Comments (3)
talsec-app
commented on July 20, 2024
Hello!
We are sorry to hear that you have some issues.
To clarify some issues:
Android
Root check
We are unable to further investigate the issue without additional data (see Further investigation down below).
Tamper check
Tamper check can be a bit tedious to set. But in general:
-
packageNameis package name of your android application (inbuild.gradleunderdefaultConfigvalue ofapplicationId) -
signingCertificateHashis SHA-256 hash of your signing key in base64 form
For example, by default, your Flutter app is signed using debug key. You can show SHA-256 hash of this key using Android Studio tool (singingReportgradle task). This value should be then converted to Base64 (programmatically or using [some online base64 encoder](https://base64.guru/converter/encode/hex)) and provided as String tosigningCertificateHash.
More about signing certificate hash here.
Unstrusted installation
Untrusted installation is triggered when application is installed from untrusted source.
What is untrusted source?
It is source which is not:
-
Google Play Store
-
Huawei AppGalery
-
one of your whitelisted stores (using
supportedAlternativeStoresparameter)
You can whitelist installation from IDE using 'adb' value:
supportedAlternativeStores: ['adb']iOS
Signature check
Signature check is equivalent to tamper check on Android. Right now, we don't know enough to investigate the problem.
Passcode features
Passcode featues reffers to passcode lock protect on your device. This directly does not imply the presence of FaceID or TouchID (you can have only passcode lock - without FaceID or TouchID)
Further investigation
To be able to investigate these issues further
-
tamper check (Android)
-
root check (Android)
-
signature check (iOs)
please provide more information about
-
your watcher mail
-
package name (Android)
-
bundle id (iOs)
If you don't want to expose those information publicly, you can send us email to [email protected] . Thanks for cooperation.
Hope we've resolved some of your issues for now.
Talsec Team.
from free-rasp-flutter.
ITASerus
commented on July 20, 2024
Hi!
For the signature check on iOS, seems like that this particular check works only with apps that are on app store or testflight.
The other problems were my fault.
from free-rasp-flutter.
talsec-app
commented on July 20, 2024
Hello ITASerus,
yes, in the current version of the SDK, the signature check is triggered on applications built from Xcode due to some of the subchecks. In the next release, the subchecks will be separated into a new category (unofficialStore).
from free-rasp-flutter.
Related Issues (20)
- [Flutter project] APK file increased by 40% with FreeRASP package HOT 6
- java.lang.UnsatisfiedLinkError crash HOT 3
- onSecureHardwareNotAvailable false positives with freeRASP 6.0.0 HOT 6
- Threat detection order HOT 1
- Android app not compilable with AGP >= 8.0.0 HOT 3
- Shorebird and freeRasp inconvenient HOT 4
- Where is the documentation? HOT 1
- DeadObjectException on some Android 6 devices HOT 4
- How to know proper value for `AndroidConfig.supportedStores`? HOT 3
- How the 100k limitation for free tier is calculated? HOT 2
- The package is susceptible to smali changes. HOT 6
- Free-RASP-Flutter Security Delay Issue HOT 8
- When the app is minimized and resumed before the checks, they do not occur. HOT 5
- only Xcode 13 required to be able to build the application. HOT 4
- Crash on iOS device with 6.2.0 HOT 6
- onAppIntegrity after releasing playstore HOT 8
- Emulator Detection / Root detection on Android emulator HOT 3
- Which callback? HOT 3
- Android app not compilable with AGP >= 8.0.0 HOT 2
- Android Google Play Automatic integrity protection support HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from free-rasp-flutter.