npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

capacitor-device-authenticity

v0.0.16

Published

Check the authenticity of an Ionic Capacitor app

Downloads

801

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

morefoxmorefox

Keywords

capacitorpluginnativedevicesecurityauthenticitychecksumhashsignaturecertificatefingerprintsha256jailbreakrootandroidios

Readme

capacitor-device-authenticity

Check the authenticity of an Ionic Capacitor app

This plugin provides methods to check whether a device is jailbroken/rooted, inside an emulator, or not installed from the app store.

This software is provided under the MIT License. The code included in this project, particularly the jailbreak detection method, is provided "as is" without warranty of any kind, express or implied. The authors and copyright holders of this software shall not be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the software or the use or other dealings in the software. Important Notes:

The jailbreak detection method provided is not guaranteed to be foolproof or comprehensive. It may not detect all instances of jailbroken devices or third-party app stores. This code is intended for informational and educational purposes only. It should not be relied upon as a sole means of security or integrity checking in production environments. The use of this code may have implications related to user privacy and device autonomy. Ensure that your use of this code complies with all applicable laws, regulations, and platform policies. The developers of this software do not encourage or endorse the unauthorized modification of devices or violation of terms of service of any platform. Users and implementers of this code are responsible for ensuring their own compliance with all relevant policies, laws, and regulations.

By using this software, you acknowledge that you have read this disclaimer and agree to its terms.

IMPORTANT: This plugin is still under development and is not yet ready for production use. The author has yet to verify if these calls trigger security warnings or cause app store rejections.

HitCount

https://nodei.co/npm/capacitor-device-authenticity.png?downloads=true&downloadRank=true&stars=true

Install

npm install capacitor-device-authenticity
npx cap sync

API

checkAuthenticity(...)

checkAuthenticity(options?: DeviceAuthenticityOptions | undefined) => Promise<DeviceAuthenticityResult | DeviceAuthenticityError>

| Param | Type | | ------------- | ------------------------------------------------------------------------------- | | options | DeviceAuthenticityOptions |

Returns: Promise<DeviceAuthenticityResult | DeviceAuthenticityError>

isEmulator()

isEmulator() => Promise<{ isEmulator: boolean; } | { error: string; }>

Returns: Promise<{ isEmulator: boolean; } | { error: string; }>

isJailbroken(...)

isJailbroken(options?: DeviceAuthenticityJailbreakOptions | undefined) => Promise<{ isJailbroken: boolean; } | DeviceAuthenticityError>

| Param | Type | | ------------- | ------------------------------------------------------------------------------------------------- | | options | DeviceAuthenticityJailbreakOptions |

Returns: Promise<DeviceAuthenticityError | { isJailbroken: boolean; }>

isRooted(...)

isRooted(options?: DeviceAuthenticityRootedOptions | undefined) => Promise<{ isRooted: boolean; } | DeviceAuthenticityError>

| Param | Type | | ------------- | ------------------------------------------------------------------------------------------- | | options | DeviceAuthenticityRootedOptions |

Returns: Promise<DeviceAuthenticityError | { isRooted: boolean; }>

isNotInstalledFromAllowedStore(...)

isNotInstalledFromAllowedStore(options?: DeviceAuthenticityInstalledFromAllowedStoreOptions | undefined) => Promise<{ isNotInstalledFromAllowedStore: boolean; } | DeviceAuthenticityError>

| Param | Type | | ------------- | --------------------------------------------------------------------------------------------------------------------------------- | | options | DeviceAuthenticityInstalledFromAllowedStoreOptions |

Returns: Promise<DeviceAuthenticityError | { isNotInstalledFromAllowedStore: boolean; }>

getApkCertSignature()

getApkCertSignature() => Promise<{ apkCertSignature: string; } | DeviceAuthenticityError>

Returns: Promise<DeviceAuthenticityError | { apkCertSignature: string; }>

checkApkCertSignature(...)

checkApkCertSignature(options?: DeviceAuthenticityCheckApkCertSignatureOptions | undefined) => Promise<{ apkCertSignatureMatches: boolean; } | DeviceAuthenticityError>

| Param | Type | | ------------- | ------------------------------------------------------------------------------------------------------------------------- | | options | DeviceAuthenticityCheckApkCertSignatureOptions |

Returns: Promise<DeviceAuthenticityError | { apkCertSignatureMatches: boolean; }>

checkTags(...)

checkTags(options?: DeviceAuthenticityCheckTagsOptions | undefined) => Promise<{ hasOffendingTags: boolean; } | DeviceAuthenticityError>

| Param | Type | | ------------- | ------------------------------------------------------------------------------------------------- | | options | DeviceAuthenticityCheckTagsOptions |

Returns: Promise<DeviceAuthenticityError | { hasOffendingTags: boolean; }>

checkPaths(...)

checkPaths(options?: DeviceAuthenticityCheckPathsOptions | undefined) => Promise<{ hasOffendingPaths: boolean; } | DeviceAuthenticityError>

| Param | Type | | ------------- | --------------------------------------------------------------------------------------------------- | | options | DeviceAuthenticityCheckPathsOptions |

Returns: Promise<DeviceAuthenticityError | { hasOffendingPaths: boolean; }>

checkExecutableFiles(...)

checkExecutableFiles(options?: DeviceAuthenticityCheckExecutableFilesOptions | undefined) => Promise<{ hasOffendingExecutableFiles: boolean; } | DeviceAuthenticityError>

| Param | Type | | ------------- | ----------------------------------------------------------------------------------------------------------------------- | | options | DeviceAuthenticityCheckExecutableFilesOptions |

Returns: Promise<DeviceAuthenticityError | { hasOffendingExecutableFiles: boolean; }>

checkPrivateWrite()

checkPrivateWrite() => Promise<{ canWritePrivate: boolean; } | DeviceAuthenticityError>

Returns: Promise<DeviceAuthenticityError | { canWritePrivate: boolean; }>

hasThirdPartyAppStore()

hasThirdPartyAppStore() => Promise<{ hasThirdPartyAppStore: boolean; } | DeviceAuthenticityError>

Returns: Promise<DeviceAuthenticityError | { hasThirdPartyAppStore: boolean; }>

isValid(...)

isValid(value: unknown) => value is string | boolean

| Param | Type | | ----------- | -------------------- | | value | unknown |

Returns: boolean

isError(...)

isError(value: unknown) => value is DeviceAuthenticityError

| Param | Type | | ----------- | -------------------- | | value | unknown |

Returns: boolean

Type Aliases

DeviceAuthenticityResult

{ // Android only isRooted?: boolean; // Both Android and iOS isEmulator?: boolean; // Android only isNotInstalledFromAllowedStore?: boolean; // iOS only isJailbroken?: boolean; // Android only apkCertSignature?: string; // If it is a string, it is the expected to be an error message. apkCertSignatureMatch?: boolean; // Android only hasOffendingExecutableFiles?: boolean; // Android only hasOffendingTags?: boolean; // iOS only hasOffendingPaths?: boolean; // iOS only canWritePrivate?: boolean; // iOS only hasThirdPartyAppStore?: boolean; // iOS only detectedThirdPartyAppStoreSchemas?: string[]; // iOS only detectedPrivateWritePaths?: string[]; // iOS only detectedOffendingPaths?: string[]; // Both Android and iOS failedChecks?: string[]; }

DeviceAuthenticityError

{ error: string; }

DeviceAuthenticityOptions

{ // Android only allowedStores?: string[]; // Android only apkCertSignature?: string; // Android only // Override for the default root indicator paths which are: // "/system/app/Superuser.apk", // "/sbin/su", // "/system/bin/su", // "/system/xbin/su", // "/data/local/xbin/su", // "/data/local/bin/su", // "/system/sd/xbin/su", // "/system/bin/failsafe/su", // "/data/local/su", // "/su/bin/su" rootIndicatorPaths?: string[]; // Android only // Override for the default root indicator tags which are: // "test-keys", // Common for many rooted devices // "dev-keys", // Development keys, often seen in custom ROMs // "userdebug", // User-debuggable build, common in rooted devices // "engineering", // Engineering build, may indicate a modified system // "release-keys-debug", // Debug version of release keys // "custom", // Explicitly marked as custom // "rooted", // Explicitly marked as rooted (rare, but possible) // "supersu", // Indicates SuperSU rooting tool // "magisk", // Indicates Magisk rooting framework // "lineage", // LineageOS custom ROM // "unofficial" // Unofficial build, common in custom ROMs // If you are planning to extend the list, please do as follow: // const completeList = [...DeviceAuthenticityWeb.DEFAULT_ANDROID_ROOT_INDICATOR_TAGS, ...yourList]; // Then use completeList in the plugin. Otherwise, the default list will be used. rootIndicatorTags?: string[]; // iOS only // Override for the default jailbreak paths which are: // "/Applications/Cydia.app", // "/Library/MobileSubstrate/MobileSubstrate.dylib", // "/bin/bash", // "/usr/sbin/sshd", // "/etc/apt", // "/private/var/lib/apt/" // If you are planning to extend the list, please do as follow: // const completeList = [...DeviceAuthenticityWeb.DEFAULT_IOS_JAILBREAK_PATHS, ...yourList]; // Then use completeList in the plugin. Otherwise, the default list will be used. jailbreakIndicatorPaths?: string[]; // iOS only // Override for the default forbidden schemas which are: // "cydia://", // "sileo://", // "zbra://", // "filza://", // "undecimus://", // "activator://" offendingAppStoreSchemas?: string[]; // Android only // Override for the default rooted paths which are: // "/system/app/Superuser.apk", // "/sbin/su", // "/system/bin/su", // "/system/xbin/su", // "/data/local/xbin/su", // "/data/local/bin/su", // "/system/sd/xbin/su", // "/system/bin/failsafe/su", // "/data/local/su", // "/su/bin/su" // If you are planning to extend the list, please do as follow: // const completeList = [...DeviceAuthenticityWeb.DEFAULT_ANDROID_ROOTED_PATHS, ...yourList]; // Then use completeList in the plugin. Otherwise, the default list will be used. androidRootedPaths?: string[]; }

DeviceAuthenticityJailbreakOptions

{ jailbreakIndicatorPaths?: string[]; forbiddenAppStoreSchemas?: string[]; }

DeviceAuthenticityRootedOptions

{ rootIndicatorPaths?: string[]; rootIndicatorTags?: string[]; rootIndicatorFiles?: string[]; }

DeviceAuthenticityInstalledFromAllowedStoreOptions

{ allowedStores?: string[]; }

DeviceAuthenticityCheckApkCertSignatureOptions

{ expectedApkSignature: string; }

DeviceAuthenticityCheckTagsOptions

{ rootIndicatorTags: string[]; }

DeviceAuthenticityCheckPathsOptions

{ jailbreakIndicatorPaths: string[]; }

DeviceAuthenticityCheckExecutableFilesOptions

{ rootIndicatorFiles: string[]; }

Type checking:

In order to check a value we need to use the type guards isValid and isError along with a cast to boolean if it is not an error.

const result = await DeviceAuthenticityWeb.checkTags();
if (DeviceAuthenticityWeb.isValid(result)) {
  const hasSuspiciousTags: boolean = result;
} else {
  const error: DeviceAuthenticityError = result;
}

Example usage:

(will try and simplify this)

  // only available on ios and android
  if (Capacitor.getPlatform() !== 'web') {
    // TODO: add options to checkAuthenticity
    const authenticityResult = await DeviceAuthenticity.checkAuthenticity();
    const failedChecks: string[] = [];
    // TODO: put into plugin if possible
    if (platform === 'ios') {
      if (authenticityResult.isEmulator) failedChecks.push('isEmulator');
      if (authenticityResult.isJailbroken) failedChecks.push('isJailbroken');
      if (authenticityResult.hasPaths) failedChecks.push('hasPaths');
      if (authenticityResult.hasThirdPartyAppStore)
        failedChecks.push('hasThirdPartyAppStore');
    } else if (platform === 'android') {
      if (authenticityResult.isRooted) failedChecks.push('isRooted');
      if (authenticityResult.isEmulator) failedChecks.push('isEmulator');
      if (!authenticityResult.apkSignatureMatch)
        failedChecks.push('apkSignatureMatch');
      if (!authenticityResult.isInstalledFromAllowedStore)
        failedChecks.push('isInstalledFromAllowedStore');
    }

    if (authenticityResult.error) {
      failedChecks.push('error: ' + authenticityResult.error);
    }

    if (failedChecks.length > 0) {
      alert(
        'Could not verify your device. Failed checks: ' +
          failedChecks.join(', ')
      );
      App.exitApp();
    }
  }

TODO

  • [ ] pass overrides in both plugins