Comments (3)
Hello!
We are sorry to hear that you have some issues.
To clarify some issues:
Android
Root check
We are unable to further investigate the issue without additional data (see Further investigation down below).
Tamper check
Tamper check can be a bit tedious to set. But in general:
-
packageName
is package name of your android application (inbuild.gradle
underdefaultConfig
value ofapplicationId
) -
signingCertificateHash
is SHA-256 hash of your signing key in base64 form
For example, by default, your Flutter app is signed using debug key. You can show SHA-256 hash of this key using Android Studio tool (singingReport
gradle task). This value should be then converted to Base64 (programmatically or using [some online base64 encoder](https://base64.guru/converter/encode/hex)) and provided as String tosigningCertificateHash
.
More about signing certificate hash here.
Unstrusted installation
Untrusted installation is triggered when application is installed from untrusted source.
What is untrusted source?
It is source which is not:
-
Google Play Store
-
Huawei AppGalery
-
one of your whitelisted stores (using
supportedAlternativeStores
parameter)
You can whitelist installation from IDE using 'adb'
value:
supportedAlternativeStores: ['adb']
iOS
Signature check
Signature check is equivalent to tamper check on Android. Right now, we don't know enough to investigate the problem.
Passcode features
Passcode featues reffers to passcode lock protect on your device. This directly does not imply the presence of FaceID or TouchID (you can have only passcode lock - without FaceID or TouchID)
Further investigation
To be able to investigate these issues further
-
tamper check (Android)
-
root check (Android)
-
signature check (iOs)
please provide more information about
-
your watcher mail
-
package name (Android)
-
bundle id (iOs)
If you don't want to expose those information publicly, you can send us email to [email protected] . Thanks for cooperation.
Hope we've resolved some of your issues for now.
Talsec Team.
from free-rasp-flutter.
Hi!
For the signature check on iOS, seems like that this particular check works only with apps that are on app store or testflight.
The other problems were my fault.
from free-rasp-flutter.
Hello ITASerus,
yes, in the current version of the SDK, the signature check is triggered on applications built from Xcode due to some of the subchecks. In the next release, the subchecks will be separated into a new category (unofficialStore).
from free-rasp-flutter.
Related Issues (20)
- [Flutter project] APK file increased by 40% with FreeRASP package HOT 6
- Frida and App Integrity detection not working as expected HOT 16
- Android build fails since March 4th, 14 o'clock HOT 3
- bug: Typecast error (int to String) in debug mode HOT 4
- bug: PlatformException - dlopen failed: library "libsecurity.so" not found HOT 5
- Device Id Issue HOT 5
- Feature: get currentThreatStatus / await freeRasp.checksComplete.future HOT 2
- Freerasp causes error with SharedPreferences at start and application does not run in production HOT 7
- iOS App crash in the release mode after adding Freerasp:3.0.2 HOT 3
- Use of Outdated Vulnerable Component: [email protected] HOT 2
- FAILURE: Build failed with an exception. HOT 2
- bug: SharedPreferences causes exceptions HOT 4
- Root detection not working as expected, delayed hook detection HOT 3
- When the app is minimized and resumed before the checks, they do not occur. HOT 5
- only Xcode 13 required to be able to build the application. HOT 4
- Crash on iOS device with 6.2.0 HOT 6
- onAppIntegrity after releasing playstore HOT 8
- Emulator Detection / Root detection on Android emulator HOT 3
- Which callback? HOT 3
- Android app not compilable with AGP >= 8.0.0 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from free-rasp-flutter.