app crash on first start on FreeraspReactNative.onInvalidCallback()

talsec / Free-RASP-ReactNative

React Native plugin for improving app security and threat monitoring on Android and iOS mobile devices.

https://github.com/talsec/Free-RASP-Community

MIT License

84 stars 10 forks source link

app crash on first start on FreeraspReactNative.onInvalidCallback() #42

Closed nikhilborana closed 7 months ago

nikhilborana commented 7 months ago

getting the crash on first time open only. Install this build from testflight.

Working fine on development.

msikyna commented 7 months ago

Hello @nikhilborana , thank you for reporting this! We will look at it soon.

Kind regards, Talsec team

nikhilborana commented 7 months ago

it crashed on both debug and release schema. only for the first time.

"react-native": "0.73.4", "freerasp-react-native": "^3.6.0",

LydGol90 commented 7 months ago

Hi, yes seeing a few of these crashes on our production app on iOS only (so far).

"react-native": "0.72.6", "freerasp-react-native": "^3.6.0",

Using very simple implementation of useFreeRasp() as in docs

I wasn't sure if this was related to this code in FreeraspReactNative.swift, which deliberately kills the app

 /**
     * We never send an invalid callback over our channel.
     * Therefore, if this happens, we want to kill the app.
     */
    @objc(onInvalidCallback)
    private func onInvalidCallback() -> Void {
        abort()
    }

Many thanks

tompsota commented 7 months ago

Hi,

we found a bug that kills the app when deviceID check is fired on iOS, instead of launching your reaction. Fix will be ready later today.

Thanks for bringing this up.

nikhilborana commented 7 months ago

You're welcome!! Thanks for your swift action and dedication to improving the functionality of the library are truly commendable.

tompsota commented 7 months ago

Just released v3.6.1 which should fix the problem.

nikhilborana commented 7 months ago

sorry to bother you guys, but now its giving Device Id not ok for the first time open and if I kill the app and reopen it is working fine.

tompsota commented 7 months ago

Hi @nikhilborana,

The deviceID can be triggered after app reinstallation if none other app from the same vendor is installed on the device. First run compares the old DeviceID with current DeviceID and updates the DeviceID. When the app is opened for the second time, the current DeviceID is compared to the DeviceID from the first run, so callback is not triggered anymore. You can learn more in the wiki here.

So if you are reinstalling the only app installed from you, it is expected that deviceID is triggered.

If you don't mind whether app was reinstalled, then it is usually fine to ignore this callback.