How to Detect App Tampering & Repacking using Kotlin

App tampering and repacking are silent killers of mobile apps. Attackers can modify your APK, inject malicious code, and redistribute it as if it were yours. Luckily, there are solutions which make detecting tampering in Kotlin-based apps simple and reliable.

What is App Tampering & Repacking?

App tampering occurs when attackers alter your APK’s code, assets, or configuration without authorization. Once modified, they “repack” the app into a new APK and distribute it. Often spreading malware or tricking users into installing a counterfeit version.

Real-world examples include:

• Fake banking apps stealing credentials.

• Modified games with cheat engines or hidden malware.

• Apps stripped of ads, in-app/subscription purchases, or security checks.

Think of it like someone copying your book, rewriting a few chapters, and publishing it under your name. Only this time, it’s malicious software.

Statistics

Our data shows, that around 0.08% of devices where developer mode is enabled.

How to Detect App Tampering?

Detecting tampering isn’t just about checking the APK’s checksum once — attackers can bypass simple checks. Detection must be ongoing, multi-layered, and resistant to bypasses.

Manual or DIY solutions (like hardcoding hash checks) quickly become outdated. Instead, developers rely on expert-maintained SDKs that:

• Verify APK integrity at runtime.

• Detect manifest modifications and signature mismatches.

• Prevent repackaged versions from running.

freeRASP (by Talsec)

• Strong tamper detections

• Actively maintained (changelog)

• Comes with 14 extra detections like app integrity, Frida and hooking, emulators, debugging, screenshots, etc.

• Used by 6000+ apps; #1 Mobile RASP SDK by popularity (link)

Integration Example:

Talsec.start(applicationContext)

override fun onTamperDetected() {
    Log.w("freeRASP", "App tamper detected!")
    // Optionally block sensitive actions or warn the user
}