Adding tampering protection to Android and iOS apps is one of the first lines of defense to prevent unauthorized changes to your app (such as ‘mods’ and ‘fakes’).
Prevent App Modifications & Fakes with Anti-Tampering
Hackers tamper with apps using many techniques and for many reasons: to steal intellectual property, to create a fake version of your app, to deface apps, to modify app logic and insert workflows (such as asking users for a password or social security number), and the list goes on. Phil Wainwright wrote an interesting article on this topic called Anti-Tampering Mobile App Security Controls for Security Risk Advisors.
For example, hackers study your app’s logic, then modify the logic to bypass authentication controls. Other times, they’ll look for bugs or vulnerabilities in 3rd party libraries (all publicly available) and then exploit those vulnerabilities to install backdoors (kinda like what happened to WhatsApp in one of the multiple times that app was hacked). Other times they’ll make a copy of your app and distribute it on an alternative app store to divert revenue from app developers and publishers and send it to their own bank accounts.
Anti-tampering (aka: tamper protection or tamper prevention) prevents unauthorized changes to a mobile app.
Bottom line, anti-tampering is one of the first lines of defense to protect your app from the many different ways hackers can attack it.
No-code Anti-Tampering with Appdome ONEShield
At Appdome, we’ve developed a patented no-code mobile development and security platform, that enables mobile development and security teams to build secure Android and iOS apps in seconds. Whenever you build an app using Appdome, Anti-tampering gets added automatically (as part of ONEShield – Appdome’s no-code app-hardening/app shielding solution). This prevents modifications to your app after it’s released.
Appdome Anti-Tampering protects mobile apps from the following static and dynamic modifications:
- Re-signing the app
- Attempting to modify any part of the app bundle
- Modifying the application’s executable
- Repackaging the app
- Moving the application’s sandbox under the name of a different package
- Attempts to recognize and modify Appdome security defenses
This ensures that nobody can change your app after you release it.
Tamper prevention protects your app against unwanted changes, mods and hacks – all without adding development work or time to your release cycles. This is done by sealing your app and actively detecting modifications during initialization AND at multiple other points during run-time (whenever the app is being used).
Anti-Tampering is just one protection measure and complements well with Appdome’s Anti-Debugging and Anti-Reversing to form a layered defense.
What happens when Appdome detects tampering?
Thanks to Appdome’s anti-tampering, any tampering will result in the application misbehaving in a random fashion, shortly after which the app will shut itself down. The reason for this “random” misbehaving is to make every crash unique and to not give the attacker any clues as to what’s going on under the hood. Remember, hackers are constantly analyzing how apps function both statically and dynamically to gain a greater understanding of the inner workings of the app.
Thanks for reading! This blog is part of a series focused on Mobile Security Basics, which is appropriate for readers of any level looking to increase their overall mobile security knowledge.