All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Android SDK version: 11.1.1
- iOS SDK version: 6.6.0
- False positives for hook detection
- Android SDK version: 11.1.0
- iOS SDK version: 6.6.0
- Improved error messages when validation of the freeRASP configuration fails
- Added the auditing of the internal execution for the future check optimization and overall security improvements.
- Fixed native crashes (SEGFAULT errors) in
ifpip
method - Fixed collision for command line tools (like ping) invoked without absolute path
- ❗️Breaking: Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable
- Updated OpenSSL to version 3.0.14
- Updated CURL to version 8.8.0
- Refactored fetching the list of installed applications for root and hook detection.
- Dopamine jailbreak detection.
- Enhanced and accelerated the data collection logic
- Updated OpenSSL to version 3.0.14
- Updated CURL to version 8.8.0
- CHANGELOG now adheres to the Keep a Changelog format.
- ⚡ Added new threat
systemVPN
for VPN detection - 📄 Documentation updates
- ⚡ Added new threat
devMode
for Developer mode detection - ⚡ Fixed proguard warning in specific versions of RN
- ⚡ Fixed issue with Arabic alphabet in logs caused by the device’s default system locale
- ✔️ Increased the version of the GMS dependency
- ✔️ Updated CA bundle
- ⚡ Fixed issue with Arabic alphabet in logs caused by the device’s default system locale
- ⚡ Passcode check is now periodical
- ✔️ Updated CA bundle
- ⚡ Fixed BAD_ACCESS error occurring in specific versions of
cordova-ios
plugin (#28)
- ❗ Removed the talsec namespace that caused change of namespaces for whole app
- ⚡ Fixed issue causing app crash with lower versions of
cordova-ios
plugin
- ⚡ Updated freeRASP SDK artifact hosting ensuring better stability and availibility
- 📄 Documentation updates
- ⚡ Shortened duration of threat evaluation
- ⚡ Fixed a native crash bug during one of the native root checks (detected after NDK upgrade)
- ⚡ Improved appIntegrity check and its logging
- ⚡ Updated
CURL
to8.5.0
andOpenSSL
to1.1.1w
- ❗ Added Privacy Manifest
- ❗ Added codesigning for the SDK, it is signed by:
- Team ID:
ASQC376HCN
- Team Name:
AHEAD iTec, s.r.o.
- Team ID:
- ⚡ Improved obfuscation of Swift and C strings
- ⚡ Fixed memory leak (freeRASP iOS issue #13)
- ⚡ Updated
CURL
to8.5.0
andOpenSSL
to1.1.1w
- ⚡ Fixed bug that prevented firing callbacks in specific situations
- ⚡ Fixed bug that caused app being killed in specific situations (#42)
- ❗ BREAKING API CHANGE: changed the way how threats are received. Now, it is necessary to pass object with reactions to
talsec.start()
method instead of a function. - ⚡ Improved message passing between native iOS/Android and Cordova
- ✔️ Restricted message passing to valid callbacks only. If an invalid callback is received, the SDK will kill the app
- ⚡ Improved reaction obfuscation
- 📄 Documentation updates and improvements
- ⚡ Fixed ProviderException which could be occassionally triggered
- ❗ Raised supported Xcode version to 14.3.1
- ⚡ Improved SDK obfuscation
- 📄 Documentation updates and improvements
- ✔️ updated CA bundle for logging pinning
- ✔️ added error logging of network issues within the logging process
- ✔️ added retry politics for logging
- ⚡ fixed issue with DeadObjectException on Android 5 and 6 caused by excessive PackageManager.queryIntentActivities() usage
- ⚡ improved root detection capabilities
- ✔️ Removed PolarSSL native library from main flow of the application
- ✔️ Fixed issue with denied USE_BIOMETRICS permission
- ⚡ Added support for AGP 8.0
- ⚡ Fixed issue with incorrect Keystore type detection on Android 11 and above (talsec/Free-RASP-Flutter#77)
- ⚡ Reduced timeout period for logging from 20 sec to 5 sec
- ⚡ Logging is now async in all calls
- ❗ BREAKING CHANGE: Raised minimum supported Android version to 6.0 (API level 23)
- ✔️ Removed deprecated BouncyCastle dependency that could cause errors in the build phase
- ✔️ Fixed issue that could cause NullPointerException
- 🆕 Added new
obfuscationIssues
check, which is triggered when freeRASP doesn't detect any obfuscation of the source code
- ✔️ Fixed issue with metadata in iOS framework
Android devices now support device state listeners. What's more, we unified remaining Android and iOS interfaces for more convenient developer's experience.
- ❗ BREAKING API CHANGE: Renamed
device binding
todeviceBinding
to align it with the camelCase convention. This makes the case consistent with our other checks.
- 🆕 Android now has support for device state callbacks:
- 📲
Secure Hardware Not Available
: fires when hardware-backed KeyStore is not available - 📲
Passcode
: fires when freeRASP detects that device is not secured with any type of lock
- 📲
- ❗ BREAKING API CHANGE: Renamed
Missing Secure Enclave
toSecure Hardware Not Available
to match the newly added Android callback. The functionality remains unchanged. - ❗️
PasscodeChange
check has been deprecated
- 📄 Documentation updates and improvements
- 📄 Documentation updates and improvements
Most of the changes relates to accomodating a new way of choosing between the dev and release version of the SDK. Android has also removed the HMS dependencies and improved the root detection capabilities.
- ❗ Added isProd boolean parameter, which now differentiates between the release (true) and dev (false) version of the SDK. By default set to true
- ❗ Removed the HMS dependencies
- ❗ Only one version of the SDK is used from now on, instead of two separate for dev and release
- ❗ The app's build.gradle does not have to be modified now
- ⚡ Improved root detection accuracy by moving the 'ro.debuggable' property state to an ignored group
- ⚡ Enhanced root detection capabilities by moving the selinux properties check to device state
- ⚡ Fine-tuning root evaluation strategy
- ❗ Removed one of the xcframeworks
- ❗ Removed the dependency on the symlinks choosing the proper version (release/dev)
- ❗️ Removed pre-built script for changing the Debug and Release versions
- 📄 Documentation updates and improvements
- ⚡ Updated demo app for new implementation
A new round of fixes and improvements! Here's the list of all the new things we included in the latest release.
- ❗ BREAKING API CHANGE: Added multi-signature support for certificate hashes of Android apps
- ✔️ Fixed a bug with supportedAlternativeStores (issue)
- ✔️ Fixed NPE bug in RootDetector when there are no running processes (issue) on Android
- ✔️ Removed deprecated SafetyNet dependency (issue) on Android
- ✔️ Fixed the ANR issue (issue) on Android
- ✔️ Updated HMS and GMS dependencies on Android
- 🔎 Improved detection of Blue Stacks emulator and Nox emulator (issue) on Android
- ❗ Improved device binding detection to not trigger for moving the app to a new device on iOS
- ⚡ Improved hook detection and logging on iOS
- 🔎 Improved logging of non-existing hardware for biometrics on iOS
- Initial release of freeRASP.