Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.
  2. Dismiss Notice

PIE and RELRO flags not enabled related security issues for Android build when performing MAST.

Discussion in 'Android' started by SujitKadam, Aug 5, 2021.

  1. SujitKadam


    Jul 4, 2016
    We are currently developing a mobile game for an enterprise client who is also a Fortune 500 company. Hence they have strict security measures before they are willing to put it on their enterprise store. For the same, they asked us to perform a MAST or mobile application security test for the build. As you can see in the attached images from the report, it seems like some flags like the PIE (Position Independent Executables) and RELRO (Relocation Read-Only) are not enabled and hence are flagged off as High priority issues. All these issues are coming from shared library object (.so) files:
    1. lib/arm64-v8a/
    2. lib/arm64-v8a/
    3. lib/arm64-v8a/
    4. lib/armeabi-v7a/
    5. lib/armeabi-v7a/
    6. lib/armeabi-v7a/

    (refer to the attached screenshots for more details.)

    This build was created in Unity version 2019.3.14f1. However, we tried some solutions as mentioned in the scenarios below but found the same issues there as well:
    Scenario 1: Created build in the latest version of unity i.e. 2020.3.2f1 (LTS).
    Scenario 2: Created build for both Mono and IL2CPP scripting backend.
    Scenario 3: Used locally downloaded NDK and SDK.

    Has anyone come across similar issues and help us understand how to 'set' these flags or a possible solution to this.

    Attached Files:

    nick-morhun likes this.