Developer Mode detection [Android devices only]

Android developer mode allows deeper system access and debugging capabilities that can bypass app security measures. Developer mode can enable settings that facilitate the installation of uncertified applications and the execution of potentially harmful code, posing significant risks to data integrity and app functionality. FreeRASP detects whether the developer mode is enabled.

Warning: This vulnerability is particularly critical on Android 12 and 13 devices with Developer Mode enabled. A local attacker with ADB shell access can execute arbitrary code within the context of any non-system app, granting them full access to the app’s private data files, AccountManager-stored credentials, and other privileged resources. This bypasses the Application Sandbox’s intended protections, which are designed to isolate app data even from device owners.

Below are code snippets demonstrating developer mode detection across various platforms:

// Android Developer mode detection
override fun onDeveloperModeDetected() {
    TODO("Not yet implemented")
}

// Flutter Developer mode detection
onDevMode: () => print("Developer mode detected")

// Cordova Developer mode detection
devMode: () => {
    // Place your reaction here
}

// React Native Developer mode detection
devMode: () => {
    // Place your reaction here
}

// Capacitor Developer mode detection
devMode: () => {
    // Place your reaction here
}

Recommended action: Log the event on your BE

PreviousSystem VPN detection NextADB enabled detection [Android devices only]

Last updated 8 months ago