Documentation Index

Fetch the complete documentation index at: https://docs.onespan.com/llms.txt

Use this file to discover all available pages before exploring further.

Release Notes Mobile Application Shielding for iOS Version 8.1.3 (May 2026)

  • Updated on May 26, 2026
  • Published on May 15, 2026
  • 5 minute(s) read
Prev Next

Introduction

Welcome to Mobile Application Shielding for iOS 8.1.3!

This is a maintenance release of Mobile Application Shielding. For more information about new features and fixed defects, refer to the respective chapters in this article. For information about configuring and using Mobile Application Shielding, see the Mobile Application Shielding Integration Guide.

Supported versions

App Shielding

Over the next months, support for a number of Mobile Application Shielding versions will expire on the OneSpan Mobile Portal. The next versions to be affected are

  • Expiring on 2026-06-12:

    • 6.5.2.124583 (Android)

    • 6.5.2.124585 (iOS)

  • Expiring on 2026-06-20:

    • 6.5.3.128799 (Android)

    • 6.5.3.128811 (iOS)

You can continue to use your app even if it has been shielded with any of the expired versions but to maintain protection against the latest mobile threats, we recommend to update Mobile Application Shielding to the latest version!

For a full list of affected versions, see Unsupported versions.

Supported platform versions

  • iOS 14.0 – iOS/iPadOS 26

    With the end of support for iOS 9.0, support for 32-bit architectures also ended.

  • Shielding Tool:

    • Windows 10: 64-bit Java 17

    • Mac OSX (10.15+)

      The Shielding Tool requires a macOS system to sign applications.

    • Ubuntu Linux 20.04 LTS or 22.04

  • Xcode 15 and later. We recommend using the latest stable Xcode version.

iOS platform updates

App Shielding version 8.1.3 is compatible with the latest iOS/iPadOS 26 developer previews.

Deprecations and other changes

Expiring TestFlight certificate

The current Apple TestFlight certificate will expire on 2026-08-12 and Apple has switched to a new certificate. We have updated the TestFlight certificate on the OneSpan Mobile Portal to ensure compatibility with application certificate validation checks. The new certificate will be applied automatically during shielding. You can also retrieve the certificate from this Knowledgebase Article on our Customer Portal and add as Application signer certificate > Custom certificate in your App Shielding configuration.

Shielded apps that are already on the App Store or builds that are already on TestFlight are not impacted.

SSL Kill Switch detection disabled

SSL Kill Switch detection is now disabled by default to reduce unexpected false positives. We will keep this on our roadmap for further review on how we can improve this functionality.

Fixes and other changes

Hexadecimal value returned for variable placeholder

Description: For the Exit URL Launching feature, the %REASON% variable used as placeholder when the application is shut down and a web browser is launched returned the hexadecimal value 06 as response.

Status: This issue has been fixed. The relevant plugin has been updated, and now the decimal value 6 is returned as response.

SHIOS-3666: Application unresponsive

Description: An issue caused the application to become unresponsive if a network connection could not be established while fetching an updatable configuration.

Status: This issue has been fixed.

Known limitations

The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.

Exit URL variable not replaced due to plugin limitation

For the Exit URL Launching feature, the URL used to launch the web browser can use variable placeholders. App Shielding substitutes these placeholders to provide the relevant information inside the URL itself. For the Exit On Screen Recording URL option, the %VERSION% placeholder is not correctly replaced because the plugin cannot know the App Shielding version in the app.

[Applicable to Premium Features only] App terminates unexpectedly

For Code Obfuscation: if you are using OneSpan Jigsaw, you might encounter unexpected terminations or other issues with apps that programmatically read information at the beginning of virtual space, such as the Mach-O header.

[Applicable to Premium Features only] dSYM file names

For Code Obfuscation: when shielding with native obfuscation, ensure that the names of the dSYM zip file package uploaded to the OneSpan Mobile Portal and the name of the dSYM file inside the zip file package are identical. Otherwise, the shielding operation will fail!

External screen block

For apps that use UISceneDelegate on iOS 13 and later, the on-screen keyboard is not blocked.

Settings for Exit On Screen Recording and Exit On Screen Recording URL lost when changing App Shielding versions

If you enable the configuration options Exit On Screen Recording and Exit On Screen Recording URL, and change the App Shielding versions from 7.0.6 or 7.0.6-a to 7.2.1 or vice-versa, your settings will be lost. To ensure the app is exited and the specified web page with an explanation is launched, you need to re-enable the options as required after you changed versions.

Bypassing App Shielding protection in Cordova-based applications

Description: Because of the nature of pure Javascript frameworks such as Cordova, the effectiveness of the push and pull bindings of App Shielding is affected. As a result, it might be possible to extract all Javascript files from a shielded application and build a new Cordova-based application with the extracted Javascript files. That new application will behave identical to the original one but has two major differences:

  1. It is not longer protected with App Shielding.

  2. It is signed with a different developer certificate.

Because this new application is signed with a different developer certificate, it is recognized by the stores or every device as a completely different and new application in comparison to the original shielded application. It cannot be avoided that a new application like this is built that looks and behaves similar to the original application.

OneSpan risk assessment: Threat actors will need to make heavy use of targeted phishing attacks to convince users of the original application to install the rogue version. For attackers, however, it is much easier to use existing malware frameworks that mimic hundreds of login screens in one single piece of malware. In addition, the existence of any rogue versions of the application does not affect the security features of the original shielded application. Everyone who is using the genuine, shielded application is protected with all the features of App Shielding, including all security measures of the original application. Therefore, we consider this issue to be of low risk.

Xcode marks ShieldSDK.xcframework package as not signed/verified

Xcode marks the ShieldSDK.xcframework package as not signed or verified and might move it to quarantine mode. If Xcode displays a message like ShieldSDK.xcframework cannot be opened..., follow these steps to resolve it:

  1. Select Cancel.

  2. Open the macOS System Settings.

  3. Navigate to Privacy & Security.

  4. Scroll down to the security warning and select Allow Anyway.

This will be fixed as soon as possible.

App protection fails with Xcode 26 and enhanced security option enabled

If your app was compiled with Xcode 26, and the Enable Enhanced Security option was set to Yes, the Shielding Tool will fail to protect the app.

This option is not enabled by default, and a future release of the Shielding Tool will improve the compatibility.