App Integrity threat not detected in iOS device || Expo React Native #68
Comments
|
Hello @Mr-harsh10, Did you get any report from the penetration tester? It would be awesome if you could share with us how the tester was able to bypass freeRASP - i.e. which tools were used, which part of freeRASP was bypassed, etc. You can also reach out to us at support@talsec.app - just please reference this issue. Regards, |
|
Hello @tompsota thanks for the reply, which part of freeRASP was bypassed, - appIntegrity |
|
Hello @Mr-harsh10, We are aware that there are certain ways how to bypass freeRASP - and we are sure that experienced pentester will be able to bypass freeRASP. If you are looking for a more advanced solution, take a look at BusinessRASP, which includes advanced protection of your app - including better resilience against bypassing - read more about the differences to freeRASP here and more about commercial offer here. As long as you don't provide us any data about how (at least conceptually) your pentesting team was able to bypass freeRASP, I'm afraid we won't be able to determine how to prevent it right now. There may be multiple ways how to bypass appIntegrity; the attack may occur on multiple layers, e.g. in native iOS, JS, RN bridge... Best, |
I am working on a React Native Expo app. During penetration testing, the tester was able to tamper with my app, rebundle it, and run it without any issues. I need to prevent this.
Dependencies
"expo": "^49.0.0",
"react-native": "0.72.10",
"freerasp-react-native": "^3.7.2",
The text was updated successfully, but these errors were encountered: