# RELEASE NOTES - Shield for Android, Version 6.0.0, 2023-09-13

## Highlights

* Added new features:
  - "App Attestation"
  - "Support for Amazon App Store publishing"
  - "Jigsaw Binary Protection Engine" for native code
  - "Improved detection of Virtual Space Apps"
  - "Option to exclude an activity from screenshot protection"
  - "Support for Chinese PIPL regulatory requirements"

* Updated supported Android platforms:
  - Added support for Android 14 Beta 5 (API 34)
  - Dropped support for Android below 5.0 (API 21)

* Changes/Deprecations
  - ShieldSDK-secure-edit-text.
  - Removed Shielder command line option `--obfuscate on`.
  - Deprecated the Shielder command line option --profile.
  - Only add x86/x86_64 support if explicitly specified.
  - Removed Foreground Override Detection.

* General stability and performance improvements.

Read below for full details.


## Supported platforms

* Shield is supported on Android 5.0 (API 21) up to Android 14 Beta 5 (API 34).

* The Shielder tool is supported on 64-bit Java 17 on Windows 10,
  Mac OSX (10.9+) and Ubuntu Linux LTS 20.04 or 22.04.

* Shield Gradle Plug-in version 2.x is supported. It can be downloaded from:

  - https://dl.promon.no/pub/android/gradle/doc/shield-gradle-plugin-2.1.0.pdf
  - https://dl.promon.no/pub/android/gradle/jar/shield-gradle-plugin-2.1.0.jar


## New Features

### App Attestation
_[Introduced in version 5.3.0]_

App Attestation can be used to verify on a server-side that an app with Shield
is being used on the client side. App Attestation comes with client side APIs
that must be used with Shield, and a Java backend implementation which should be
integrated server-side.

Available for licensed users.


### Support for Amazon App Store publishing
_[Introduced in version 5.5.0]_

Amazon App Store modifies your application's files. For all applications, Amazon
App Store injects some code and files into the application. This modification
triggers Shield's default repackaging checks.

Now Shielder provides a collection of Shielder rules to skip the integrity check
of the files that are known to be modified by Amazon App Store. In order to use
these rules, add the following include statement to your Shielder rules:

.my-rules.cfg:
```
include "builtin:amazon-app-store-support.cfg";
```

_Note:_ these rules should only be used if you intend to publish your
application through the Amazon App Store.

For more information read the Shielder Usage documentation.


### Jigsaw Binary Protection Engine

The Jigsaw Binary Protection Engine protects native libraries included in your
app. This component provides state-of-the-art code protection techniques
embedded directly into your native binaries to prevent reverse engineering and
modification. It also provides strong binding to the Shield library, protecting
the whole application from runtime attacks.

Available for licensed users.


### Improved detection of Virtual Space Apps

Virtual app space detection can be enabled with the Shield config option:

.my-config.xml:
```xml
  <checkAppInVirtualSpace v="true"/>
```

If that option is enabled, then Shield detects if the application was launched
as a copy inside applications such as Parallel Space, Dual Space or similar.

Shield can also detect virtual app spaces and work profiles or managed devices
provided by device vendors such as Google Workspace, Samsung Secure Folder,
Xiaomi Dual Apps, Microsoft Workspace, etc. By default these are not reported as
"virtual app spaces", but you can use the following Shield config option to
report those as well as "virtual app space".

.my-config.xml:
```xml
  <allowWorkProfileAndDeviceVendorVirtualSpaces v="false"/>
```


### Option to exclude an activity from screenshot protection
_[Introduced in version 5.4.0]_

If shield is configured with `blockScreenshots` to block screenshots from being
taken of the app, that is:

.my-config.xml:
```xml
  <blockScreenshots v="true" />
```

Then the Shielder rule `allowScreenshotsForActivity` can be used to exclude an
activity class from this block. That is, adding the following Shielder rule
tells Shield to allow screenshots if the specified activity is visible, even if
blockScreenshots is enabled.

.my-rules.cfg:
```
allowScreenshotsForActivity com.example.DontBlockScreenshotsFromMyActivity;
```

The argument for "allowScreenshotsForActivity" is the class name of an activity.

A use case for this feature may be an app that wants their users to take a
screenshot of a specific activity to verify payments, receipts, etc.


### Support for Chinese PIPL regulatory requirements
_[Introduced in version 5.1.0]_

In some countries (for example, China) the regional app stores enforce a
"Personal Information Protection Law" (PIPL), which requires applications to ask
app users for consent to use some Android APIs. Shield uses some of the Android
APIs that are covered by the PIPL in the security assessment of the application
environment. To comply with the PIPL, an application can add a dependency on the
new ShieldSDK-PIPL library:

.app/build.gradle:
```gradle
dependencies {
  implementation 'no.promon.shield:ShieldSDK-PIPL:+'
  ...
}
```

The ShieldSDK-PIPL library provides an annotation `@ConsentActivity`. This
annotation can be used by the application to automatically register the consent
activity for the PIPL requirements. In this activity, Shield will not run
security checks that are restricted by the PIPL.

The annotation is used like:

.MyConsentActivity.java:
```java
package com.example.myactivities;

import androidx.appcompat.app.AppCompatActivity
import no.promon.shield.pipl;

@ConsentActivity
class MyConsentActivity : AppCompatActivity() {
    ...
}
```

Inside this activity you need to inform the user that the application uses
Android APIs that are restricted by the PIPL.

In addition you need to enable the configuration option "PIPLSupport" in the
Shield configuration:

my-config.xml:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<shield>
  <config>
    <PIPLSupport v="true" />
    ...
  </config>
</shield>
```


### Improved detection of hooking frameworks, hiders, native code hooks

Shield has improved the detection of hooking frameworks, root hider applications
and native code hooks. Thus Shield detects most versions of

* Frida/Frida stalker
* LSPosed
* Magisk Delta
* Magisk Manager


### Improved emulator detection: detect VMOS Emulators
_[Introduced in version 5.4.0]_

VMOS is an Android application, which can create emulators on an Android device.
VMOS provides the possibility to create highly configurable emulator images.
Some of these images may be rooted, some may have Xposed installed.

VMOS Emulator detection is part of the "checkEmulator"/"exitOnEmulator" shield
configuration"

.my-config.xml:
```xml
  <checkEmulator v="true" />
  <exitOnEmulator v="true" />
```
_Note:_ `checkEmulator` and `exitOnEmulator` are enforced for the release profile.


### Detect new input sources as emulated input

Non-physical inputs (motion/keyboard events) are characterized as an emulated
input. The emulated inputs might be originated from ADB, auto-click
applications, screen-mirroring applications, screenreader applications, etc. The
emulated input detection can be enabled with the Shield config option:

.my-config.xml:
```xml
  <checkEmulatedInput v="true"/>
```

The improved algorithm now detects more emulated input sources, for example,
Vysor and Anydesk are now detected.


## New config.xml options

### allowWorkProfileAndDeviceVendorVirtualSpaces

See section "Improved detection of Virtual Space Apps".

.my-config.xml
```xml
  <allowWorkProfileAndDeviceVendorVirtualSpaces v="true"/>
```

### checkConfigUpdateOnLaunch

This configuration option enables Shield to automatically check for a
configuration update when the application is launched. The updated configuration
will be effective in the next launch. The default value is "false", that is,
this is disabled.

.my-config.xml
```xml
  <checkConfigUpdateOnLaunch v="false"/>
```

### checkUntrustedInstallerMode

Configures the mode for the untrusted installer check (see
`checkUntrustedInstaller`). The option can be set to one of the following
values:

* "all":: Check all the apps that are installed on the device.
    This is the default value.

* "sideloaded-apps-only":: Check only the apps that are sideloaded, that is,
    installed via adb.

.my-config.xml:
```xml
  <checkUntrustedInstaller v="true"/>
  <checkUntrustedInstallerMode v="sideloaded-apps-only"/>
```

### enableDynamicSyscallGeneration

If this option is enabled, Shield will generate system call functions on-the-fly
instead of using system call functions from standard libraries provided by the
OS. This increases the security of the shielded application. The feature is
currently only available for the arm64-v8a architecture. It is currently
disabled by default. In some future version this will be enabled by default and
the configuration option will be removed.

.my-config.xml:
```xml
  <enableDynamicSyscallGeneration v="true"/>
```


## Changes/Deprecations

### Java Runtime

The Shielder tool now supports Java 17 LTS as the minimum supported Java VM.
That is, Java 11 is no longer supported by the Shielder tool.

### Supported Android Versions

Android 4.4 (API 19 and 20) are no longer supported by Shield. The minimum
supported version will be Android 5.0, Lollipop (API level 21).

### Deprecated ShieldSDK-secure-edit-text

ShieldSDK-secure-edit-text is now deprecated since it is not maintained.

### Removed Shielder command line option --obfuscate on

The deprecated Shielder command line option `--obfuscate [on, default]` has been
removed. Instead use Shielder rules configurations. The removed option
`--obfuscate on` has the same effect as the following Shielder rule in your
Shielder rules configuration:

.my-rules.cfg:
```
include "builtin:obfuscate-on.cfg";
```

### Deprecated the Shielder command line option --profile

The Shielder command line option `--profile [release, debug]` is deprecated.
Shielder defaults to "release".
Use `--debug` instead of `--profile debug`.

### Only add x86/x86_64 support if explicitly specified.

Shield supports the four architectures arm64-v8a, armeabi-v7a, x86_64 and x86.

If an application has native libraries, then Shielder will add the Shield
library for all architectures that are supported by the application.

Previously, Shielder added Shield for all four architectures when the
application had no native libraries. This has been changed to only add the
arm64-v8a and armeabi-v7a architectures. Thus the shielded app will be smaller:
the x86_64 and x86 Shield libraries add a size of ~5 MB to the application.

If you have an application without native libraries and you want to add x86_64
and/or x86 support to the shielded app, then you need to specify that with the
`--arch` command line option:

```bash
$ java -jar Shielder.jar --arch arm64-v8a,armeabi-v7a,x86_64,x86 app.apk
```

### Shielder command line option --output-mapping

The Shielder command line option `--output-mapping path-or-filename.txt` now
accepts:

* The path to a non-existing file: in this case the parent directory is created
  if necessary.

* The path to an existing directory: in this case the output mapping will be
  written to the file "mapping.txt" in that directory.

* A non-existing directory: in this case the directory will be created and the
  output mapping will be written to the file "mapping.txt" in that directory.

* An existing file (with or without path): in this case the existing file will
  be overwritten.

### Removed Foreground Override Detection

Foreground Override Detection is removed. That feature is no longer supported.
The related ShieldSDK-callback class `ForegroundOverrideData` may be removed any
time.


## Fixes

### Fix application crashes on automated Google Play testing

Automated Google Play testing runs the application with a package id
androidx.test.tools.crawler.stubapp. That caused a shielded app to crash.
_(Resolves issue SHAND-3576)_


### Support the new Android 12 - 14 garbage collector.

Android 12-14 have a new garbage collector (GC) implementation. That GC caused
an ANR with Shield 5.6.0 resp. 5.0.5 and older.
_(Resolves issue SHAND-3527)_


### Fix reporting screen-mirroring blocking in the callbacks.

If screen-mirroring is blocked then in some situations Shield reported in the callback that
screen-mirroring was not blocked, though Shield did block it.

_Note:_ Shield can be configured to block screen-mirroring with the following
config option:

.my-config.xml:
```xml
  <checkScreenMirroring v="true"/>
  <blockScreenMirroring v="true"/>
```

_(Resolves issue SHAND-3626)_


### Fix reporting data in the KeyboardData callback.

If the user switches to an untrusted keyboard while the application is running
and the untrusted keyboard declares its service as `export="false"` (in its
AndroidManifest.xml), then Shield reported the previous keyboard data in the
untrusted keyboard callback event. If a keyboard uses `export="false"`, then
Shield can't query the keyboard data (package name, signer, etc.).

With this fix Shield will report empty names instead of the names of the
previous keyboard.
_(Resolves issue SHAND-3628)_


### Fix ShieldSDK-secure-app-rom proguard rules.

Proguard/R8 started to obfuscate/minimize some members of the
ShieldSDK-secure-app-rom classes. That caused a crash in applications that
used the ShieldSDK-secure-app-rom.
_(Resolves issue SHAND-3587)_


### Fix callback data of `VirtualSpaceAppData`.

The app version and app name (of the virtual space app) were switched.
_(Resolves issue SHAND-3528)_


### Fix callback data of `UntrustedSourceAppData`.

The signer name of the installer of the untrusted source application was
reported wrong, that is, the String returned by
`UntrustedSourceAppData.getUntrustedSourceAppInstallerSignerName(index)`. That
return value was the signer name of the unstrusted source application itself.
This was fixed.
_(Resolves issue SHAND-3509)_

_Note:_ the other data (signature, package name, etc.) are reported correctly.


### Improved untrusted keyboard detection.

On Android 13 or above it was possible to switch from a trusted to an untrusted
keyboard while editing a text in the app without Shield noticing the change. Now
Shield detects such a change.
_(Resolves issue SHAND-3532)_


### Fix mapping.txt for Crashlytics.

Crashlytics needs a mapping.txt that contains entries for both obfuscated and
not obfuscated classes and members. Previously Shielder wrote only the classes
and members that were obfuscated. Now Shielder writes the not obfuscated names
as well.
_(Resolves issue SHAND-3502)_


### Improve adb status detection.

If Shield is configured with `<checkAdbStatus v="true" />`, then previous
versions of Shield reported adb as inactive -- even though adb was still active,
if the developer option were disabled with the adb command:

```bash
$ adb shell settings put global development_settings_enabled 0
```

_(Resolves issue SHAND-3514)_


## Preview on upcoming changes in the Shield 6.1 version

* The deprecated `ForegroundOverrideData` will be removed. That feature is no
  longer supported.

* The deprecated `CallbackManager.setExtendedObserver(observer)` and
  `CallbackManager.removeObserver()` will be removed. Instead use
  `CallbackManager.addObserver(observer)` and
  `CallbackManager.removeObserver(observer)`.

* The Shielder command line option `--profile [release, debug]` is deprecated
  and may be removed in some future version.


## Known limitations

### Java 17 runtime

Some Java 17 runtime versions cause the following error on shielding an app:
```
Error: java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field size)
```

The error is caused by a problem with Java. A workaround is to pass the command
line option `-Djdk.util.zip.disableZip64ExtraFieldValidation=true` to java on
running Shielder, that is:

```bash
$ java -Djdk.util.zip.disableZip64ExtraFieldValidation=true -jar Shielder.jar ...
```

### Magisk and root hider tools on new Android versions:

Root hider tools such as Magisk Hide is designed to hide the fact that
the device is compromised (rooted).

Android has been increasingly restricted in what can be inspected and
observed of the system from inside an app.

This means that a rooted system with a root hider tool can be hard to
detect due to missing privileges.

On Android 8+, Shield may not able to reliably detect a rooted device with
Magisk Hide depending on the version of these tools.

### SecureEditText in-app keyboard

The SecureEditText in-app keyboard has focus problems on dialog windows on
tablet devices.


## Tested devices

* Asus Nexus 7 (Android 4.4.4 - KitKat)
* Asus Nexus 7 (Android 5.0 - Lollipop)
* Asus ROG Phone (Android 8.1 - Oreo)
* Asus Zenfone 2 (Android 5.0 - Lollipop)
* Asus Zenfone 4 (Android 7.1.1 - Nougat)
* Asus Zenfone4 SelfiePro (Android 7.1 - Nougat)
* Asus ZenPad 10 (Android 7.0 - Nougat)
* Google Pixel (Android 9.0 - Pie)
* Google Pixel 2 (Android 9.0 - Pie)
* Google Pixel 2 (Android 10 - Q)
* Google Pixel 2 XL (Android 10 - Q)
* Google Pixel 2 (Android 11 - R)
* Google Pixel 3 (Android 10 - Q)
* Google Pixel 3 XL (Android 10 - Q)
* Google Pixel 4 (Android 11 - R)
* Google Pixel 4 XL (Android 11 - R)
* Google Pixel 5 (Android 11 - R)
* Google Pixel 5 (Android 12 - S)
* Google Pixel 5a (Android 12 - S)
* Google Pixel 5a (Android 14 beta 5)
* Google Pixel 6 (Android 13)
* Google Pixel 7 Pro (Android 13)
* Google Pixel 6 Pro (Android 14 beta 5)
* Huawei Honor 6 (Android 4.4.2 - KitKat)
* Huawei Honor 6X (Android 7.0 - Nougat)
* Huawei Honor 7 (Android 5.0.2 - Lollipop)
* Huawei Honor 9X 9.0 (Pie)
* Huawei Mate 10 Pro (Android 8.0 - Oreo)
* Huawei Mate 30 (Android 10 -Q)
* Huawei Mate 30 Pro (Android 10 - Q)
* Huawei Mate 9 (Android 7.0 - Nougat)
* Huawei MediaPad M5 BAH2-W19 (Android 8.0 - Oreo)
* Huawei MediaPad M5 CMR-W09 (Android 9.0 - Pie)
* Huawei Nexus 6P(Nexus 6P) (Android 8.1.0 - Oreo)
* Huawei Nova 5T (Android 9.0 - Pie)
* Huawei P Smart (Android 8.0 - Oreo)
* Huawei P10 (Android 7.0 - Nougat)
* Huawei P20 Pro (Android 8.1 - Oreo)
* Huawei P9 (Android 6.0 - Marshmallow)
* Huawei P9 Lite (Android 6.0 - Marshmallow)
* Huawei Y6II Compact (Android 5.1 - Lollipop)
* Lenovo Vibe K5 Note (Android 6.0 - Marshmallow)
* Lenovo Yoga tablet (Android 4.4.2 - KitKat)
* LG G4 (Android 5.1 - Lollipop)
* LG G4 Dual(LG-H818) (Android 6.0 - Marshmallow)
* LG G5 (LG-H860) (Android 6.0.1 - Marshmallow)
* LG G6 (Android 7.0 - Nougat)
* LG Nexus 5 (Android 6.0 - Marshmallow)
* LG Nexus 5X (Android 8.0 - Oreo)
* LG V30 (Android 7.1.2 - Nougat)
* Motorola Moto E (6) Plus (Android 9.0 - Pie)
* Motorola moto G (6) plus (Android 8.0 - Oreo)
* Motorola Moto G (8) Power (Android 10 - Q)
* Motorola Moto G4 Plus (Android 7 - Nougat)
* Motorola Moto X4 (Android 7.1.1 - Nougat)
* Nokia 2.3 (Android 11 - R)
* Nokia 2.4 (Android 11 - R)
* Nokia 7.2 10.0 (Android 10 - Q)
* OnePlus OnePlus 5 (Android 7.1.1 - Nougat)
* OnePlus OnePlus 6 (Android 8.1 - Oreo)
* OnePlus OnePlus 6T (Android 9.0 - Pie)
* OnePlus OnePlus 7T Pro (Android 10 - Q)
* OnePlus OnePlus 8 Pro (Android 11 - R)
* OnePlus OnePlus 9 (Android 12 - S)
* Oppo A37fw (Android 5.1.1 - Lollipop)
* Oppo A5 (Android 8.1 - Oreo)
* Oppo A5s (Android 8.1 - Oreo)
* Oppo F1 plus (Android 5.1 - Lollipop)
* Oppo R9m (Android 5.1 - Lollipop)
* Oppo Reno5 5G (Android 11 - R)
* Samsung Galaxy A50 (Android 9.0 - Pie)
* Samsung Galaxy A6 plus (Android 9.0 - Pie)
* Samsung Galaxy A71 (Android 10 - Q)
* Samsung Galaxy A8 (Android 8.0 - Oreo)
* Samsung Galaxy A9 (2) (Android 8.0 - Oreo)
* Samsung Galaxy A9 (Android 9.0 - Pie)
* Samsung Galaxy J2 (2015) (Android 5.1.1 - Lollipop)
* Samsung Galaxy J2 (2016) (Android 6.0.1 - Marshmallow)
* Samsung Galaxy J3 (Android 8.0 - Oreo)
* Samsung Galaxy J4 plus (Android 8.1 - Oreo)
* Samsung Galaxy J5 (Android 7.0 - Nougat)
* Samsung Galaxy J6 (Android 8.0 - Oreo)
* Samsung Galaxy J7 (Android 7.0 - Nougat)
* Samsung Galaxy Note 10 Lite (Android 10 - Q)
* Samsung Galaxy Note 4 (Android 6.0.1 - Marshmallow)
* Samsung Galaxy Note 8 (Android 8.0 - Oreo)
* Samsung Galaxy Note 9 (Android 8.1 - Oreo)
* Samsung Galaxy On Nxt (Android 8.1 - Oreo)
* Samsung Galaxy S10 (Android 12)
* Samsung Galaxy S10 (Android 10 - Q)
* Samsung Galaxy S10 e (Android 9.0 - Pie)
* Samsung Galaxy S10 plus (Android 9.0 - Pie)
* Samsung Galaxy S20 5G (Android 11 - R)
* Samsung Galaxy S4 (Android 5.0.1 - Lollipop)
* Samsung Galaxy S5 (Android 6.0.1 - Marshmallow)
* Samsung Galaxy S6 (Android 7.0 - Nougat)
* Samsung Galaxy S6 Edge (Android 6.0 - Marshmallow)
* Samsung Galaxy S6 Edge (Android 7.0 - Nougat)
* Samsung Galaxy S6(SM-G920I) (Android 7.0 - Nougat)
* Samsung Galaxy S7 (2) (Android 8.0 - Oreo)
* Samsung Galaxy S7 Edge (Android 6.0.1 - Marshmallow)
* Samsung Galaxy S7(SM-G930FD) (Android 8.0 - Oreo)
* Samsung Galaxy S8 (Android 8.0 - Oreo)
* Samsung Galaxy S8 plus (Android 8.0 - Oreo)
* Samsung Galaxy S9 (Android 8.0 - Oreo)
* Samsung Galaxy S9 plus (Android 8.0 - Oreo)
* Samsung Galaxy Tab S4 (Android 9.0 - Pie)
* Samsung Galaxy Xcover 4 (Android 7.0 - Nougat)
* Samsung Galaxy Z Flip (Android 10 - Q)
* Samsung Galaxy Z Fold 2 5G (Android 10 - Q)
* Sony Xperia 1 (Android 9.0 - Pie)
* Sony Xperia Z (Android 5.1.1 - Lollipop)
* Sony Xperia Z3 (E6553) (Android 6.0 - Marshmallow)
* Sony Xperia Z4 Tablet (Android 5.0.2 - Lollipop)
* Sony Xperia Z5 Dual(E6683) (Android 7.1.1 - Nougat)
* Vivo 1916 (Android 9.0 - Pie)
* Vivo S1 1907 (Android 9.0 - Pie)
* Vivo S7e (Android 10 - Q)
* Vivo V2029 (Android 10 - Q)
* Vivo X30 Pro (Android 9 - Pie)
* Vivo X60 (Android 11 - R)
* VSmart Live (Android 9.0 - Pie)
* Xiaomi MI 8 (Android 8.1 - Oreo)
* Xiaomi MI 9 (Android 9.0 - Pie)
* Xiaomi Mi A2 (Android 8.1 - Oreo)
* Xiaomi MI MAX 2 (Android 7.1.1 - Nougat)
* Xiaomi MI Mix 2s (Android 8.0 - Oreo)
* Xiaomi MI Mix 3 (Android 9.0 - Pie)
* Xiaomi Mi Note 10 (Android 9.0 - Pie)
* Xiaomi Redmi 3S (Android 6.0.1 - Marshmallow)
* Xiaomi Redmi 4 (Android 6.0.1 - Marshmallow)
* Xiaomi Redmi 4A (Android 6.0.1 - Marshmallow)
* Xiaomi Redmi 5 (Android 7.1.2 - Nougat)
* Xiaomi Redmi Note 4 (Android 7.0 - Nougat)
* Xiaomi Redmi Note 8 Pro (Android 9.0 - Pie)