# How to Detect App Tampering & Repackaging using Kotlin

App tampering and repacking are silent killers of mobile apps. Attackers can modify your APK, inject malicious code, and redistribute it as if it were yours. Luckily, there are solutions which make detecting tampering in Kotlin-based apps simple and reliable.

<figure><img src="https://1548930415-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNjTFXsqCLQ3RU2oA2uHC%2Fuploads%2FJ5gXxPzgpzZ8UGdyzyZa%2Fportal%20(2).png?alt=media&#x26;token=07a2b68f-9f1c-4f55-a805-ce000abeec49" alt=""><figcaption></figcaption></figure>

### What is App Tampering & Repacking?

App tampering occurs when attackers alter your APK’s code, assets, or configuration without authorization. Once modified, they “repack” the app into a new APK and distribute it. Often spreading malware or tricking users into installing a counterfeit version.

Real-world examples include:

* Fake banking apps stealing credentials.
* Modified games with cheat engines or hidden malware.
* Apps stripped of ads, in-app/subscription purchases, or security checks.

Think of it like someone copying your book, rewriting a few chapters, and publishing it under your name. Only this time, it’s malicious software.

### Statistics

Our data shows that around 0.08% of devices have breached app integrity.&#x20;

<figure><img src="https://1548930415-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNjTFXsqCLQ3RU2oA2uHC%2Fuploads%2FC9Fi4iyFmv2qDWDojCde%2Fimage.png?alt=media&#x26;token=dd420fc5-8ccb-42dc-b2db-b47f51ade5c8" alt=""><figcaption><p>Global Threat Rate for Tampering (source my.talsec.app)</p></figcaption></figure>

{% hint style="success" %}
More actual global data can be found at [Talsec portal](https://my.talsec.app/).
{% endhint %}

## How to Detect App Tampering?

Detecting tampering isn’t just about checking the APK’s checksum once — attackers can bypass simple checks. Detection must be **ongoing, multi-layered, and resistant to bypasses**.

Manual or DIY solutions (like hardcoding hash checks) quickly become outdated. Instead, developers rely on **expert-maintained SDKs** that:

* Verify **APK integrity** at runtime.
* Detect **manifest modifications** and **signature mismatches**.
* Prevent repackaged versions from running.

### DIY Coding Guide

You can implement yourself simple integrity detection check like this:

```kotlin
fun isAppTampered(context: Context): Boolean {
    return try {
        // Check if APK signature matches
        val packageManager = context.packageManager
        val packageName = context.packageName
        val signatures = packageManager.getPackageInfo(
            packageName,
            android.content.pm.PackageManager.GET_SIGNATURES
        ).signatures

        // Compare with expected signature hash (you need to hardcode your app's signature)
        val expectedSignature = "YOUR_EXPECTED_SIGNATURE_HASH" // Replace with your app's actual signature
        val actualSignature = android.util.Base64.encodeToString(
            signatures[0].toByteArray(),
            android.util.Base64.NO_WRAP
        )

        actualSignature != expectedSignature
    } catch (e: Throwable) {
        true // If we can't verify, assume tampered
    }
}
```

### **Use freeRASP (free library by Talsec)**&#x20;

Talsec provides a universal solution that covers many of your app security needs:

* Strong tamper detections
* Actively maintained ([changelog](https://docs.talsec.app/freerasp/whats-new-and-changelog))
* Comes with [14 extra detections](https://docs.talsec.app/freerasp/wiki/threat-detection) like root/jailbreak detection, Frida and hooking, emulators, debugging, screenshots, etc.
* Used by 6000+ apps; #1 Mobile RASP SDK by popularity ([link](https://42matters.com/sdk-analysis/top-security-and-privacy-sdks#talsec))

Integration is straightforward and callback-based, allowing for simple and **readable** implementation of protection.

**Integration Example:**

```kotlin
Talsec.start(applicationContext)

override fun onTamperDetected() {
    Log.w("freeRASP", "App tamper detected!")
    // Optionally block sensitive actions or warn the user
}
```

#### Commercial Alternatives

When evaluating mobile app security and Runtime Application Self-Protection (RASP), developers often compare various Talsec alternatives to find the right fit for their architecture. The "right choice" depends on the specific problem you need to tackle and which vendor offers the best **bang for your buck**.

The market is diverse, offering different philosophical approaches to protection. Talsec prioritizes top-tier root detection and a balanced security SDK portfolio covering the most popular attack vectors. Meanwhile, some vendors specialize primarily in heavy code obfuscation and compiler-based hardening, while others focus on a drag-and-drop (no-code) integration experience for DevOps-oriented teams. There are also solutions dedicated specifically to API security, active cloud hardening, enterprise compliance, or gaming protection. The most prominent providers alongside **Talsec** include **Guardsquare**, **Appdome**, **Promon**, **Build38**, **Approov**, and **AppSealing**.

## Key Takeaway

App tampering and repackaging let attackers modify your APK, strip protections, or spread counterfeit versions that steal data or revenue. Detection doesn’t have to be DIY or error-prone—simple checksum checks are easily bypassed. Tools like **freeRASP** provide reliable, continuously updated runtime protection with strong tamper detection and 14+ extra checks, letting you respond proactively to integrity breaches.

👉 If you want tampering detection plus root, jailbreak, Frida, emulator, debugging, screenshot, and malware protection in one free package, start with [freeRASP by Talsec](https://app.gitbook.com/s/Q2PxZTOjhquOxcxftTrm/freerasp/introduction).

{% hint style="success" %}
Handle App Security with a Single Solution! Check Out Talsec's Premium Offer & Plan Comparison!<br>

#### Apps Security Threats Report 2025

<https://www.talsec.app/talsec-global-threat-report-2025>

#### Plans Comparison

<https://www.talsec.app/plans-comparison>

#### &#x20;Premium Products:

* [RASP+](https://app.gitbook.com/s/xFHPMAbn16uoDyOtoiaC/product/rasp) - An advanced security SDK that actively shields your app from reverse engineering, tampering, rooting/jailbreaking, and runtime attacks like hooking or debugging.
* [AppiCrypt](https://docs.talsec.app/premium-products/product/appicrypt) (Android & iOS) & [AppiCrypt for Web](https://app.gitbook.com/s/xFHPMAbn16uoDyOtoiaC/product/appicryptweb) - A backend defense system that verifies the integrity of the calling app and device to block bots, scripts, and unauthorized clients from accessing your API.
* [Malware Detection](https://docs.talsec.app/premium-products/product/malware-detection) - Scans the user's device for known malicious packages, suspicious "clones," and risky permissions to prevent fraud and data theft.
* [Dynamic TLS Pinning](https://docs.talsec.app/premium-products/product/app-hardening#about-dynamic-tls-pinning) - Prevents Man-in-the-Middle (MitM) attacks by validating server certificates that can be updated remotely without needing to publish a new app version.
* [Secret Vault](https://docs.talsec.app/premium-products/product/app-hardening#about-secret-vault) - A secure storage solution that encrypts and obfuscates sensitive data (like API keys or tokens) to prevent them from being extracted during reverse engineering.
  {% endhint %}