search

talsec / Free-RASP-Flutter

Flutter library for improving app security and threat monitoring on Android and iOS mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
194 stars 20 forks source link

MacOS detecting onPrivilegedAccess #131

Closed Gaurav-CareMonitor closed 2 months ago

Gaurav-CareMonitor commented 2 months ago

Describe the bug When running the iOS app in macOS with M1 M2 chipset, the app throws onPrivilegedAccess We want to keep using the app on macOS, is there any workaround for this?

image
msikyna commented 2 months ago

Hello @Gaurav-CareMonitor ,

we do not actively develop and support RASP for macOS applications. There will be false positives, as macOS naturally contains the files on paths, which are checked. You can ignore this check on macOS.

Kind regards, Talsec team

Gaurav-CareMonitor commented 2 months ago

Sorry I don't think you got my point, The app is not macOS app but an iOS app only, which we are running on Mac after downloading from app store. So from flutter we can't know if its running on mac. Hence can't apply check accordingly.

msikyna commented 2 months ago

Hello, sure, we understand the use case. However, the machine is still Mac, which has the files on expected paths, which are not present on iPhones, but naturally are on macOS. The check itself does not make sense for applications run on Mac.

msikyna commented 2 months ago

We will not disclose what exactly is actually checked, but you can find similar detections in OWASP Guidelines: https://mas.owasp.org/MASTG/0x06j-Testing-Resiliency-Against-Reverse-Engineering/#common-jailbreak-detection-checks For example, there are /bin/sh or /bin/bash, which are definitely present on Mac.

Gaurav-CareMonitor commented 2 months ago

Got it Thanks