If an application shuts down, either due to a crash or a detected security problem, can exit and log a proper stack trace, or open the browser with a predefined URL. That is, unless you have enabled the shutdownImmediately configuration option. Otherwise, the shutdown reason is accessible via Logcat. If the application is installed via Google Play, and the user opts into sharing diagnostic data, the report will also appear in the Google Play Console’s "Crashes & ANRs" page.
The stack trace will have distinct exception classes depending on the reason for the shutdown. By default, however, the stack trace will contain obfuscated class names and look more like the following:
FATAL EXCEPTION: qmfk.l: 01 at qmfk.L.a(Unknown Source:112) at qmfk.L.b(Unknown Source:12) ...
In this example, qmfk.l is the obfuscated App Shielding class. The obfuscated names can be decoded using the ProGuard retrace tool with the mappings.txt file produced during shielding. This mapping file can also be uploaded to Google Play to automatically decode stack traces in the Google Play Console.
To deobfuscate a crash report
Use the following command:
retrace.bat | retrace.sh [-verbose] <mappingFile> <crashReport>where:
mappingFile is the path to the mapping.txt file.
crashReport is the path to the crash report to deobfuscate.
The message in the stack trace will include a hex-coded string. In the above example, the message points to "01", which indicates repackaging detection. Other shutdown reasons use different exception classes and message encoding, but the first two characters will always refer to the shutdown reasons described below. If more than two characters are present, App Shielding has encoded other types of information related to the shutdown reason. For further analysis, forward the error message to OneSpan Technical Support.
App Shielding can be configured to not create such stack traces by enabling the Shutdown Immediately configuration option. However, we do not recommend this, since it limits the ability to diagnose problems.
List of error codes for shutdown reasons
If App Shielding shuts down the application and launches a web browser with a preconfigured URL to explain the problem to the user, one of the exit URL variable placeholders is %REASON%. The following %REASON% error codes for the shutdown are possible:
Error codes for Android | |||
Exception Class | Error Code Hexadecimal | Error Code Decimal | Description |
|---|---|---|---|
RootException | 00 | 0 | Policy violation: Device is rooted. |
RepackagingException | 01 | 1 | Policy violation: Application is modified or repackaged. |
EmulatorException | 02 | 2 | Policy violation: Application is being run in an emulator. |
DebuggerException | 03 | 3 | Policy violation: Java debugger attached to app. |
KeyboardException | 04 | 4 | Policy violation: Untrusted keyboard found. |
ScreenreaderException | 05 | 5 | Policy violation: Untrusted screen reader found. |
NativeHookException | 06 | 6 | Policy violation: Native code hooks, possibly inserted by malicious app. |
-- | 07 | 7 | Internal |
ConfigException | 08 | 8 | App Shielding could not read configuration file. |
-- | 09 - 14 | 9 - 20 | Internal |
CrashException | 15 | 21 | Application terminated unexpectedly outside of Java code, either native library or App Shielding. |
HookingFrameworkException | 16 | 22 | Policy violation: Hooking frameworks detected. |
DebuggerException | 17 | 23 | Native debugger prevention not possible on this device. |
DeveloperOptionsException | 1a | 26 | Developer Options enabled on device. |
UntrustedInstallerException | 1b | 27 | Untrusted Installer found on device. |
AdbStatusException | 1c | 28 | Android Developer Bridge active on device. |
AppInVirtualSpaceException | 1d | 29 | Application is launched via Virtual Space application. |
EmulatedInputException | 1f | 31 | Emulated input detected. |
PrivateSpaceException | 20 | 32 | Application is launched in a Private Space or Work Profile. |
BootloaderUnlockedException | 21 | 33 | The device’s bootloader is unlocked. |
For more information about launching a web browser with a preconfigured URL, see Exit URL Launching on Android.