[iOS 26 Beta] False positive security triggers (appIntegrity / hooks) on iOS 26.x Developer Beta — app blocked on launch

[dabhi-darshan]

Description

freerasp-react-native v4.5.1 (and latest v5.0.0) triggers false positive
security callbacks on devices running iOS 26.x Developer Beta, causing the
app to be completely blocked on launch.

The app shows a security alert dialog and exits immediately.
No user interaction is possible.

Library Version

• freerasp-react-native: 4.5.1
• iOS SDK bundled: 6.14.1
• Also reproduced on: freerasp-react-native 5.0.0 (iOS SDK 6.14.4)

Device and OS

• Device: iPhone 14 Pro Max
• OS: iOS 26.6 Developer Beta
• Platform: iOS only
• Build type: Production (isProd: true, killOnBypass: true)

Expected Behaviour

App should launch normally on iOS 26.x Developer Beta.
iOS 26 Beta is a legitimate Apple OS and does not represent a
jailbroken or tampered device.

Actual Behaviour

On app launch, one or more of the following callbacks fire immediately:

• appIntegrity
• hooks
• privilegedAccess

This triggers a security alert dialog and the app exits.
The same error does NOT occur on stable iOS 18.x on the same device.

Steps to Reproduce

1. Install the app (production build, isProd: true) on an iPhone
   running iOS 26.x Developer Beta
2. Launch the app
3. Security Compliance Error dialog appears immediately
4. App exits — no further interaction possible
5. Reinstalling, updating the app, restarting the device does not help
6. Downgrading the device to iOS 18.x resolves the issue immediately

Configuration

Callbacks enabled in our implementation:

• privilegedAccess
• appIntegrity
• hooks
• deviceBinding
• secureHardwareNotAvailable
• systemVPN
• passcode

Config flags:
isProd: true
killOnBypass: true

Analysis

iOS 26 Developer Beta includes:

• OS-level developer diagnostic entitlements
• Modified code-signing properties compared to stable iOS
• Built-in developer instrumentation frameworks

These characteristics appear to be incorrectly detected by the iOS SDK
(v6.14.1 and v6.14.4) as a hostile or tampered environment, resulting
in false positive callbacks.

The same device on stable iOS 18.x does NOT trigger any callbacks.

Impact

• All users on iOS 26.x Developer Beta are completely blocked
  from using the app on launch
• This will escalate to a CRITICAL issue when iOS 26 GA ships
  publicly to all iPhone users
• No workaround is available from the app side without bypassing
  security checks entirely

Temporary Workaround Applied on Our Side

We are applying an OS version gate to exclude iOS 26+ from FreeRasp
enforcement until official support is available:

const deviceOSVersion = parseInt(DeviceInfo.getSystemVersion(), 10);
const isUnsupportedIOSBeta = Platform.OS === 'ios' && deviceOSVersion >= 26;

const isProd = !__DEV__ && isRootCheckEnable &&
               Keys.ENV === 'production' && !isUnsupportedIOSBeta;

This is a temporary measure only. We intend to remove this gate once
freerasp-react-native officially supports iOS 26.

Request

1. Please confirm if iOS 26 Developer Beta is a known false positive issue.
2. Please provide an estimated timeline for iOS 26 SDK support.
3. If a workaround exists at the SDK or config level, please advise.

Additional Context

• Previous false positive fixes in v4.5.2 covered iOS 13, 14, 15, 16 only
• v5.0.0 changelog contains no mention of iOS 26 support
• Issue is 100% reproducible on iOS 26 Beta
• Issue is 0% reproducible on stable iOS 18.x on the same device