Skip to content

Feature Request: Add library/module whitelist for hook detection to reduce false positives #2

Description

@alexanderkind

Description

We are using legitimate third-party libraries that technically perform "hooking" (e.g., libGlossHook.so, libshadowhook.so, audio libraries like BASS with bassinithook). These libraries are essential for our app's functionality (advertising SDKs, audio processing, etc.).

flutter_rasp detects them as a HOOK threat and, depending on the configured ThreatPolicy, terminates the application. This results in false positives on clean, non-jailbroken/non-rooted devices.

Logs

shadowhook version 2.0.0: shadowhook init(default_mode: UNIQUE, debuggable: false), return: 0, real-init: yes
GlossHook is exist at: /data/app/.../base.apk!/lib/arm64-v8a/[libGlossHook.so](https://libglosshook.so/)
[sv:dbg:playback:bassinithook] : module loading...

All of these are legitimate and required for our app to function correctly.

Proposed Solution

We propose adding a whitelist mechanism for libraries or modules that should be ignored during HOOK detection.

Implementation idea:

  • Add a new parameter to AndroidRaspConfig and IosRaspConfig, e.g.:
    AndroidRaspConfig(
      // ... existing params
      ignoredLibraries: ['libGlossHook.so', 'libshadowhook.so'],
    )
    

When HOOK detection runs, RASP would skip libraries that match the whitelist.
This would allow developers to exclude known, trusted, and legitimate hooks without disabling the entire HOOK detection mechanism.

Thank you for your excellent work on this package. We believe this feature would be a valuable addition and would greatly appreciate your consideration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions