3406: Protection against SSL Kill Switch

Description: Hooking detection has been improved to protect against SSL Kill Switch in WebView-based apps.

Other notices

Xcode warning for missing dSYM file

Xcode 16 introduced a new warning when it discovers a missing dSYM file. For example:

Upload Symbols Failed
The archive did not include a dSYM for the MyAppx.framework with the UUIDs [XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX]. Ensure that the archive's dSYM folder includes a DWARF file for MyAppx.framework with the expected UUIDs.

The warning can safely be ignored, as it relates to missing symbols for the App Shielding dynamic library. App Shielding is a proprietary SDK, and OneSpan has never shared debug symbols for the library, which is the same for most proprietary/closed source libraries.

Known limitations

The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.

External screen block

Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate on iOS 13 and later. However, the on-screen keyboard is not blocked.

Settings for Exit On Screen Recording and Exit On Screen Recording URL lost when changing App Shielding versions

If you enable the configuration options Exit On Screen Recording and Exit On Screen Recording URL, and change the App Shielding versions from 7.0.6 or 7.0.6-a to 7.2.1 or vice-versa, your settings will be lost. To ensure the app is exited and the specified web page with an explanation is launched, you need to re-enable the options as required after you changed versions.

Bypassing App Shielding protection in Cordova-based applications

Description: Because of the nature of pure Javascript frameworks such as Cordova, the effectiveness of the push and pull bindings of App Shielding is affected. As a result, it might be possible to extract all Javascript files from a shielded application and build a new Cordova-based application with the extracted Javascript files. That new application will behave identical to the original one but has two major differences:

  1. It is not longer protected with App Shielding.

  2. It is signed with a different developer certificate.

Because this new application is signed with a different developer certificate, it is recognized by the stores or every device as a completely different and new application in comparison to the original shielded application. It cannot be avoided that a new application like this is built that looks and behaves similar to the original application.

OneSpan risk assessment: Threat actors will need to make heavy use of targeted phishing attacks to convince users of the original application to install the rogue version. For attackers, however, it is much easier to use existing malware frameworks that mimic hundreds of login screens in one single piece of malware. In addition, the existence of any rogue versions of the application does not affect the security features of the original shielded application. Everyone who is using the genuine, shielded application is protected with all the features of App Shielding, including all security measures of the original application. Therefore, we consider this issue to be of low risk.

Xcode marks ShieldSDK.xcframework package as not signed/verified

Xcode marks the ShieldSDK.xcframework package as not signed or verified and might move it to quarantine mode. If Xcode displays a message like ShieldSDK.xcframework cannot be opened..., follow these steps to resolve it:

  1. Select Cancel.

  2. Open the macOS System Settings.

  3. Navigate to Privacy & Security.

  4. Scroll down to the security warning and select Allow Anyway.

This will be fixed as soon as possible.

App protection fails with Xcode 26 and enhanced security option enabled

If your app was compiled with Xcode 26, and the Enable Enhanced Security option was set to Yes, the Shielding Tool will fail to protect the app.

This option is not enabled by default, and a future release of the Shielding Tool will improve the compatibility.