search

talsec / Free-RASP-Flutter

Flutter library for improving app security and threat monitoring on Android and iOS mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
186 stars 18 forks source link

bug: SharedPreferences causes exceptions #120

Open rakesh0689 opened 1 month ago

rakesh0689 commented 1 month ago

Describe the bug Freerasp causes error with SharedPreferences at startup and application does not detect root / hook etc.. Even If if the error is not coming sometimes the detection does not work and the user is able to log in to app on rooted device. There is always a delay in triggering the callback after await Talsec.instance.start(config);

To Reproduce Similar to what is described in #112

Expected behavior Freerasp is supposed to detect root / hooks etc. but since the issue is happening the user is able to run the app on rooted device. But the is not coming every time sometimes when app is removed from memory and opened again Freerasp sometimes detects root sometimes this error comes. ALso when app is hot restarted while in debug mode then this issue is not there.

Screenshots W/SharedPreferencesImpl(19382): Cannot read /data/user/0/com.myapp.org/shared_prefs/LPt63jFXmgP2hitXSjTyIScRrUsA7cK8RSCVk26.xml W/SharedPreferencesImpl(19382): org.xmlpull.v1.XmlPullParserException: Unexpected end of document W/SharedPreferencesImpl(19382): at com.android.internal.util.XmlUtils.readValueXml(XmlUtils.java:1550) W/SharedPreferencesImpl(19382): at com.android.internal.util.XmlUtils.readMapXml(XmlUtils.java:971) W/SharedPreferencesImpl(19382): at android.app.SharedPreferencesImpl.loadFromDisk(SharedPreferencesImpl.java:179) W/SharedPreferencesImpl(19382): at android.app.SharedPreferencesImpl.lambda$startLoadFromDisk$0(SharedPreferencesImpl.java:149) W/SharedPreferencesImpl(19382): at android.app.SharedPreferencesImpl.$r8$lambda$gCIQI__z13DI5jNIqnAnYLWLcMc(Unknown Source:0) W/SharedPreferencesImpl(19382): at android.app.SharedPreferencesImpl$$ExternalSyntheticLambda0.run(D8$$SyntheticClass:0) W/SharedPreferencesImpl(19382): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) W/SharedPreferencesImpl(19382): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644) W/SharedPreferencesImpl(19382): at java.lang.Thread.run(Thread.java:1012) W/Sensors (19382): Cannot get virtualdevice_native service D/nativeloader(19382): Load /data/app/~~PdqQLLHtN6sj7pn7zDNTBg==/com.myapp.org-BURVz3QSxsk6rEYBNw8ZkQ==/base.apk!/lib/arm64-v8a/libsecurity.so using ns clns-5 from class loader (caller=): ok

Please complete the following information:

Additional context

  1. This error only occurs at the execution of this line "await Talsec.instance.start(config);"
  2. I don't use SharedPreferences in my project
  3. Sample of callback implemented: onAppIntegrity: () { isSecure = false; secureText = 'Tamper detected!!'; },
  4. When i browse this location "/data/user/0/com.myapp.org/shared_prefs/LPt63jFXmgP2hitXSjTyIScRrUsA7cK8RSCVk26.xml" there is no such folder as com.myapp.org and hence no xml file as well.
  5. We are not sure how the callbacks are getting triggered. Sometimes it gets triggered immediately sometimes its not getting triggered at all. I am not sure how to test this anymore. Any help would be greatly helpful. This is happening in Production build as well.
msikyna commented 1 month ago

Hello @rakesh0689 ,

thank you for reporting the issue, we will look at it.

Kind regards, Talsec team

AwaisQazii commented 1 month ago

Hi @msikyna , were you able to resolve this issue?

urvesh-sm commented 1 month ago

Hi @msikyna ,

Is there an update or solution for this? We are facing the same issue:

W/SharedPreferencesImpl( 7547): Cannot read /data/user/0/<packageId>/shared_prefs/LpT8W5aFMBRoU0MCvKl3hGlhBEYszkisbY8DLEsylFvG.xml
W/SharedPreferencesImpl( 7547): org.xmlpull.v1.XmlPullParserException: Unexpected end of document
W/SharedPreferencesImpl( 7547):     at com.android.internal.util.XmlUtils.readValueXml(XmlUtils.java:1550)
W/SharedPreferencesImpl( 7547):     at com.android.internal.util.XmlUtils.readMapXml(XmlUtils.java:971)
W/SharedPreferencesImpl( 7547):     at android.app.SharedPreferencesImpl.loadFromDisk(SharedPreferencesImpl.java:179)
W/SharedPreferencesImpl( 7547):     at android.app.SharedPreferencesImpl.lambda$startLoadFromDisk$0(SharedPreferencesImpl.java:149)
W/SharedPreferencesImpl( 7547):     at android.app.SharedPreferencesImpl.$r8$lambda$gCIQI__z13DI5jNIqnAnYLWLcMc(Unknown Source:0)
W/SharedPreferencesImpl( 7547):     at android.app.SharedPreferencesImpl$$ExternalSyntheticLambda0.run(D8$$SyntheticClass:0)
W/SharedPreferencesImpl( 7547):     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
W/SharedPreferencesImpl( 7547):     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
W/SharedPreferencesImpl( 7547):     at java.lang.Thread.run(Thread.java:1012)

And this is not rooted or simulator device

yardexx commented 1 month ago

Hello.

We are aware of this issue - it is caused by an internal component. It does not affect detection or performance. We have plans in place to resolve it.

Jaroslav from Talsec