Introduction
Welcome to Mobile Application Shielding for iOS 8.0.3!
This is a release of Mobile Application Shielding, which contains enhancements and other product updates. It also contains a compatibility release (App Shielding for iOS 8.0.3-SDKcompat) to support compatibility with third party SDKs (e.g., payment SDKS).
Except for the compatibility feature, there are no differences between App Shielding for iOS 8.0.3-SDKcompat and App Shielding for iOS 8.0.3. Thus, no separate set of documents has been provided for the compat release.
For more information about new features and fixed defects, refer to the respective chapters in this article. For information about configuring and using Mobile Application Shielding, see the Mobile Application Shielding Integration Guide.
Supported platform versions
iOS 14.0 – iOS/iPadOS 26
With the end of support for iOS 9.0, support for 32-bit architectures also ended.
Shielding Tool:
Windows 10: 64-bit Java 17
Mac OSX (10.15+)
The Shielding Tool requires a macOS system to sign applications.
Ubuntu Linux 20.04 LTS or 22.04
Xcode 15 and later. We recommend using the latest stable Xcode version.
iOS platform updates
App Shielding version 8.0.3 is compatible with the latest iOS/iPadOS 26 developer previews.
As of March 1, 2025, App Shielding for iOS version 5.0.5.95564 and earlier are no longer supported. For more information, refer to the OneSpan Mobile Portal.
Deprecations
Signing an app: usage of colon in codesign syntax deprecated
Due to changes in Usage of the colon in the codesign command line syntax when specifying the path is deprecated. It will not work in a future release and will then be removed. For more information, see also Signing the Application on iOS.
[Applicable to OneSpan Code Obfuscation only] OneSpan Jigsaw encryption no longer supported for Mach-O Intel binaries
OneSpan Jigsaw encryption is no longer supported for Mach-O Intel binaries. Note that this only applies to Premium Feature users only because Jigsaw is only implemented in OneSpan Code Obfuscation.
Fixes and other changes
SHIOS-3574: False positives after backup on jailbroken device
Description: False positives could occur if a user backed up a jailbroken device and later restored it on a non-jailbroken device.
Status: This issue has been fixed.
SHIOS-3571: Error on app upload
Description: An evaluation version of App Shielding that was specifically configured to allow uploading to TestFlight would set the minimum operating system version to 12, causing an error on app upload.
Status: This issue has been fixed.
INT-138: Issue with protection of IPA files
Description: An issue occurred with the protection of IPA files that had a __MACOSX metadata folder. Note that an IPA would not normally have this folder unless it was improperly created.
[Applicable to OneSpan Code Obfuscation only] OneSpan Jigsaw version 1.27 includes the following improvements:
Improved control flow abstraction for Mach-O binaries to be able to protect the
__TEXT,__stubssection.Improved protection time performance.
Improved the validation of integrity checking and checksumming configurations to prevent conflicting configurations.
Fixed an issue which prevented Mach-O binaries from using the system log after protection.
Fixed an unexpected termination that sometimes occurred on arm64 binaries.
Fixed an issue which prevented OneSpan Jigsaw from finding dSYM files when Spotlight was disabled.
Other notices
Xcode warning for missing dSYM file
Xcode 16 introduced a new warning when it discovers a missing dSYM file. For example:
‘‘‘
Upload Symbols Failed
The archive did not include a dSYM for the MyAppx.framework with the UUIDs [XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX]. Ensure that the archive's dSYM folder includes a DWARF file for MyAppx.framework with the expected UUIDs.
‘‘‘
The warning can safely be ignored, as it relates to missing symbols for the App Shielding dynamic library. App Shielding is a proprietary SDK, and OneSpan has never shared debug symbols for the library, which is the same for most proprietary/closed source libraries.
Bootstrap detection
As a side effect of recent jailbreak detection improvements, App Shielding can also detect Bootstrap, even when the protected app itself has not been bootstrapped.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
[Applicable to OneSpan Code Obfuscation only] App terminates unexpectedly
For code obfuscation: if you are using OneSpan Jigsaw, you might encounter unexpected terminations or other issues with apps that programmatically read information at the beginning of virtual space, such as the Mach-O header.
[Applicable to OneSpan Code Obfuscation only] dSYM file names
For code obfuscation: when shielding with native obfuscation, ensure that the names of the dSYM zip file package uploaded to the OneSpan Mobile Portal and the name of the dSYM file inside the zip file package are identical. Otherwise, the shielding operation will fail!
External screen block
For apps that use UISceneDelegate on iOS 13 and later, the on-screen keyboard is not blocked.
Settings for Exit On Screen Recording and Exit On Screen Recording URL lost when changing App Shielding versions
If you enable the configuration options Exit On Screen Recording and Exit On Screen Recording URL, and change the App Shielding versions from 7.0.6 or 7.0.6-a to 7.2.1 or vice-versa, your settings will be lost. To ensure the app is exited and the specified web page with an explanation is launched, you need to re-enable the options as required after you changed versions.
Bypassing App Shielding protection in Cordova-based applications
Description: Because of the nature of pure Javascript frameworks such as Cordova, the effectiveness of the push and pull bindings of App Shielding is affected. As a result, it might be possible to extract all Javascript files from a shielded application and build a new Cordova-based application with the extracted Javascript files. That new application will behave identical to the original one but has two major differences:
It is not longer protected with App Shielding.
It is signed with a different developer certificate.
Because this new application is signed with a different developer certificate, it is recognized by the stores or every device as a completely different and new application in comparison to the original shielded application. It cannot be avoided that a new application like this is built that looks and behaves similar to the original application.
OneSpan risk assessment: Threat actors will need to make heavy use of targeted phishing attacks to convince users of the original application to install the rogue version. For attackers, however, it is much easier to use existing malware frameworks that mimic hundreds of login screens in one single piece of malware. In addition, the existence of any rogue versions of the application does not affect the security features of the original shielded application. Everyone who is using the genuine, shielded application is protected with all the features of App Shielding, including all security measures of the original application. Therefore, we consider this issue to be of low risk.
Xcode marks ShieldSDK.xcframework package as not signed/verified
Xcode marks the ShieldSDK.xcframework package as not signed or verified and might move it to quarantine mode. If Xcode displays a message like ShieldSDK.xcframework cannot be opened..., follow these steps to resolve it:
Select Cancel.
Open the macOS System Settings.
Navigate to Privacy & Security.
Scroll down to the security warning and select Allow Anyway.
This will be fixed as soon as possible.
App protection fails with Xcode 26 and enhanced security option enabled
If your app was compiled with Xcode 26, and the Enable Enhanced Security option was set to Yes, the Shielding Tool will fail to protect the app.
This option is not enabled by default, and a future release of the Shielding Tool will improve the compatibility.