freeRASP 11.1.0

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[11.1.0] - 2024-09-17

Added

• ❗️Breaking: added onMalwareDetected to ThreatListener.ThreatDetected interface, this is a breaking change and the onMalwareDetected has to be implemented by the integrating application. Further details for this feature will be provided shortly with the new repositories. For now, do not react to the callback, you can implement it simply by just using println().
• Added the auditing of the internal execution for the future check optimization and overall security improvements.

Fixed

• Fixed native crashes (SEGFAULT errors) in ifpip method
• Fixed collision for command line tools (like ping) invoked without absolute path

Changed

• ❗️Breaking: Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable
• Updated OpenSSL to version 3.0.14
• Updated CURL to version 8.8.0
• Refactored fetching the list of installed applications for root and hook detection.

freeRASP 9.6.0

freeRASP 9.6.0

• ❗️ Added new threat callback onDeveloperModeDetected for Developer mode detection
• ❗️ Added new threat callback onSystemVPNDetected for System VPN detection
• ⚡ Fixed issue with Arabic alphabet in logs caused by the device’s default system locale
• ✔️ Increased the version of the GMS dependency
• ✔️ Updated CA bundle

freeRASP 9.1.0

freeRASP 9.1.0

⚡ Updated freeRASP SDK artifact hosting ensuring better stability and availability

freeRASP 9.0.2

freeRASP 9.0.2

• ⚡ Shortened duration of threat evaluation
• ⚡ Fixed a native crash bug during one of the native root checks (detected after NDK upgrade)
• ⚡ Improved appIntegrity check and its logging
• ⚡ Updated CURL to 8.5.0 and OpenSSL to 1.1.1w

freeRASP 9.0.0

freeRASP 9.0.0

• ⚡ Fixed issue with ProviderException (#26)
• ✔️ Increased the compileSdk and targetSdk in the demo application
• ✔️ Updated dependencies in the demo application

freeRASP 8.3.0

freeRASP 8.3.0

• 📄 Documentation updates and improvements
• ✔️ updated CA bundle for logging pinning
• ✔️ added error logging of network issues within the logging process
• ✔️ added retry politics for logging
• ⚡ fixed issue with DeadObjectException on Android 5 and 6 caused by excessive PackageManager.queryIntentActivities() usage
• ⚡ improved root detection capabilities

freeRASP 8.0.4

freeRASP 8.0.4

• ❗ Removed PolarSSL dependency on Android
• ✔️ Fixed issue with denied USE_BIOMETRICS permission

freeRASP 8.0.2

freeRASP 8.0.2

⚡ Fixed issue with incorrect Keystore type detection on Android 11 and above (issue#77)

freeRASP 8.0.1

freeRASP 8.0.1

What's new?

This update contains a new check - obfuscation detection. Minimal supported Android SDK level was raised to 23.

• ❗ Raised minSdkVersion to 23
• ❗ Removed BouncyCastle dependency on Android (talsec/Free-RASP-ReactNative#13)
• 🔎 New threat type onObfuscationIssuesDetected
• 🔎 New threat callback onObfuscationIssuesDetected
• ✔️ Fixed NullPointerException which could occur during specific subcheck execution on Android

freeRASP 7.0.0

freeRASP 7.0.0

What's new?

Most of the changes relates to accomodating a new way of choosing between the dev and release version of the SDK. Also, we removed the HMS dependencies and improved the root detection capabilities.

• ❗ Removed the HMS dependencies
• ❗ Only one version of the SDK is used from now on, instead of two separate for dev and release. A new isProd parameter has been introduced.
• ⚡ Improved root detection accuracy by moving the 'ro.debuggable' property state to an ignored group
• ⚡ Enhanced root detection capabilities by moving the selinux properties check to device state
• ⚡ Fine-tuning root evaluation strategy

Other improvements

• 📄 Documentation updates and improvements
• ⚡ Updated demo app for new implementation