Version 6.6.1 (August 2024)
Introduction
Welcome to Mobile Application Shielding 6.6.1!
The OneSpan Customer Portal only accepts connections via TLS 1.2 or later. Earlier versions are no longer supported because all versions of the TLS protocol prior to 1.2 have been deprecated.
This is a release of Mobile Application Shielding with issue fixes.
On the OneSpan Customer Portal, the last 12 versions of Mobile Application Shielding are available for download. To maintain protection against the latest mobile threats, ensure to update Mobile Application Shielding to the latest version!
Supported platform versions
-
iOS 12.0 – iOS/iPadOS 17
With the end of support for iOS 9.0, support for 32-bit architectures also ended.
-
Shielding Tool:
- Windows 10: 64-bit Java 17
- Mac OSX (10.15+)
The Shielding Tool requires a macOS system to sign applications.
- Ubuntu Linux 20.04 LTS or 22.04
- Xcode 12 and later. We recommend using the latest Xcode version.
iOS platform updates
App Shielding version 6.6.1 is compatible with iOS/iPadOS 18 Beta 5.
As of March 1, 2024, App Shielding for iOS version 4.3.8.69424 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/ or the OneSpan Mobile Portal.
Deprecations
Platform minimum supported version
The minimum supported version is iOS 12. App Shielding no longer supports iOS 11.
Xcode
As of Xcode 14, Apple has deprecated bitcode.
As of App Shielding version 6.0.0, the Shielding Tool no longer supports bitcode-based code obfuscation!
Deprecated API
As of App Shielding version 6.5.0, the ShieldCallback API has been deprecated and will be removed in a future version. This API has been replaced with the new PRMShieldEventManager and PRMShieldEventDelegate protocols that have been integrated into the ShieldSDK callback APIs.
See also the New features and other updates section of the Release Notes for version 6.5.0. For more information about the integration, see Configure callbacks on iOS.
Removal of deprecated configuration option
The runtimeLibraryInjectionPreventionMode configuration option, deprecated as of App Shielding version 6.0.0 will be removed from in a future release ofApp Shielding.
Fixes and other changes
TestFlight certificate renewed by Apple
Description: Apple has changed its TestFlight certificate. The current certificate expires on 31 August 2024. As a result of the App Shielding repackaging protection, new shielded builds uploaded to TestFlight are exiting on startup.
When an app is uploaded to TestFlight, Apple re-signs the app with their TestFlight certificate. The App Shielding repackaging check looks at the certificate with which the application has been signed, and if it is not a trusted certificate, the app is exited (Exit On Repackaging). By default, App Shielding trusts the TestFlight and AppStore certificates, as well as any certificates specified in the App Shielding configuration via the Application Signer Certificate option. Because Apple changed its TestFlight certificate, App Shielding does not trust it by default.
Status: This issue has been fixed. The new TestFlight certificate has been added to the list of certificates that App Shielding trusts by default.
SHIOS-2789: Fixed unexpected termination with Unity-based apps
Description: An unexpected termination occurred with Unity-based apps.
Status: This issue has been fixed.
SHIOS-2992: Improved jailbreak detection
Description: The jailbreak detection for Dopamine jailbreaks has been improved.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 6.6.0 (July 2024)
Supported platform versions
-
iOS 12.0 – iOS/iPadOS 17
With the end of support for iOS 9.0, support for 32-bit architectures also ended.
-
Shielding Tool:
- Windows 10: 64-bit Java 17
- Mac OSX (10.15+)
The Shielding Tool requires a macOS system to sign applications.
- Ubuntu Linux 20.04 LTS or 22.04
- Xcode 12 and later. We recommend using the latest Xcode version.
iOS platform updates
App Shielding version 6.6.0 is compatible with iOS/iPadOS 18 Beta 1.
As of March 1, 2024, App Shielding for iOS version 4.3.8.69424 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/ or the OneSpan Mobile Portal.
Deprecations
Platform minimum supported version
The minimum supported version is iOS 12. App Shielding no longer supports iOS 11.
Xcode
As of Xcode 14, Apple has deprecated bitcode.
As of App Shielding version 6.0.0, the Shielding Tool no longer supports bitcode-based code obfuscation!
Deprecated API
As of App Shielding version 6.5.0, the ShieldCallback API has been deprecated and will be removed in a future version. This API has been replaced with the new PRMShieldEventManager and PRMShieldEventDelegate protocols that have been integrated into the ShieldSDK callback APIs.
See also the New features and other updates section of the Release Notes for version 6.5.0. For more information about the integration, see Configure callbacks on iOS.
Removal of deprecated configuration option
The runtimeLibraryInjectionPreventionMode configuration option, deprecated as of App Shielding version 6.0.0 will be removed from in a future release ofApp Shielding.
Fixes and other changes
Updated third-party libraries
Several third-party libraries used in App Shielding were updated to maintain security and stability.
SHIOS-2344: Shield SDK with Distribution certificate
Description: Shield SDK is now signed with a Distribution certificate.
SHIOS-2879: App Shielding launch time improvements
Description: Significant improvements for App Shielding launch time have been implemented.
SHD-4716, SHD-4767: Fixed unexpected termination
Description: An unexpected termination on devices that were jailbroken with palera1n was fixed.
SHD-4728: Improved runtime performance
Description: Improved runtime performance for applications that were using GraphQL/Apollo to parse large amounts of JSON, which caused App Shielding to trigger an overabundance of memory scans.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 6.5.3 (June 2024)
Supported platform versions
-
iOS 12.0 – iOS/iPadOS 17
With the end of support for iOS 9.0, support for 32-bit architectures also ended.
-
Shielding Tool:
- Windows 10: 64-bit Java 17
- Mac OSX (10.15+)
The Shielding Tool requires a macOS system to sign applications.
- Ubuntu Linux 20.04 LTS or 22.04
- Xcode 12 and later. We recommend using the latest Xcode version.
iOS platform updates
App Shielding version 6.5.3 is compatible with iOS/iPadOS 17.5.
As of March 1, 2024, App Shielding for iOS version 4.3.8.69424 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/ or the OneSpan Mobile Portal.
Deprecations
Platform minimum supported version
The minimum supported version is iOS 12. App Shielding no longer supports iOS 11.
Xcode
As of Xcode 14, Apple has deprecated bitcode.
As of App Shielding version 6.0.0, the Shielding Tool no longer supports bitcode-based code obfuscation!
Deprecated API
As of App Shielding version 6.5.0, the ShieldCallback API has been deprecated and will be removed in a future version. This API has been replaced with the new PRMShieldEventManager and PRMShieldEventDelegate protocols that have been integrated into the ShieldSDK callback APIs.
See also the New features and other updates section of the Release Notes for version 6.5.0. For more information about the integration, see Configure callbacks on iOS.
New features and other updates
In App Shielding version 6.5.0, new callback features have been added, deprecating the old ShieldCallback API:
New callback protocols
New protocols have been integrated into the callback APIs for ShieldSDK, PRMShieldEventManager and PRMShieldEventDelegate. The old ShieldCallback API is still available but is marked as deprecated and will be removed in the future.
See also New features and other updates. For more information about the integration, see Configure callbacks on iOS.
New callback testing and development interface
ShieldSDK provides a new interface for testing and development purposes, PRMShieldCallbackTestManager. This API allows you to trigger events with the desired value (e.g., the device is jailbroken) and a delay when the event should be triggered. This API will not trigger any security checks to run, only the desired event that you want to validate. Refer to the "Triggering Callbacks" section of the documentation for more details.
Note that this code is for debugging only and should not exist in the binary when shielding it, as these calls in a shielded app will cause the app to crash. This feature will not be available after shielding, as the Shielding Tool will replace the stub library with the actual App Shielding library.
For more information, see Configure callbacks on iOS - Debugging: manual triggering of callbacks.
Fixes and other changes
SHIOS-1935: Added removeObserver API
Description: The removeObserver API was added to App Shielding. Observers added with the addObserver method of the PRMShieldEventManager API can now be removed with the removeObserver method.
-(void)dealloc{
[[PRMShieldEventManager sharedManager] removeObserver:self];
}
SHIOS-2689: Moved App Shielding Xcode integration into post-build action
Description: The App Shielding Xcode integration can now be performed through a post-build action. This makes the integration more resilient to changes in Xcode (comparing with the current Xcode integration performed during the build phase).
SHIOS-2855: ShieldSDK.xcframework signature
Description: ShieldSDK.xcframework is now signed with a OneSpan certificate.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 6.5.2 (April 2024)
Supported platform versions
-
iOS 12.0 – iOS/iPadOS 17
With the end of support for iOS 9.0, support for 32-bit architectures also ended.
-
Shielding Tool:
- Windows 10: 64-bit Java 17
- Mac OSX (10.15+)
The Shielding Tool requires a macOS system to sign applications.
- Ubuntu Linux 20.04 LTS or 22.04
- Xcode 12 and later. We recommend using the latest Xcode version.
iOS platform updates
App Shielding version 6.5.2 is compatible with iOS/iPadOS 17.5.
As of March 1, 2024, App Shielding for iOS version 4.3.8.69424 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/ or the OneSpan Mobile Portal.
Deprecations
iOS: The minimum supported version is iOS 12. App Shielding no longer supports iOS 11.
Xcode: As of Xcode 14, Apple has deprecated bitcode.
As of App Shielding version 6.0.0, the Shielding Tool no longer supports bitcode-based code obfuscation!
Fixes and other changes
SHIOS-2784: Improved launch time
On iOS 17, the launch time for App Shielding has been improved.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
Xcode marks ShieldSDK.xcframework package as not signed/verified
Xcode marks the ShieldSDK.xcframework package as not signed or verified and might move it to quarantine mode. If Xcode displays a message like ShieldSDK.xcframework cannot be opened..., follow these steps to resolve it:
- Select Cancel.
- Open the macOS System Settings.
- Navigate to Privacy & Security.
- Scroll down to the security warning and select Allow Anyway.
This will be fixed as soon as possible in the next release.
XCFramework support
App Shielding is provided both as framework and as XCFramework. If you are using a legacy build system on Xcode 11 and later, use the ShieldSDK.framework instead of the newer ShieldSDK.xcframework. Xcode will cause an error when using the XCFramework in the legacy build system.
ARM64E limited support
The ShieldSDK framework is not compiled for the ARM64E CPU architecture, and therefore does not include the corresponding slices. ARM64 CPU ABI should be used instead. At the moment, Xcode 11 does not create an ARM64E target by default. Consequently, no action is required at this point.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 6.5.1 (March 2024)
Supported platform versions
-
iOS 12.0 – iOS/iPadOS 17
With the end of support for iOS 9.0, support for 32-bit architectures also ended.
-
Shielding Tool:
- Windows 10: 64-bit Java 17
- Mac OSX (10.15+)
The Shielding Tool requires a macOS system to sign applications.
- Ubuntu Linux 20.04 LTS or 22.04
- Xcode 12 and later. We recommend using the latest Xcode version.
iOS platform updates
App Shielding version 6.5.1 is compatible with iOS/iPadOS 17.4.
As of March 1, 2024, App Shielding for iOS version 4.3.8.69424 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/ or the OneSpan Mobile Portal.
Deprecations
iOS: The minimum supported version is iOS 12. App Shielding no longer supports iOS 11.
Xcode: As of Xcode 14, Apple has deprecated bitcode.
As of App Shielding version 6.0.0, the Shielding Tool no longer supports bitcode-based code obfuscation!
Fixes and other changes
SHIOS-2737: Improved XCode support
Support for XCode 15 has been improved.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
XCFramework support
App Shielding is provided both as framework and as XCFramework. If you are using a legacy build system on Xcode 11 and later, use the ShieldSDK.framework instead of the newer ShieldSDK.xcframework. Xcode will cause an error when using the XCFramework in the legacy build system.
ARM64E limited support
The ShieldSDK framework is not compiled for the ARM64E CPU architecture, and therefore does not include the corresponding slices. ARM64 CPU ABI should be used instead. At the moment, Xcode 11 does not create an ARM64E target by default. Consequently, no action is required at this point.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 6.5.0 (March 2024)
Supported platform versions
-
iOS 12.0 – iOS/iPadOS 17
With the end of support for iOS 9.0, support for 32-bit architectures also ended.
-
Shielding Tool:
- Windows 10: 64-bit Java 17
- Mac OSX (10.15+)
The Shielding Tool requires a macOS system to sign applications.
- Ubuntu Linux 20.04 LTS or 22.04
- Xcode 12 and later. We recommend using the latest Xcode version.
iOS platform updates
App Shielding version 6.5.0 is compatible with iOS/iPadOS 17.7.
As of March 1, 2024, App Shielding for iOS version 4.3.8.69424 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/ or the OneSpan Mobile Portal.
Deprecations
iOS: The minimum supported version is iOS 12. App Shielding no longer supports iOS 11.
Xcode: As of Xcode 14, Apple has deprecated bitcode.
As of App Shielding version 6.0.0, the Shielding Tool no longer supports bitcode-based code obfuscation!
New features and other updates
New callback protocols
New protocols have been integrated into the callback APIs for ShieldSDK, PRMShieldEventManager and PRMShieldEventDelegate. The old ShieldCallback API is still available but is marked as deprecated and will be removed in the future.
For more information, see Configure callbacks on iOS.
New callback testing and development interface
ShieldSDK provides a new interface for testing and development purposes, PRMShieldCallbackTestManager. This API allows you to trigger events with the desired value (e.g., the device is jailbroken) and a delay when the event should be triggered. This API will not trigger any security checks to run, only the desired event that you want to validate. Refer to the "Triggering Callbacks" section of the documentation for more details.
Note that this code is for debugging only and should not exist in the binary when shielding it, as these calls in a shielded app will cause the app to crash. This feature will not be available after shielding, as the Shielding Tool will replace the stub library with the actual App Shielding library.
For more information, see Configure callbacks on iOS - Debugging: manual triggering of callbacks.
General improvements
A number of general improvements have been implemented:
- Triggering of debugging events was added
- General stability and performance improvements
- Stability improvements of App Shielding
Fixes and other changes
Documentation fixes
Description: The method and details for the developerModeStatus callback were missing from the list of callback methods.
Status: The documentation has been updated. The method and its description has been added to the ShieldCallbackMethods table in the Mobile Application Shielding Integration Guide for iOS.
SHIOS-2158: Improved message text for App Shielding in simulator mode
Description: Whenever you run an app that calls App Shielding APIs (e.g., setting up events) in a simulator, the following message was logged:
☠ App Shielding is disabled in simulator builds ☠
This applied for shielded as well as unshielded apps running in a simulator.
Status: This has been improved. If you run an unshielded app on a real device, it will now show the following message instead:
☠ Application is not fully shielded.☠
SHIOS-2347: Fixed unexpected termination for Prevent runtime library injection
Description: On iOS 17, an unexpected termination occurred for the Prevent runtime library injection option.
Status: This issue has been fixed.
SHIOS-2352: Missing declaration of use for privacy-related APIs
Description: Privacy-related APIs from internal App Shielding code would have required declaration of use in a Privacy Manifest. For more information, refer to Privacy manifest files in the Apple developer documentation.
Status: This issue has been fixed. App Shielding no longer uses any of the listed APIs, they have been removed from the code.
SHIOS-2419: ShieldSDK not detected and correctly linked
Description: When ShieldSDK was embedded in a framework and weakly linked, it was not detected or correctly linked.
Status: This issue has been fixed. The Shielding Tool will now detect and correctly link it during shielding.
SHIOS-2464, SHIOS-2466, SHIOS-2468, SHIOS-2469, and SHIOS-2520, : Fixed various memory leaks
Description: Various memory leaks were fixed. This includes a memory leak that caused large amounts of memory to be consumed over prolonged amounts of time (i.e., when the app was running in the foreground for days or weeks.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
XCFramework support
App Shielding is provided both as framework and as XCFramework. If you are using a legacy build system on Xcode 11 and later, use the ShieldSDK.framework instead of the newer ShieldSDK.xcframework. Xcode will cause an error when using the XCFramework in the legacy build system.
ARM64E limited support
The ShieldSDK framework is not compiled for the ARM64E CPU architecture, and therefore does not include the corresponding slices. ARM64 CPU ABI should be used instead. At the moment, Xcode 11 does not create an ARM64E target by default. Consequently, no action is required at this point.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 6.0.2 (November 2023)
Supported platform versions
-
iOS 12.0 – iOS/iPadOS 17
With the end of support for iOS 9.0, support for 32-bit architectures also ended.
- iPadOS 17
-
Shielding Tool:
- Windows 10: 64-bit Java 17
- Mac OSX (10.9+)
The Shielding Tool requires a macOS system to sign applications.
- Ubuntu Linux 20.04 LTS or 22.04 LTS
- Xcode 12 and later. We recommend using the latest Xcode version.
iOS platform updates
App Shielding version 6.0.2 is compatible with iOS/iPadOS 17.1.
As of July 1, 2022, App Shielding for iOS version 4.2.0.39844 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/.
Deprecations
iOS: The minimum supported version is iOS 12. App Shielding no longer supports iOS 11.
Xcode: As of Xcode 14, Apple has deprecated bitcode.
As of App Shielding version 6.0.0, the Shielding Tool no longer supports bitcode-based code obfuscation!
New features and other updates
Trigger ShieldSDK callbacks for debugging/testing unshielded apps in the iOS simulator and on real devices
ShieldSDK provides a new API for the debugging purposes. The new debugging API allows you to trigger callbacks with the desired value and delay when the callback should be triggered. This API will not trigger any checks to be run but rather the desired callback which one wants to validate.
---
- (void)triggerJailbreakStatus:(BOOL)value afterDelay:(NSTimeInterval)delay;
- (void)triggerEmulatorDetectedAfterDelay:(NSTimeInterval)delay;
...
---
This code is for debugging purpose only and should not exist in the binary when shielding it. When these calls are included in a shielded app, the app will terminate unexpectedly.
This feature will not be available after shielding, as the Shielding Tool will replace the stub library with the actual App Shielding library.
Fixes and other changes
Deprecated features
ShieldSDK.framework
The ShieldSDK.framework will be removed in the near future.We recommend to migrate to ShieldSDK.xcframework instead.
Fixes
RASP-3405: Incorrect value for Exit on developer mode URL configuration option
Description: For the Exit on developer mode URL configuration option, the variable field was not correctly generated, and consequently, an incorrect value was passed to the server.
Status: This issue has been fixed.
SHIOS-2158: Changes in the ShieldSDK framework message in simulator builds
Description: Whenever an application calls App Shielding APIs (setting up callbacks etc) in a simulator, App Shielding will display the following log message:
---
☠ Shield is disabled in simulator builds ☠
---
When the app is unshielded and running in a real device, the ShieldSDK will print the following log message:
---
☠ Application is not fully shielded ☠
---
SHIOS-2419: Detect weakly linked ShieldSDK library
Description: When the ShieldSDK is embedded in a framework and weakly linked, the Shielding Tool will now detect it and properly link it during shielding.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
XCFramework support
App Shielding is provided both as framework and as XCFramework. If you are using a legacy build system on Xcode 11 and later, use the ShieldSDK.framework instead of the newer ShieldSDK.xcframework. Xcode will cause an error when using the XCFramework in the legacy build system.
ARM64E limited support
The ShieldSDK framework is not compiled for the ARM64E CPU architecture, and therefore does not include the corresponding slices. ARM64 CPU ABI should be used instead. At the moment, Xcode 11 does not create an ARM64E target by default. Consequently, no action is required at this point.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 6.0.0 (September 2023)
Supported platform versions
-
iOS 12.0 – iOS 16
With the end of support for iOS 9.0, support for 32-bit architectures also ended.
- iPadOS 16
-
Shielding Tool:
- Windows 10: 64-bit Java 17
- Mac OSX (10.9+)
The Shielding Tool requires a macOS system to sign applications.
- Ubuntu Linux 20.04 LTS or 22.04 LTS
- Xcode 12 and later. We recommend using Xcode version 14.3.1 for now.
iOS platform updates
App Shielding version 6.0.0 is compatible with iOS/iPadOS 17 RC.
As of July 1, 2022, App Shielding for iOS version 4.2.0.39844 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/.
Deprecations
iOS: The minimum supported version is iOS 12. App Shielding no longer supports iOS 11.
Xcode: As of Xcode 14, Apple has deprecated bitcode.
As of App Shielding version 6.0.0, the Shielding Tool no longer supports bitcode-based code obfuscation!
New features and other updates
Developer mode detection
(Resolves issue SHIOS-2055)
In iOS 16, Apple has introduced the Developer Mode feature. This developer mode needs to be enabled on a device in case a user wants to install development signed apps and wants to debug apps on a given device. By default, developer mode is disabled which results in higher security for normal users.
With this, ShieldSDK introduces new options for the configuration file:
- Check developer mode
- Exit on developer mode
- Exit on developer mode url
By default, developer mode detection is enabled but can be configured.
Build App Shielding library for arm64 simulator
(Resolves issue SHIOS-1287)
App Shielding now supports to run a shielded app in a simulator on ARM Macs.
Fixes and other changes
RASP-2961: iOS Sample App: missing status and callback from screen recording
Description: In the App Shielding sample application, the the status and a callback was missing from screen recording.
Status: This issue has been fixed. All detection mechanisms are again available in the sample app.
SHIOS-2093: Unknown architecture in library error in Shielding Tool
Description: Some frameworks may have additional architectures embedded, which are irrelevant for the Shielding Tool, such as the armv7k architecture for older generations of Apple Watch.
Status: This issue has been fixed. The Shielding Tool will no longer complain about such libraries being present in the application that is being shielded.
SHIOS-2119: Delay calls to UIDevice until bindings are restored
Description: In some rare cases an early call to UIDevice during binding restoration can cause an unexpected termination.
Status: This issue has been fixed.
SHIOS-2135, SHIOS-2368: Deprecation of configuration options
Description: The following configuration options are now deprecated:
- exitOnDebuggerURL
- runtimeLibraryInjectionPreventionMode
The default option is non-strict
SHIOS-2233: Fixed signing problem with Cocoapods
Description: Fixed signing when ShieldSDK is used with the Cocoapod framework as a dependency.
SHIOS-2255: Removed exposed ShieldSDK namespace classes when not enabled
Description: Some third party code may have names which conflict with a ShieldSDK namespace, for example Secure Local Storage.
Status: This issue has been fixed. This fix removes the SecureLocalStorage namespace from App Shielding packages where this API is not enabled.
SHIOS-2283: Fixed unexpected termination caused by symbol not found
Description: In the Shielding Tool the load order of frameworks for the app is rewritten to ensure App Shielding is always loaded first. In rare cases, this re-ordering could cause problems for some non-weak symbols - which would cause the app to reliably terminate unexpectedly when launched.
Status: This issue has been fixed.
SHIOS-2389: Fixed unexpected termination on iPad
Description: An issue with the binding feature on iOS/iPadOS can cause an unexpected termination during startup in very rare cases.
Status: This issue has been fixed.
SHIOS-2399, SHIOS-2406, SHIOS-2407, SHIOS-2455: Fixed memory leaks
Description: Improved memory management for long-running applications.
SHIOS-2410: Change the AppMonitor class name if already in the app
Description: If there is already an AppMonitor class name in the app, the Shielding Tool renames an internal AppMonitor class name to a random name in case of conflict with your app.
SHIOS-2435: Removal of deprecated configuration option
Description: The deprecated configuration option exitOnRepackagingURL has now been removed.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
XCFramework support
App Shielding is provided both as framework and as XCFramework. If you are using a legacy build system on Xcode 11 and later, use the ShieldSDK.framework instead of the newer ShieldSDK.xcframework. Xcode will cause an error when using the XCFramework in the legacy build system.
ARM64E limited support
The ShieldSDK framework is not compiled for the ARM64E CPU architecture, and therefore does not include the corresponding slices. ARM64 CPU ABI should be used instead. At the moment, Xcode 11 does not create an ARM64E target by default. Consequently, no action is required at this point.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 5.5.0 (July 2023)
Supported platform versions
-
iOS 11.0 – iOS 16
With the end of support for iOS 9.0, support for 32-bit architectures also ends.
- iPadOS 16
- Xcode 12 and later. We recommend using the latest stable version of Xcode, currently 14.1.
iOS platform updates
App Shielding version 5.5.0 is compatible with iOS/iPadOS 17 Beta 2.
As of July 1, 2022, App Shielding for iOS version 4.2.0.39844 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/.
Deprecations
As of Xcode 14, Apple has deprecated bitcode.
The Obfuscation feature of the Shielding Tool uses bitcode but is still expected to work until Apple removes it.
Fixes and other changes
SHIOS-2037: Remove bitcode obfuscation
Description: As of this version, the Shielding Tool no longer supports bitcode-based code obfuscation. The following options have been removed:
- --obfuscate-app
- --dsym-out
- --symbol-map
SHIOS-2119: Delay calls to UIDevice until bindings are restored
Description: In some rare cases an early call to UIDevice during binding restoration can cause an unexpected termination.
Status: This issue has been fixed.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
XCFramework support
App Shielding is provided both as framework and as XCFramework. If you are using a legacy build system on Xcode 11 and later, use the ShieldSDK.framework instead of the newer ShieldSDK.xcframework. Xcode will cause an error when using the XCFramework in the legacy build system.
ARM64E limited support
The ShieldSDK framework is not compiled for the ARM64E CPU architecture, and therefore does not include the corresponding slices. ARM64 CPU ABI should be used instead. At the moment, Xcode 11 does not create an ARM64E target by default. Consequently, no action is required at this point.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 5.0.5 (June 2023)
Supported platform versions
-
iOS 11.0 – iOS 16
With the end of support for iOS 9.0, support for 32-bit architectures also ends.
- iPadOS 16
- Xcode 12 and later. We recommend using the latest stable version of Xcode, currently 14.1.
iOS platform updates
App Shielding version 5.0.5 is compatible with iOS/iPadOS 16.
As of July 1, 2022, App Shielding for iOS version 4.2.0.39844 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/.
New features and other updates
Changed naming scheme for bound package and shielded application
We have changed the naming schema of the bound package contained within a .zip file as well as the .zip file itself. The file name prefix has changed from “wrapped” to “shielded”.
-
Old naming schema:
- wrapped-original package file name.original package file extension
- wrapped-original shielded application name.zip
-
New naming schema:
- shielded-original package file name.original package file extension
- shielded-original shielded application name.zip
Fixes and other changes
SHIOS-2093: Improve "Unknown architecture in library" error in the Shielding Tool
Description: Some frameworks may have additional architectures embedded, which are irrelevant for the Shielding Tool, such as the armv7k architecture for older generations of Apple Watch.
Status: This issue has been fixed. The Shielding Tool will no longer display warnings about such libraries being present in the shielded application.
SHIOS-2255: Remove exposed Shield SDK namespace classes when not enabled
Description: Some third party code may have names which conflict with a Shield SDK namespace, for example Secure Local Storage.
Status: This issue has been fixed. The SecureLocalStorage namespace has been removed from App Shielding packages where this API is not enabled.
SHIOS-2283: Application terminates unexpectedly due to 'symbol not found'
Description: In the Shielding Tool, the load order of frameworks for the app has been rewritten to ensure App Shielding is always loaded first. In rare cases, this re-ordering may cause problems for some non-weak symbols causing the app to terminate unexpectedly when launched.
Status: This issue has been fixed.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
XCFramework support
App Shielding is provided both as framework and as XCFramework. If you are using a legacy build system on Xcode 11 and later, use the ShieldSDK.framework instead of the newer ShieldSDK.xcframework. Xcode will cause an error when using the XCFramework in the legacy build system.
ARM64E limited support
The ShieldSDK framework is not compiled for the ARM64E CPU architecture, and therefore does not include the corresponding slices. ARM64 CPU ABI should be used instead. At the moment, Xcode 11 does not create an ARM64E target by default. Consequently, no action is required at this point.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 5.0.3 (April 2023)
Supported platform versions
-
iOS 11.0 – iOS 16
With the end of support for iOS 9.0, support for 32-bit architectures also ends.
- iPadOS 16
- Xcode 12 and later. We recommend using the latest stable version of Xcode, currently 14.1.
iOS platform updates
App Shielding version 5.0.5 is compatible with iOS/iPadOS 16.
As of July 1, 2022, App Shielding for iOS version 4.2.0.39844 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/.
New features and other updates
Changed naming scheme for bound package and shielded application
As of version 5.0.4, we will change the naming schema of the bound package contained within a .zip file as well as the .zip file itself. The file name prefix will change from “wrapped” to “shielded”.
-
Old naming schema:
- wrapped-original package file name.original package file extension
- wrapped-original shielded application name.zip
-
New naming schema:
- shielded-original package file name.original package file extension
- shielded-original shielded application name.zip
Fixes and other changes
SHIOS-2233: Signing problems with Cocoapods
Description: When App Shielding was used in a Cocoapod framework as dependency, signing caused issues.
Status: This issue has been fixed.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
XCFramework support
App Shielding is provided both as framework and as XCFramework. If you are using a legacy build system on Xcode 11 and later, use the ShieldSDK.framework instead of the newer ShieldSDK.xcframework. Xcode will cause an error when using the XCFramework in the legacy build system.
ARM64E limited support
The ShieldSDK framework is not compiled for the ARM64E CPU architecture, and therefore does not include the corresponding slices. ARM64 CPU ABI should be used instead. At the moment, Xcode 11 does not create an ARM64E target by default. Consequently, no action is required at this point.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 5.0.2 (November 2022)
Supported platform versions
-
iOS 11.0 – iOS 16
With the end of support for iOS 9.0, support for 32-bit architectures also ends.
- iPadOS 16
- Xcode 12 and later. We recommend using the latest stable version of Xcode, currently 14.1.
iOS platform updates
App Shielding version 5.0.2 is compatible with iOS/iPadOS 16.
As of July 1, 2022, App Shielding for iOS version 4.2.0.39844 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/.
Fixes and other changes
SHIOS-2144: Updates expected TestFlight leaf certificate hash
Description: In less than 90 days the TestFlight leaf certificate will expire. Apple is now using a new TestFlight leaf certificate that App Shielding now trusts instead.
Status: The workaround is no longer needed to stop App Shielding from detecting TestFlight releases as repackaged.
SHIOS-1287: Build libshield for arm64 simulator
Description: The arm64 architecture was added to the App Shielding framework.
SHIOS-2134: Binding issue with iOS apps running on macOS
Description: When running a shielded macOS/Catalyst/iOS app on macOS, in some cases the applications were unexpectedly terminating on startup. Specifically, this was an issue when the configuration option binaryBindingVersion set to 2, when the app was compiled with the minimum iOS version set to 13.4 or later, or the minimum macOS version was set to 12.0.
Status: This issue has been fixed.
Known limitations
The limitations described here have not yet been solved for the current Mobile Application Shielding version. Possible workarounds are described where available.
XCFramework support
App Shielding is provided both as framework and as XCFramework. If you are using a legacy build system on Xcode 11 and later, use the ShieldSDK.framework instead of the newer ShieldSDK.xcframework. Xcode will cause an error when using the XCFramework in the legacy build system.
ARM64E limited support
The ShieldSDK framework is not compiled for the ARM64E CPU architecture, and therefore does not include the corresponding slices. ARM64 CPU ABI should be used instead. At the moment, Xcode 11 does not create an ARM64E target by default. Consequently, no action is required at this point.
External screen block
Blocking external screens (e.g. AirPlay) is currently not working for apps that use UISceneDelegate in iOS 13 and later.
Version 5.0.0 (September 2022)
Supported platform versions
-
iOS 11.0 – iOS 16 beta 6
With the end of support for iOS 9.0, support for 32-bit architectures also ends.
- iPadOS 16 beta 6
- Xcode 10 and later. We recommend using the latest stable version of Xcode, currently 13.
iOS platform updates
App Shielding version 5.0.0 is compatible with iOS/iPadOS 16 beta 6.
As of July 1, 2022, App Shielding for iOS version 4.2.0.39844 and earlier are no longer supported. For more information, refer to the OneSpan Customer Portal at https://cp.onespan.com/.
Fixes and other changes
SHD-2929: Improved XAR file support
Version 4.3.14 (August 2022)
Supported platform versions
- App Shielding version 4.3.14 is compatible with iOS/iPadOS 16 beta 6.
- iOS 9.0 – iOS 15
- iPadOS 15
- Xcode 10 and later. We recommend using the latest stable version of Xcode, currently 13.
iOS platform updates
App Shielding version 4.3.14 is compatible with iOS/iPadOS 16 beta 6.
Fixes and other changes
SHIOS-2057: iOS 16 improvements
Description: iOS/iPadOS 16 introduced a new way to load libraries into memory which could, in rare cases, cause App Shielding to not be able to locate the library in memory.
Status: This issue has been fixed.
SHD-2949: Screenshot protection improvements
Description: Screenshot protection has been improved for rare cases on iOS 15. The screenshot protection is now applied to the top-front view controller in the view hierarchy instead of the root view controller.
Version 4.3.13 (July 2022)
Supported platform versions
- iOS 9.0 – iOS 15
- iPadOS 15
- Xcode 10 and later. We recommend using the latest stable version of Xcode, currently 13.
Fixes and other changes
SHIOS-1957: Support Xcode 13.4+ for iOS 15+ only binaries
Description: Apple has introduced a new format for the dynamic linking information of the binaries it produces. This format is generated by Xcode versions 13.3 and later if the minimum deployment target of the app is iOS 13.4 and later.
SHIOS-1987: Shielding Tool - improve Windows compatibility
Description: The compatibility of the Shielding Tool with Windows has been improved.
SHIOS-2031, SHIOS-2030, SHIOS-2029, SHIOS-2028: App Shielding iOS 16 compatibility
Description: Apple has made various changes to the shared library cache, dynamic linker, and mach system calls. These required internal changes in App Shielding to prevent it from terminating unexpectedly on iOS 16.
SHIOS-2027: Bitcode - improve dSYM generation from Xcode
Description: For Bitcode, the generation of dSYM files from Xcode has been improved.
SHIOS-2018: Unconfigured exit on hooking frameworks
Description: The unconfigured exit on hooking frameworks has been fixed.
Version 4.3.10 (June 2022)
Supported platform versions
- iOS 9.0 – iOS 15
- iPadOS 15
- Xcode 10 and later. We recommend using the latest stable version of Xcode, currently 13.
Fixes and other changes
SHIOS-2000: Fix safe name generation of executable binaries inside the IPA
Description: App Shielding uses a rewriting scheme to remove potential unsafe characters in file names inside the IPA file. In some cases this could result in leading or trailing whitespaces in the file name.
Status: This issue has been fixed.
Version 4.3.9 (May 2022)
Supported platform versions
- iOS 9.0 – iOS 15
- iPadOS 15
- Xcode 10 and later. We recommend using the latest stable version of Xcode, currently 13.
Fixes and other changes
SHIOS-1977: Recognize arm64e-lib64 architecture
Description: An Unknown Architecture error occurred during shielding.
Status: This issue has been fixed.
SHIOS-1956: Variable initialization bug
Description: In very rare cases, an app protected by App Shielding could terminate unexpectedly during initialization.
Status: This issue has been fixed.