App tampering detection

Every application can be easily modified and then resigned by an attacker. This process is known as application repackaging. There may be many reasons for application repackaging, whether it's adding new code, removing app protections, or bypassing app licensing. A modified/tampered application is often distributed using third-party stores or other side channels.

Talsec uses various checks to detect whether the application was tampered (e.g., changed package name, signing hash).

Make sure that you have integrated Talsec correctly (e.g., signing certificate hash). Otherwise, this check might be triggered very often.

Below are code snippets demonstrating app tampering detection across various platforms:

// Android tampering
override fun onTamperDetected() {
    TODO("Not yet implemented")
}

// iOS signature
case signature

// Flutter tampering and signature detection
onAppIntegrity: () => print("App integrity")

// Cordova tampering and signature detection
appIntegrity: () => {
    // Place your reaction here
}

// React Native tampering and signature detection
appIntegrity: () => {
    // Place your reaction here
}

// Capacitor tampering and signature detection
appIntegrity: () => {
    // Place your reaction here
}

Recommended action: Kill the application.

PreviousHook detection NextDebugger detection

Last updated 2 months ago