search

microsoftconnect / ms-intune-app-sdk-android

Intune App SDK for Android enables data protection features and mobile app management via Microsoft Intune
41 stars 17 forks source link

Disabling or whitelisting Intune's installed system libraries/APIs hooks #235

Open MAgungHKM opened 1 week ago

MAgungHKM commented 1 week ago

Feature Request

Questions to Ask Before Submission

  1. Have you checked the Microsoft Intune App SDK for Android repository for a similar feature request? Yes, but I'm unable to find anything related to system libraries hooks
  2. Are you using the latest version of the SDK and Plugin? Yup, v10.2.1

Summary

I noticed Intune installed some hooks that interferes with system libraries/APIs, is there a way to disable this hooking function without interfering with Intune SDK and Company Portal mobile device management capabilities?

2024-06-25 05:39:47.868 10772-10772 FileEncryptionManager   pid-10772                            I  Not enabling encryption cache
2024-06-25 05:39:47.868 10772-10772 NativeLibLoaderBase     pid-10772                            I  supported ABIarm64-v8a
2024-06-25 05:39:47.868 10772-10772 NativeLibLoaderBase     pid-10772                            I  supported ABIarmeabi-v7a
2024-06-25 05:39:47.868 10772-10772 NativeLibLoaderBase     pid-10772                            I  supported ABIarmeabi
2024-06-25 05:39:47.868 10772-10772 FileEncryptionManager   pid-10772                            I  Beginning hook installation
2024-06-25 05:39:47.868 10772-10772 mam                     pid-10772                            I  About to install hooks, disable writing to files.
2024-06-25 05:39:47.876 10772-10821 Native                  pid-10772                            W  Automatically treating /apex/com.android.runtime/lib64/bionic/libc.so as system libc
2024-06-25 05:39:47.877 10772-10825 Native                  pid-10772                            I  Initializing FIPS on a background thread.
2024-06-25 05:39:47.880 10772-10827 Native                  pid-10772                            I  Installing hooks without ptrace
2024-06-25 05:39:47.881 10772-10772 mam                     pid-10772                            I  Hook installation finished, enable writing to files
2024-06-25 05:39:47.882 10772-10772 FileEncryptionManager   pid-10772                            I  Hooks installed
2024-06-25 05:39:47.884 10772-10830 Native                  pid-10772                            I  Hook installation completed in 2275 us, process resumed
2024-06-25 05:39:47.884 10772-10830 Native                  pid-10772                            I  File encryption hooks installed

Reason For Request

Because we were trying to implement some security measures to detect hooking frameworks but Intune got falsely flagged, or maybe can you guys advise a way for us to whitelist Intune hooks?

Thanks in advance!