search

microsoftconnect / ms-intune-app-sdk-android

Intune App SDK for Android enables data protection features and mobile app management via Microsoft Intune
45 stars 18 forks source link

Disabling or whitelisting Intune's installed system libraries/APIs hooks #235

Closed MAgungHKM closed 3 months ago

MAgungHKM commented 5 months ago

Feature Request

Questions to Ask Before Submission

  1. Have you checked the Microsoft Intune App SDK for Android repository for a similar feature request? Yes, but I'm unable to find anything related to system libraries hooks
  2. Are you using the latest version of the SDK and Plugin? Yup, v10.2.1

Summary

I noticed Intune installed some hooks that interferes with system libraries/APIs, is there a way to disable this hooking function without interfering with Intune SDK and Company Portal mobile device management capabilities?

2024-06-25 05:39:47.868 10772-10772 FileEncryptionManager   pid-10772                            I  Not enabling encryption cache
2024-06-25 05:39:47.868 10772-10772 NativeLibLoaderBase     pid-10772                            I  supported ABIarm64-v8a
2024-06-25 05:39:47.868 10772-10772 NativeLibLoaderBase     pid-10772                            I  supported ABIarmeabi-v7a
2024-06-25 05:39:47.868 10772-10772 NativeLibLoaderBase     pid-10772                            I  supported ABIarmeabi
2024-06-25 05:39:47.868 10772-10772 FileEncryptionManager   pid-10772                            I  Beginning hook installation
2024-06-25 05:39:47.868 10772-10772 mam                     pid-10772                            I  About to install hooks, disable writing to files.
2024-06-25 05:39:47.876 10772-10821 Native                  pid-10772                            W  Automatically treating /apex/com.android.runtime/lib64/bionic/libc.so as system libc
2024-06-25 05:39:47.877 10772-10825 Native                  pid-10772                            I  Initializing FIPS on a background thread.
2024-06-25 05:39:47.880 10772-10827 Native                  pid-10772                            I  Installing hooks without ptrace
2024-06-25 05:39:47.881 10772-10772 mam                     pid-10772                            I  Hook installation finished, enable writing to files
2024-06-25 05:39:47.882 10772-10772 FileEncryptionManager   pid-10772                            I  Hooks installed
2024-06-25 05:39:47.884 10772-10830 Native                  pid-10772                            I  Hook installation completed in 2275 us, process resumed
2024-06-25 05:39:47.884 10772-10830 Native                  pid-10772                            I  File encryption hooks installed

Reason For Request

Because we were trying to implement some security measures to detect hooking frameworks but Intune got falsely flagged, or maybe can you guys advise a way for us to whitelist Intune hooks?

Thanks in advance!

kanishkaBagga commented 3 months ago

@MAgungHKM , Acknowledging this

kanishkaBagga commented 3 months ago

@MAgungHKM -There is no way to whitelist Intune Hooks. Those hooks are vital to our management capabilities. Any allow-listing would need to be done by the customer itself with their tool.

kanishkaBagga commented 3 months ago

@MAgungHKM , Please let us know if this helps, and if we are good to close this.

MAgungHKM commented 3 months ago

Got it, thanks for looking into this @kanishkaBagga, you can close this for now. I'll discuss with my internal team first.

kanishkaBagga commented 3 months ago

Closing this issue since no further questions