Search Unity

  1. We are migrating the Unity Forums to Unity Discussions. On July 12, the Unity Forums will become read-only. On July 15, Unity Discussions will become read-only until July 18, when the new design and the migrated forum contents will go live. Read our full announcement for more information and let us know if you have any questions.
    Dismiss Notice
  2. Dismiss Notice

PIE and RELRO flags not enabled related security issues for Android build when performing MAST.

Discussion in 'Android' started by SujitKadam, Aug 5, 2021.

  1. SujitKadam

    SujitKadam

    Joined:
    Jul 4, 2016
    Posts:
    1
    Hi,
    We are currently developing a mobile game for an enterprise client who is also a Fortune 500 company. Hence they have strict security measures before they are willing to put it on their enterprise store. For the same, they asked us to perform a MAST or mobile application security test for the build. As you can see in the attached images from the report, it seems like some flags like the PIE (Position Independent Executables) and RELRO (Relocation Read-Only) are not enabled and hence are flagged off as High priority issues. All these issues are coming from shared library object (.so) files:
    1. lib/arm64-v8a/libil2cpp.so
    2. lib/arm64-v8a/libmain.so
    3. lib/arm64-v8a/libunity.so
    4. lib/armeabi-v7a/libil2cpp.so
    5. lib/armeabi-v7a/libmain.so
    6. lib/armeabi-v7a/libunity.so

    (refer to the attached screenshots for more details.)

    This build was created in Unity version 2019.3.14f1. However, we tried some solutions as mentioned in the scenarios below but found the same issues there as well:
    Scenario 1: Created build in the latest version of unity i.e. 2020.3.2f1 (LTS).
    Scenario 2: Created build for both Mono and IL2CPP scripting backend.
    Scenario 3: Used locally downloaded NDK and SDK.

    Has anyone come across similar issues and help us understand how to 'set' these flags or a possible solution to this.
     

    Attached Files:

    nick-morhun likes this.