freeRASP 2.3.0

• Android SDK version: 17.0.1
• iOS SDK version: 6.13.0

Capacitor

Added

• Added killOnBypass to TalsecConfig that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker (Android only) (Issue 65)
• Added API for timeSpoofing callback into ThreatEventActions (Android only)
• Added API for unsecureWifi callback into ThreatEventActions (Android only)
• Added API for allChecksFinished callback into new RaspExecutionStateEventActions object
• Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission

Fixed

• Resolved potential collision in threat identifiers

Android

Added

• Added killOnBypass method to the TalsecConfig.Builder that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker Issue 65
• We are introducing a new capability, detecting whether the device time has been tampered with (timeSpoofing)
• We are introducing a new capability, detecting whether the location is being spoofed on the device (locationSpoofing)
• We are introducing a new capability, detection of unsecure WiFi (unecureWifi)
• Removed deprecated functionality Pbkdf2Native and both related native libraries (libpbkdf2_native.so and libpolarssl.so)
• Added new RaspExecutionState which contains onAllChecksFinished() method, which is triggered after all checks are completed.
• Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission
• New option to start Talsec, Talsec.start() takes new parameter TalsecMode that determines the dispatcher thread of initialization and sync checks (uses background thread by default)
• Capability to check if another app has an option REQUEST_INSTALL_PACKAGES enabled in the system settings to malware detection

Fixed

• Root detection related bugs causing false positives
• ANR issue caused by registerScreenCaptureCallback() method on the main thread
• NullPointerException when checking key alias in Keystore on Android 7
• JaCoCo issue causing MethodTooLargeException during instrumentation
• DeadApplicationException when calling Settings.Global.getInt or Settings.Secure.getInt on invalid context
• AndroidKeyStore crashes causing java.util.concurrent.TimeoutException when calling finalize() method on Cipher (GC issues)
• Fixed issue with late initializers and TalsecMode coroutines scopes

Changed

• Deprecated Nexus repository removed (GCP artifact registry is the main supported distribution repository)
• Shortened the value of threat detection interval
• Refactoring of internal architecture of SDK that newly uses Coroutines to manage threading
• Update of internal dependencies and security libraries

iOS

Changed

• Updated internal dependencies

freeRASP 2.2.2

• Android SDK version: 17.0.1
• iOS SDK version: 6.13.0

Capacitor

Added

• Added killOnBypass to TalsecConfig that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker (Android only) (Issue 65)
• Added API for timeSpoofing callback into ThreatEventActions (Android only)
• Added API for unsecureWifi callback into ThreatEventActions (Android only)
• Added API for allChecksFinished callback into new RaspExecutionStateEventActions object
• Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission

Fixed

• Resolved potential collision in threat identifiers

Android

Added

• Added killOnBypass method to the TalsecConfig.Builder that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker Issue 65
• We are introducing a new capability, detecting whether the device time has been tampered with (timeSpoofing)
• We are introducing a new capability, detecting whether the location is being spoofed on the device (locationSpoofing)
• We are introducing a new capability, detection of unsecure WiFi (unecureWifi)
• Removed deprecated functionality Pbkdf2Native and both related native libraries (libpbkdf2_native.so and libpolarssl.so)
• Added new RaspExecutionState which contains onAllChecksFinished() method, which is triggered after all checks are completed.
• Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission
• New option to start Talsec, Talsec.start() takes new parameter TalsecMode that determines the dispatcher thread of initialization and sync checks (uses background thread by default)
• Capability to check if another app has an option REQUEST_INSTALL_PACKAGES enabled in the system settings to malware detection

Fixed

• Root detection related bugs causing false positives
• ANR issue caused by registerScreenCaptureCallback() method on the main thread
• NullPointerException when checking key alias in Keystore on Android 7
• JaCoCo issue causing MethodTooLargeException during instrumentation
• DeadApplicationException when calling Settings.Global.getInt or Settings.Secure.getInt on invalid context
• AndroidKeyStore crashes causing java.util.concurrent.TimeoutException when calling finalize() method on Cipher (GC issues)
• Fixed issue with late initializers and TalsecMode coroutines scopes

Changed

• Deprecated Nexus repository removed (GCP artifact registry is the main supported distribution repository)
• Shortened the value of threat detection interval
• Refactoring of internal architecture of SDK that newly uses Coroutines to manage threading
• Update of internal dependencies and security libraries

iOS

Changed

• Updated internal dependencies

freeRASP 2.2.1

Android

Fixed

• Issue with empty SharedPreferences files

Changed

• Decreased version of Kotlin to 2.0.0

freeRASP 2.2.0

• iOS SDK version: 6.12.1
• Android SDK version: 16.0.1

Android

Added

• Added support for 16 KB memory page sizes
• Added multiInstance callback
  • We are introducing a new capability, detecting whether the application is running in various multi instancing environments

Changed

• The ADB service running as a root is a signal for root detection
• Improved emulator detection
• Internal security improvements

Fixed

• Removed malware report duplicates

iOS

Added

• Added palera1n jailbreak detection

Changed

• Improved Dopamine jailbreak detection

Fixed

• Resolved memory-related stability issues.

freeRASP 2.1.0

• iOS SDK version: 6.11.0
• Android SDK version: 15.1.0

Capacitor

Added

• Added interface for screenshot / screen recording blocking on iOS
• Added interface for external ID storage

Android

Added

• Added externalId to put an integrator-specified custom identifier into the logs.
• Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.

Changed

• New root detection checks added

iOS

Added

• Added externalId to put an integrator-specified custom identifier into the logs.
• Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.
• Screen capture protection obscuring app content in screenshots and screen recordings preventing unauthorized content capture. Refer to the freeRASP integration documentation.

Fixed

• Resolved an issue with the screen recording detection.
• Resolved an issue that prevented Xcode tests from running correctly.

freeRASP 2.0.0

Check out the full changelog to stay updated on new features, improvements, and the complete history of changes: https://docs.talsec.app/freerasp/whats-new-and-changelog

Capacitor

Changed

• Android SDK requires kotlin_version >= 2.0.0

Android

Changed

• Compile API increased to 35, dependencies updated
• Internal library obfuscation reworked
• Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)

Fixed

• ANR issues bug-fixing

iOS

Added

• Improvement of the obfuscation of the SDK.

Changed

• Deep signing of the OpenSSL binaries.

freeRASP 1.10.0

• iOS SDK version: 6.8.0
• Android SDK version: 14.0.1

Capacitor

Added

• blockScreenCapture method to block/unblock screen capture
• isScreenCaptureBlocked method to get the current screen capture blocking status
• New callbacks:
  • screenshot: Detects when a screenshot is taken
  • screenRecording: Detects when screen recording is active

Changed

• Raised Android compileSDK level to 35
• Set minifyEnabled in plugin to true implicitly on Android

Android

Added

• Passive and active screenshot/screen recording protection

Changed

• Improved root detection

Fixed

• Proguard rules to address warnings from okhttp dependency

iOS

Added

• Passive Screenshot/Screen Recording detection

freeRASP 1.9.0

• iOS SDK version: 6.6.3
• Android SDK version: 13.2.0

Android

Added

• Added request integrity information to data collection headers.
• Enhanced and accelerated the data collection logic.

freeRASP 1.8.0

• iOS SDK version: 6.6.3
• Android SDK version: 13.0.0

Capacitor

Changed

• App icons for detected malware are not fetched automatically anymore, which reduces computation required to retrieve malware data. From now on, app icons have to be retrieved using the getAppIcon method
• Parsing of malware data is now async

Android

Changed

• Malware data is now parsed on background thread to improve responsiveness

freeRASP 1.7.0

Capacitor

Added

• Added adbEnabled callback, which allows you to detect USB debugging option enabled in the developer settings on the device

Android

Added

• ADB detection feature