iOS13 implements PointerEvents but has issues (https://caniuse.com/#feat=pointer). The polyfil I've been using for Safari (PEP / Pointer Events Polyfil) is standing down because it appears there is native support, causing things to break.
I've attempted to check for iOS13/iPadOS and set window.PointerEvent==undefined before polyfil activation in a vain attempt to get it to kick in, but no luck--assume there's a range of things I don't know about that need addressed in order to fully sub out a custom system.
I've moved on to alerting users of the issue, and telling them how to to turn off pointer events in experimental features and then reload, which works -- unless the tool is being launched from the home screen as an installed PWA, in which case the setting has no effect (!).
Is there a way to sidestep native input implementation with a polyfil via JS, or to force-turn-off an 'experimental feature' via JS, or to turn off an experimental feature for a PWA in any way?
Related
I have just tried to run
meteor run ios
That command emulates my application as an app. But there is just one page that would be interesting to have as an app. Can you control this in some way?
I don't think this is possible. The whole app gets exported regardless of platform, hence the universal/isomorphic apps concept. And in the universal app concept is one that I'm starting to find fault in. That said there is a better middle ground.
We'll call it sudo-universal apps. (probably a horrible name, but whatever :D)
Essentially the concept is that you have 3 codebases, for each device (web/ios/andriod) but share many of the same modules via something like npm, or potentially some other way of sharing code.
Then you can focus on the ui for each device and its strengths and weaknesses, but keep all the important logic you've built.
Check out the following:
https://voice.kadira.io/say-no-to-isomorphic-apps-b7b7c419c634#.3bn5ovts1
https://forums.meteor.com/t/say-no-to-universal-apps/16813/7
Hope this helps!
You can check whether the client code is executed on iOS or not, and change the app accordingly:
if(navigator.userAgent.match(/(iPad|iPhone|iPod)/g)) {
// Disable the links, and redirect to which page you want
}
But Justin's answer is great, a new platform usually needs more than just some tweaks. A quickly developed app has very low value for the user.
I'm just learning the Iphone security out of curiosity. This is completely a beginner question.
I've seen the posts on Stack Overflow,
How do I detect that an iOS app is running on a jailbroken phone?
How to detect that the app is running on a jailbroken device?
Those answers are providing the information on "if the app is running on a jail broken device or not". But I need to check "whether the app is running a JailBreak detection or not." ( Not in the programmer point view, but more of a Pentester point of view ). Are there any tools, methods ?
I'd achieve this by downloading Flex 2. With this tool you can view all of the variables, functions and procedures that are in an app.
Go to the patches tab, press the '+' symbol and locate the app to create a patch for. Then process the app by tapping it - don't worry about adding patch name.
Next, when you're inside the processed app you need to press "Add units". This will allow you to add overrides so that you can change what functions return and such.
Anyway, from here, you need to select a class to look inside. The jailbreak detection functions and variables are always stored in the executable. Tap the app name again at the top of all the classes under the 'executable' tab. Then just search.
Just search for "jailbreak" or "jailbroken" and if the app is running checks then it will return functions and vars related to this. I am yet to see an app that runs this check with a different function name that does not include "jailbreak" or "jailbroken".
If you'd like, I can show you how to override this detection.
I suggest you try the app "highway rider", because that has detection and you can easily see, and override it nice and easy and get the startup warning to go away if you want!
So far as I know, in iOS there are three techniques of function hooking:
preload library using DYLD_INSERT_LIBRARIES
imported symbol table redirection using fishhook
patch the functions when they are already loaded - i.e. already in memory using substrate MSHookFunction
These expose security issues so I wanna be able to detect when such things happen. For point number 1, I can apply function pointer verification to detect. However for 2 and 3, I haven't had any idea. I am very thankful for ideas that can be done to address the issue.
I had the same issue - trying to avoid any potential function hooking within my app.
My app was recently PEN tested and was found to have a vulnerability around function hooking. The security report referenced Frida as one of the main culprits for executing such an act. I'm sure most of you peeps would be familiar with this tool.
OWASP suggests a few remedial solutions for securing your app, but in this context, the section titled Anti-Debugging Checks would be the main focus.
As suggested by OWASP, I used ptrace with PT_DENY_ATTACH - denying a GDB/LLDB process to attach to the application.
From OWASP:
In other words, using ptrace with PT_DENY_ATTACH ensures that no other debugger can attach to the calling process; if a debugger attempts to attach, the process will terminate
Here is the solution I used (for Swift). I also had help from this Raywenderlich.com article (Objective-C). I can confirm that using the linked solution works - the app launches but the debugger cuts out, stopping all logs to the console. This could potentially deter hackers, but there will always be a way to get around this. As stated the Raywenderlich article linked:
Don’t get too comfortable. Hackers often use Cycript, a JavaScript-styled program that can manipulate Objective-C apps at runtime. The scariest thing is that the previous logic to check for debugging activity fails when Cycript is attached. Remember, nothing is truly secure…
However, according to Joseph Lord, writing apps using Swift can hopefully help you here. But then again, the reverse engineer always wins.
I hope this helps, in some way or form ...
Good afternoon all!
I'm experiencing a rather annoying issue with one of my current projects. I'm working with a hardware library (NVAPI Pascal header translation by Andreas Hausladen) in one of my current projects. This lib allows me to retrieve information from an NVIDIA GPU. I'm using it to retrieve temperatures, and with the help of Firemonkey's TAnimateFloat, i'm adjusting the angle on a custom-made dial to indicate the temperature.
As FMX defaults to Direct 2D on Windows, i can monitor the FPS with any of the various "gamer" tools out there (MSI Afterburner, FRAPS, etc).
The issue i'm having is that when i put the system into sleep mode (suspend to RAM/S3), and then start it up again, the interface on my application is blacked out (partially or completely), and nothing on the UI is visibly refreshing. I'm calling the initialization for the NVAPI library regularly and checking the result via a timer, but this doesn't fix the issue. I'm also running ProcessMessages and repaint on the parent dial and it's children controls (since i can't seem to find a repaint for the form or even an equivalent).
I tried various versions of the library, and each one presents the same issue. The next paragraph indicates that this was in fact NOT the issue, and that it's actually the renderer at fault.
I have one solution, but i want to know if there's something more... elegant, available. The solution i have involves adding FMX.Types.GlobalUseDirect2D := False; before Application.Initialize in my projects source. However, this forces FMX to use GDI+ rather than Direct2D. It works of course, but i'd like to keep D2D open as an option if i can. I can use FindCmdLineSwitch to toggle this on/off dependant on parameters, but this still requires me to restart the application to change from D2D to GDI+ or vice-versa.
What's weird about it is that the FPS counter (from FRAPS in my case) indicates that there's still activity happening in the UI (as the value changes as would be expected), but the UI itself isn't visibly refreshing.
Is this an issue related to Direct2D, or a bug with Firemonkey's implementation? More importantly, is there a better method to fixing it than disabling D2D? Lastly, also related, is it possible to "reinitialize" an application without terminating it first (so perhaps i can allow the user to switch between GDI+ and D2D without needing to restart the application)?
This is may be of the issues with FM prior to the update 4 hotfix - 26664/QC 104210
Fixes the issue of a FireMonkey HD form being unresponsive after user unlock - installing this might resolve the issue for you.
The update should be part of your registered user downloads from the EDN (direct link http://cc.embarcadero.com/item/28881).
I am working on porting an XNA game to another platform. Some of the items in the compliance check list involve making sure the game remains in full-screen mode, cannot be minimized and that the windows key, win - m, and alt-tab are disabled. The only way to exit the game is supposed to be through the platform API (think exiting an Xbox or PS3 game by pressing the home or guide buttons).
It been difficult to find any information on this since most responses to previous questions are "never remove system functionality" but in my case specifically, those are requirements.
So is there a way to handle forced full-screen and disable minimizing? I haven't been able to find a way to get WndProc to work. Likewise for key events I need to disable. I can't find a way to intercept and handle the windows messages that control these events.
This post seems to give the interop code needed for hooking into the window message loop and overriding the Windows key events:
Disable Special Keys in Win App C#
Will the .IsFullScreen = true property not solve your issue? It will help with the screen but not with the keyboard disablement.