Freerasp bypass on React-native & Flutter

[fabiand93]

I want to follow-up the discussion that @alexpeju presented:

Is there a plan in the freerasp roadmap to apply a patch or solution to the bypass that can be implemented using the script already published with Frida? (https://codeshare.frida.re/@muhammadhikmahhusnuzon/bypass-talsec-rasp-and-root-detection/)

Is there any recommendations for mitigating this type of vulnerability in React-native and Flutter applications that are not the enterprise version?

[SirionRazzer]

Hi @fabiand93 ,
We cannot commit to resolving this issue, as it is a hard problem in the freeRASP SDK, which has a stable interface (meaning an attacker can always locate it easily). We have some improvements planned in the long-term freeRASP roadmap (e.g. build plugin that would individually secure the interface problem at build time) and understand that this is at the top of the freeRASP community wishlist.

Priority support and issue resolution, including mitigations for these Frida scripts, are available in the premium plans: https://www.talsec.app/plans-comparison - we provide simple plans like "Full App Safety Suite Starter" that can be paid on monthly basis to manage your costs more easily.

Kind regards,
Tomas Soukal, Talsec Team