Login
    Contents x
    Mobile Application Shielding for iOS Version 7.2.1 (April 2025)
    • 07 May 2025
    • 5 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Mobile Application Shielding for iOS Version 7.2.1 (April 2025)

    • Updated on 07 May 2025
    • 5 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Introduction

    Welcome to Mobile Application Shielding for iOS 7.2.1!

    The OneSpan Customer Portal only accepts connections via TLS 1.2 or later. Earlier versions are no longer supported because all versions of the TLS protocol prior to 1.2 have been deprecated.

    This is a release of Mobile Application Shielding with issue fixes. For information about configuring and using Mobile Application Shielding, see the Mobile Application Shielding Integration Guide.

    On the OneSpan Customer Portal, the last 12 versions of Mobile Application Shielding are available for download. To maintain protection against the latest mobile threats, ensure to update Mobile Application Shielding to the latest version!

    Supported platform versions

    • iOS 12.0 – iOS/iPadOS 18

      With the end of support for iOS 9.0, support for 32-bit architectures also ended.

    • Shielding Tool:

      • Windows 10: 64-bit Java 17

      • Mac OSX (10.15+)

        The Shielding Tool requires a macOS system to sign applications.

      • Ubuntu Linux 20.04 LTS or 22.04

    • Xcode 15 and later. We recommend using the latest stable Xcode version.

    iOS platform updates

    App Shielding version 7.2.1 is compatible with iOS/iPadOS 18.4 RC.

    As of March 1, 2025, App Shielding for iOS version 5.0.5.95564 and earlier are no longer supported. For more information, refer to the OneSpan Mobile Portal or the OneSpan Customer Portal.

    Deprecations

    Platform minimum supported version

    The minimum supported version is iOS 12. App Shielding no longer supports iOS 11.

    Xcode

    As of Xcode 14, Apple has deprecated bitcode.

    As of App Shielding version 6.0.0, the Shielding Tool no longer supports bitcode-based code obfuscation!

    Deprecated API

    As of App Shielding version 6.5.0, the ShieldCallback API has been deprecated and will be removed in a future version. This API has been replaced with the new PRMShieldEventManager and PRMShieldEventDelegate protocols that have been integrated into the ShieldSDK callback APIs.

    New features and other updates

    Uploading multiple certificates

    App Shielding now offers the possibility to upload multiple certificates for the application signer certificate and the updatable configuration server certificate. With this, applications can be signed from different environments via the submitted configuration after the application has been shielded.

    In the following scenarios, some of the uploaded certificates will be removed from your configuration:

    1. When you use App Shielding 7.2.1 and upload multiple certificates but then change to an earlier version of App Shielding, you must select which certificate to keep, the other certificates will be removed.

    2. When you have uploaded multiple certificates but select in your configuration Application signer certificate > Original certificate, all the uploaded certificates will be deleted and App Shielding adds the original certificate.

    Check Repackaging: File integrity checks

    A new configuration option has been added, File Integrity Checks. As part of the Check Repackaging security feature, individual files can now be checked for their integrity to ensure they have not been tampered with. These files are configured in a Shielding Tool rules file using the verify keyword. For example:

    # Verify individual files
verify "Assets.car";
verify "AppIcon60x60@2x.png";
# Verify all plist files using a regular expression
verify ".*\.plist";

    If any of the files marked with verify are modified between integrating App Shielding and running the application, App Shielding reports this as a repackaging event.

    Integrity checks cannot be applied to files that are intentionally modified after the integration process. For instance, the app binary cannot be added as a verify check, because it is signed afterwards. However, the app binary is still verified as part of the App Shielding overall repackaging check.

    Fixes and other changes

    SHIOS-3294: Improved Dopamine jailbreak detection

    Dopamine jailbreak detection has been improved when RootHide is active. App Shielding detects the following RootHide versions:

    • Dopamine-roothide v1.1.1

    • Dopamine-roothide v2, versions v13 and up to v15

    App Shielding currently does not detect Dopamine-roothide v1.1.2 and v1.1.3.

    SHIOS-3129: Improved thread safety

    Thread safety has been improved when restoring bindings. This also resolves an issue that could cause the application to terminate unexpectedly on launch in rare cases.

    SHIOS-3300: Application exit on startup

    Description: Large applications that contain many symbols with long names would exit on startup during binding restoration.

    Status: This issue has been fixed.

    Other notices

    Xcode warning for missing dSYM file

    Xcode 16 introduced a new warning when it discovers a missing dSYM file. For example:

    Upload Symbols Failed
    The archive did not include a dSYM for the MyAppx.framework with the UUIDs [XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX]. Ensure that the archive's dSYM folder includes a DWARF file for MyAppx.framework with the expected UUIDs.

    The warning can safely be ignored, as it relates to missing symbols for the App Shielding dynamic library. App Shielding is a proprietary SDK, and OneSpan has never shared debug symbols for the library, which is the same for most proprietary/closed source libraries.

    Known limitations

    The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.

    Settings for Exit On Screen Recording and Exit On Screen Recording URL lost when changing App Shielding versions

    If you enable the configuration options Exit On Screen Recording and Exit On Screen Recording URL, and change the App Shielding versions from 7.0.6 or 7.0.6-a to 7.2.1 or vice-versa, your settings will be lost. To ensure the app is exited and the specified web page with an explanation is launched, you need to re-enable the options as required after you changed versions.

    Bypassing App Shielding protection in Cordova-based applications

    Description: Because of the nature of pure Javascript frameworks such as Cordova, the effectiveness of the push and pull bindings of App Shielding is affected. As a result, it might be possible to extract all Javascript files from a shielded application and build a new Cordova-based application with the extracted Javascript files. That new application will behave identical to the original one but has two major differences:

    1. It is not longer protected with App Shielding.

    2. It is signed with a different developer certificate.

    Because this new application is signed with a different developer certificate, it is recognized by the stores or every device as a completely different and new application in comparison to the original shielded application. It cannot be avoided that a new application like this is built that looks and behaves similar to the original application.

    OneSpan risk assessment: Threat actors will need to make heavy use of targeted phishing attacks to convince users of the original application to install the rogue version. For attackers, however, it is much easier to use existing malware frameworks that mimic hundreds of login screens in one single piece of malware. In addition, the existence of any rogue versions of the application does not affect the security features of the original shielded application. Everyone who is using the genuine, shielded application is protected with all the features of App Shielding, including all security measures of the original application. Therefore, we consider this issue to be of low risk.

    Xcode marks ShieldSDK.xcframework package as not signed/verified

    Xcode marks the ShieldSDK.xcframework package as not signed or verified and might move it to quarantine mode. If Xcode displays a message like ShieldSDK.xcframework cannot be opened..., follow these steps to resolve it:

    1. Select Cancel.

    2. Open the macOS System Settings.

    3. Navigate to Privacy & Security.

    4. Scroll down to the security warning and select Allow Anyway.

    This will be fixed as soon as possible.

    External screen block

    Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant