HomePremium ProductsTalsec Portal

🎤What's New and Changelog

Stay up-to-date with the latest features, improvements and bug fixes for freeRASP. Here you'll find detailed information about each update we've rolled out, organized by platform. Whether you're using the Android, iOS, Flutter, React Native, Capacitor, or Cordova version, all platforms are supported.

Explore the tabs below to see what's new and how the experience has been improved for you. If you're looking for specific changes or features, each update is documented for your convenience.

Latest from Articles

Learn more: https://docs.talsec.app/appsec-articles

Changelog

Latest version 17.0.0

Breaking Change

  • ❗️Breaking: Added killOnBypass method to the TalsecConfig.Builder that configures if the app should be terminated when the threat callbacks are suppressed/hooked by an attacker Issue 65

  • ❗️Breaking: Added onTimeSpoofingDetected() callback to ThreatDetected interface

    • We are introducing a new capability, detecting whether the device time has been tampered with

  • ❗️Breaking: Added onLocationSpoofing() callback

    • We are introducing a new capability, detecting whether the location is being spoofed on the device.

  • ❗️Breaking: Added onUnsecureWifi() callback to ThreatDetected interface

  • ❗️Breaking: Changed onMalwareDetected() method parameter packageInfo to non-nullable

  • ❗️Breaking: Updated dispatchKeyEvent() parameter nullability from @Nullable to @NonNull

  • ❗️Breaking: Changed parameter type of Activity instead of Context in the blockScreenCapture() method

  • ❗️Breaking: Removed deprecated functionality Pbkdf2Native and both related native libraries (libpbkdf2_native.so and libpolarssl.so)

Added

  • Added ScreenProtector feature wrapper object that helps with registration/unregistration of screen protection features

  • A new constructor parameter of type RaspExecutionState in class ThreatListenerrepresenting changes in state in our library. RaspExecutionState contains onAllChecksFinished() method, which is triggered after all checks are completed.

  • Added matched permissions to SuspiciousAppInfo object when malware detection reason is suspiciousPermission

  • New option to start Talsec, Talsec.start() takes new parameter TalsecMode that determines the dispatcher thread of initialization and sync checks

  • Capability to check if another app has an option REQUEST_INSTALL_PACKAGES enabled in the system settings to malware detection

Fixed

  • ANR issue caused by registerScreenCaptureCallback() method on the main thread

  • NullPointerException when checking key alias in Keystore on Android 7

  • JaCoCo issue causing MethodTooLargeException during instrumentation

  • DeadApplicationException when calling Settings.Global.getInt or Settings.Secure.getInt on invalid context

  • AndroidKeyStore crashes causing java.util.concurrent.TimeoutException when calling finalize() method on Cipher (GC issues)

Changed

  • Shortened the value of threat detection interval

  • Refactoring of internal architecture of SDK that newly uses Coroutines to manage threading

  • Update of internal dependencies and security libraries

Version 16.0.1

Breaking Change, new feature

  • ❗️Added onMultiInstanceDetected() callback - detection whether the application is installed/running in various multi-instancing environments (e.g. Parallel Space).

Improvement

  • Added support for 16 KB memory page sizes.

  • The ADB service running as "root" is a signal for root detection.

  • Improved emulator detection.

  • Internal security improvements.

Fixed

  • Removed malware report duplicates.

Version 15.1.0

Improvement

  • Added new root detection checks.

  • Added eventId to the logs, which is unique per each log. It allows traceability of the same log across various systems.

  • Added externalId to put an integrator-specified custom identifier into the logs. This feature will be presented later.

Fixed

  • Resolved SecurityException caused by getNetworkCapabilities() - Android 11 specific bug (GH Android issue #56).

Version 15.0.0

Changed

  • Compile API increased to 35, dependencies updated

  • Internal library obfuscation reworked

  • Root detection divided into 2 parts (quick initial checks, and time-demanding asynchronous post checks)

Fixed

  • ANR issues bug-fixing

Version 14.0.1

Breaking Change, new feature

Improvement

  • Added blockScreenCapture(Activity activity, boolean enable) for FLAG_SECURE control, an active protection against screen capturing.

  • isScreenCaptureBlocked() - to receive whether the screen capture is blocked

  • Rate limiting for both screenshot and screenRecording incidents

  • Improved root detection capabilities

Bug Fix

  • Updated proguard rules to fix warnings from okhttp dependency.

Version 13.2.0

Improvement

  • Added request integrity information to data collection headers.

  • Enhanced and accelerated the data collection logic.

Version 13.0.0

New features

  • BREAKING CHANGE: Added onADBEnabledDetected detection feature, which allows you to detect USB debugging option enabled in the developer settings on the device. App needs to implement this new callback.

Version 12.0.0

Improvement

  • Refactored Magisk checks in the root detection

  • Internal refactoring of Malware detection feature

Bug Fix

  • Resolved IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver

Version 11.1.3

Bug Fix

  • Reported ANR issues present on some devices were resolved (GH issue #138).

  • Reported crashes caused by ConcurrentModificationException and NullPointerException were resolved (GH Flutter #140).

  • Reported crashes caused by the UnsupportedOperationException were resolved.

Version 11.1.1

Bug Fix

  • False positives in Hook detection (runtimeManipulation).

Version 11.1.0

New Feature

  • Added onMalwareDetected to ThreatListener.ThreatDetected interface, this is a breaking change and the onMalwareDetected has to be implemented by the integrating application.

    • Important Information

      • Further details for this feature will be provided shortly with the new repositories.

      • For now, do not react to the callback, you can implement it simply by just using println().

  • Added the auditing of the internal execution for the future check optimization and overall security improvements.

Improvement

  • Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable.

  • Updated CURL to 8.8.0 and OpenSSL to 3.0.14 (Github issue #114).

  • Refactored fetching the list of installed applications for root and hook detection.

Bug Fix

  • Fixed native crashes (SEGFAULT errors) in ifpip method.

  • Fixed collision for command line tools (like ping) invoked without absolute path (Github issue #41).

Version 9.6.0

New Feature

  • Two new threat callbacks, onDeveloperModeDetected and onSystemVPNDetected, have been added for detecting Developer mode and System VPN.

Improvement

  • Updated GMS dependency to a newer version for improved performance and compatibility.

  • Updated CA bundle to enhance security for secure connections.

Bug Fix

  • Resolved a problem with displaying the Arabic alphabet in logs caused by the device’s default system locale.

Version 9.1.0

Improvement

  • Updated freeRASP SDK artifact hosting ensuring better stability and availability.

Version 9.0.2

Improvement

  • Shortened duration of threat evaluation.

  • Improved appIntegrity check and its logging.

  • Updated CURL to 8.5.0 and OpenSSL to 1.1.1w.

Bug Fix

  • Fixed a native crash bug during one of the native root checks (detected after NDK upgrade).

Version 9.0.0

Improvement

  • Increased the compileSdk and targetSdk in the demo application.

  • Updated dependencies in the demo application.

Bug Fix

  • Fixed issue with ProviderException (#26).

Curious about more in-depth changes for Android? Head over to our GitHub Changelog for the complete history of updates!

PreviousThe Key Differences: freeRASP vs. RASP+NextData Visualisation Portal

Last updated