A simple library that can help you detect if you app is modded or tampered with or debugger tools are being used to break your app and checks install source.
Tamper Detector is an independent project with ongoing development and support made possible thanks to donations made by you.
To integrate tamper detector to your project, Follow the below steps
Step 1. Add the JitPack repository to your build file. Add it in your root build.gradle at the end of repositories:
allprojects {
repositories {
...
maven { url "https://jitpack.io" }
}
}
Step 2. Add the dependency
dependencies {
debugImplementation 'com.github.mukeshsolanki.Android-Tamper-Detector:tamperdetector-no-op:1.0.0'
releaseImplementation 'com.github.mukeshsolanki.Android-Tamper-Detector:tamperdetector:1.0.0'
}
Okay seems like you integrated the library in your project but how do you use it? Well its really easy
- Debugger Check
You can make a debugger check before running any function by calling
guardDebugger()
guardDebugger({
//No debugger tools detected continue executing the code.
}, {
//Some debugger tools were detected.
})
- Verify Installer
To verify whether your app is downloaded from the right source call
verifyInstaller()
this.verifyInstaller(Installer.GOOGLE_PLAY_STORE)?.let {
if (it) {
// App is installed from Google Play
} else {
// App is not installed from Google Play
}
}
- Verify Signature
To verify whether your app has been modified or not you can use
validateSignature()
. You can get your release signature from here
if (this.validateSignature("INSERT YOUR RELEASE SIGNATURE HERE") == Result.VALID) {
// Signature is valid continue using the app
} else {
// Signature is invalid likely a modded version of the app
}
This would be a onetime process. Inorder to get your signature you would have to temporarily enable debugging on the release version of the app and sign the app. Don't worry you don't have to publish the app you just want to take a look at the logs for the release version.
Step 1. Change the releaseImplementation to point to 'com.github.mukeshsolanki.Android-Tamper-Detector:tamperdetector-no-op:1.0.0'
Step 2. Adding the debuggable true
to your app/build.gradle
file
...
buildTypes {
debug {
}
release {
debuggable true // This is the temporary flag we added. Please remove this once you have got the signature
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
...
Next we are going to call the getSignature()
to get and log our signature.
Log.d("Signature", context.getSignature())
Sign the app and run the release version and look at logcat. You should be able to see your release signature on the console. Note it down and then we can use this to securely validate your apk using validateSignature()
.
Please remove the debuggable flag and change the releaseImplementation to the original one back once you have noted down the signature. Also the getSignature() method only works on the debug version and not on production
Maintained by Mukesh Solanki
- Bug reports and pull requests are welcome.
MIT License
Copyright (c) 2019 Mukesh Solanki
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.