search

talsec / Free-RASP-Flutter

Flutter library for improving app security and threat monitoring on Android and iOS mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
194 stars 20 forks source link

How to know proper value for `AndroidConfig.supportedStores`? #85

Closed speszke closed 1 year ago

speszke commented 1 year ago

Hi,

I'm working on Flutter app which is currently in tests, so distributed via Firebase App Distribution (Android) and TestFlight (iOS). How can I add Firebase App Distribution to the list of supportedStores to be sure it won't trigger onUnofficialStore?

More general question is what's the general rule when providing name/address to the list of supported stores? How to "guess" the name?

msikyna commented 1 year ago

Hello @speszke ,

the name of a wanted supported alternative store is in a form of its package name. You need to find out the package name of the application, which installs your application. For example, these are some package names of known alternative stores:

There are also some services, which use package installer for distribution of the application, e.g. the App Center uses com.google.android.packageinstaller or com.android.packageinstaller.

We are not sure what Firebase App Distribution uses, could you try the package installer (as in the App Center case), or this value: com.google.firebase.appdistribution ?

Please let us know how you managed it. We will update the documentation to explain this topic more clearly. Thank you!

Kind regards, Talsec team

talsec-app commented 1 year ago

Hi @speszke , please check this page https://github.com/talsec/Free-RASP-Community/wiki/Threat-detection#detecting-unofficial-installation with an explanation of the supportedStores property and provide us with a review. Let us know if it is clear enough and if it helped you. Thank you again for raising this issue. Best Regards, Talsec Team

speszke commented 1 year ago

@talsec-app I took a look at the wiki page describing the subject and IMHO it describes well enough how to deal with supported stores.

AkhmadRamadani commented 1 month ago

I've been added supportedStores: [ 'dev.firebase.appdistribution', ],

also, I have uploaded the apk to Firebase App Distribution. then I installed it in my Android Phone. But, it still triggers the unofficial store. Any updates?

Thank you!