Releases: talsec/Free-RASP-Android
freeRASP 8.0.1
freeRASP 8.0.1
What's new?
This update contains a new check - obfuscation detection. Minimal supported Android SDK level was raised to 23.
- ❗ Raised minSdkVersion to 23
- ❗ Removed BouncyCastle dependency on Android (talsec/Free-RASP-ReactNative#13)
- 🔎 New threat type
onObfuscationIssuesDetected - 🔎 New threat callback
onObfuscationIssuesDetected - ✔️ Fixed
NullPointerExceptionwhich could occur during specific subcheck execution on Android
freeRASP 7.0.0
freeRASP 7.0.0
What's new?
Most of the changes relates to accomodating a new way of choosing between the dev and release version of the SDK. Also, we removed the HMS dependencies and improved the root detection capabilities.
- ❗ Removed the HMS dependencies
- ❗ Only one version of the SDK is used from now on, instead of two separate for dev and release. A new isProd parameter has been introduced.
- ⚡ Improved root detection accuracy by moving the 'ro.debuggable' property state to an ignored group
- ⚡ Enhanced root detection capabilities by moving the selinux properties check to device state
- ⚡ Fine-tuning root evaluation strategy
Other improvements
- 📄 Documentation updates and improvements
- ⚡ Updated demo app for new implementation
freeRASP 6.0.0
freeRASP 6.0.0
A new round of fixes and improvements! Here's the list of all the new things we included in the latest release.
- ❗BREAKING API CHANGE: Added support for multiple signing certificate hashes.
expectedSigningCertificateHashBase64is now an array, in a similar fashion tosupportedAlternativeStores. - ❗added a new dependency to fix the ANR issue:
maven { url "https://jitpack.io/" } - ✔️ Fixed NPE bug in RootDetector when there are no running processes (issue)
- ✔️ Removed deprecated SafetyNet dependency (issue)
- ✔️ Fixed the ANR issue (issue)
- ✔️ Updated HMS and GMS dependencies
- 🔎 Improved detection of Blue Stacks emulator and Nox emulator (issue)
freeRASP 4.2.3
freeRASP 4.2.3
We are constantly listening to our community to make freeRASP better. This update contains fixes to reported issues.
What's new in 4.2.3?
- ✔️ Fixed
Duplicate classissue
freeRASP 4.2.1
We are constantly working on improving your freeRASP experience, and today we're happy to announce a new round of improvements! Here's the list of the new things we included in the latest release.
What's improved?
In this update, we focused on upgrading and extending the critical tampering detection and improving the informational value provided by logs.
- ⚡ Extended tampering check (Native C) with new, more advanced detections
- 🔼 Added information about security patches to logs
- 🔼 Added information about Google Play Services, Huawei Mobile Services, SafetyNet Verify Apps
freeRASP 3.3.2
Whats new in freeRASP
This version improves granularity of detected threat types with new 'onUnlockedDeviceDetected' callback and 'onHardwareBackedKeystoreNotAvailableDetected' check. We also improved documentation to make it more clear and easy to follow.
Added
We added support of device state to notifications, providing onUnlockedDeviceDetected and onHardwareBackedKeystoreNotAvailableDetected available using DeviceState listener in the ThreatListener class.
- 🔎 added new callback 'onUnlockedDeviceDetected'
- 🔎 added new check 'onHardwareBackedKeystoreNotAvailableDetected'
- 📄 added new section about testing of freeRASP reactions
- 📄 added explanation of expectedSigningCertificateHashBase64 with guide in the wiki
Changed
- ⚡ improved performance during library initialization
- ❌ sensitive content logging modification, package names of well-known dangerous applications (rooting apps, hooking frameworks, etc...) are no longer sent to Elastic, only a flag that device contains one of those applications is sent
Fixed
- 🆒 usage of deprecated API calls (DexFile) for Android 8.0 and above
- 🆒 issue with root prompt ("app asking for root permission") on rooted devices
freeRASP 3.1.0
Whats new in freeRASP
This version fixes major issue with logging.
Fixed
- [CRITICAL] Android data collection repaired (fixes issue #1 )
Due to a certificate change, Android logs weren't delivered to a web monitoring service. We fixed the issue by changing the certificate TrustStore for TLS. We urge everyone (Android & Flutter) to update to this freeRASP version. We're sorry for the caused issues.
freeRASP 3.0.0
Whats new in freeRASP
This version improves granularity of detected threat types.
Added
- added new threat callback 'onUntrustedInstallationSourceDetected', which was previously part of onTamperDetected callback
Changed
- changed threat callback from 'onFingerprintDetected' to more understandable 'onDeviceBindingDetected'
- increased min SDK version from 19 to 21
- increased target/compile SDK version from 29 to 31
- increased Kotlin and Gradle versions
Fixed
- support for direct ADB side-loading (check TalsecApplication.kt -> supportedAlternativeStores)
- fixed a bug in a native method which caused crash on a one specific device
- fixed a false positive detection of an emulator (TECNO CD7)
- fixed a bug with a negative timeMs during run time check computation (fixes a logging)