app_fortress 1.0.4

Production-grade multi-layer app security - SSL Pinning, Anti-Debug, Code Obfuscation, Play Integrity (Android), App Attest (iOS), Root/Jailbreak detection, and Native C protection layer.

Changelog

1.0.4

• Added screenshot and screen-recording protection APIs:
  • AppFortress.enableScreenProtection()
  • AppFortress.disableScreenProtection()
  • ScreenProtectionScope widget for page-level protection.
• Added Android developer-mode signals:
  • isDeveloperOptionsEnabled
  • isAdbEnabled
  • New threat codes: DEVELOPER_OPTIONS_ENABLED, ADB_ENABLED.
• Added configurable blocking controls:
  • blockOnDeveloperOptions
  • blockOnAdb.
• Added policy presets for easier production hardening:
  • SecurityConfig.banking(...)
  • SecurityConfig.consumer(...)
  • SecurityConfig.enterprise(...).
• Improved Android emulator/debugger reliability and reduced real-device false positives.
• Improved iOS VPN detection behavior to reduce false positives on real devices.
• Normalized cross-platform threat code handling and improved full-check consistency.
• Updated iOS signature behavior:
  • verifySignature now returns explicit UNSUPPORTED when expected signatures are provided, enforcing App Attest + server-side verification flow.
• Extended SSL pinning capabilities:
  • Added PinnedHttpOverrides for global HttpOverrides integration.
  • Added CertificatePinConfig.fromAssetCertificates(...) convenience helper.
  • Added compatibility fallbacks (SPKI primary, cert-hash fallback, legacy cert-bytes fallback).
• Updated README and example app for new APIs and improved status UX.

1.0.3

• Android package issue

1.0.2 - 2026-01-18

• Improved emulator detection to correctly support third-party emulators (e.g., BlueStacks).
• SSL certificate pinning fixed to use RFC 7469–compliant SPKI public key hashing (existing pins must be regenerated).

⚠️ Migration Required

SSL Pinning: All certificate pins must be regenerated using:

openssl s_client -connect api.example.com:443 -servername api.example.com </dev/null 2>/dev/null | \
  openssl x509 -pubkey -noout | \
  openssl pkey -pubin -outform der | \
  openssl dgst -sha256 -binary | \
  openssl enc -base64

iOS VPN Detection: No migration needed - automatic security improvement

🎯 Compliance

• SSL Pinning now compliant with RFC 7469 (Public Key Pinning)
• iOS VPN detection follows OWASP Mobile Security Guidelines
• No sensitive information logging in production builds

1.0.1

• Fixed false positive VPN detection on Xiaomi/Redmi and Vivo devices
  • Removed rmnet_data and ccmni from VPN interface detection (standard mobile data interfaces)
• Fixed false positive root detection on MIUI and FunTouch OS devices
  • Removed /data/adb/modules from Magisk check (can exist without root)
  • Fixed checkRWSystem() to use precise mount line parsing

1.0.0

• Initial release
• Play Integrity API support (Android)
• App Attest support (iOS)
• Root/Jailbreak detection
• Emulator/Simulator detection
• Anti-debugging protection
• Hooking framework detection (Frida, Xposed, Substrate)
• App signature verification
• SSL Certificate Pinning
• String encryption utilities
• SecurityGate widget
• Native C security layer (Android)