How To Detect Malware Controls in Android Apps

Last updated September 29, 2021 by Alan Bavosa

Learn 3 easy steps to detect malware controls in Android applications to prevent mobile malware from performing malicious actions against apps and users.

What is Mobile Malware?

Mobile malware is any malicious software designed to cause harm to a mobile application or exploit mobile users. Malware often involves trickery and unintended use (aka abuse) of legitimate functionality in order to gain additional capabilities, escalate privileges, or establish backdoors. For example, mobile malware may place modules on the SD card or in shared locations on the device so that it can inject those modules into apps. Sometimes malware tricks users into enabling permissions or OS features that the malware can then abuse (such as AccessbilityServices or Android Unknown Sources). Other times malware may open random sockets that can be used to communicate between malware modules or with a C&C system to receive updates or additional dropper payloads.

You can use Appdome Detect Malware Controls to defend Android applications against mobile malware.

What is Appdome’s Detect Malware Controls Feature?

Appdome’s Detect Malware Controls feature detects advanced techniques used by malware to hide itself and to enable the malware to communicate with Android applications.

  • Detect Random Sockets – Appdome detects specific sockets used by malware as a backdoor to communicate between modules.
  • Detect Suspicious Modules – Appdome detects module binaries that were side-loaded (not installed from Google Play), or installed in suspicious locations (such as the SD card or in shared locations).

Threat Events for Detect Malware Controls

When Appdome detects a threat related to Malware Controls, the application will exit/close in order to protect itself (as the default action). Alternatively, developers can use Appdome Threat Events to achieve different enforcement actions when Appdome detects a threat.

Using Threat Events, when a threat is detected by Appdome, instead of the app exiting/closing, Appdome will pass the event back to the mobile application to handle enforcement, according to the enforcement action that you select at the time you build/secure the app on Appdome.

Appdome Threat-Events use industry-standard notification methods to pass security events between Appdome’s detection layer back to the mobile application, informing the app anytime a malicious event is detected and passing along information related to the threat using a key-value pair format.


To start receiving Threat-Events for Detect Malware Controls, you need to register your app to listen for Appdome events using the following Threat Event names (key)

Threat Event Name for Detect Random Sockets: MalwareRandomSocketDetectedDetect

Threat Event Name for Detect Suspicious Modules:  MalwareModuleDetected 

Visit this Knowledge Base article for details on how to implement Threat Events in your mobile application, and to download the specific code that is relevant for your application’s development framework.


3 Easy Steps to Detect Malware Controls in Android apps

Please follow these 3 easy steps to add Appdome’s Detect Malware Controls feature to an Android app.

  1. Upload an Android app (.apk or .aab)
  2. In the Build Tab, under Anti-Fraud, click Mobile Malware Prevention, Select Detect Malware Controls (shown below)
    • (Optional) You can customize the App Compromise Notification message that will be displayed to the mobile user when Appdome detects a threat.
      (Optional) Turn-ON the Threat-Events toggle for Detect Random Sockets and select the desired enforcement action (‘In-App Detection’ or ‘In-App Defense’).
    • (Optional) Turn-ON the Threat-Events toggle for Detect Suspicious Modules and select the desired enforcement action (‘In-App Detection’ or ‘In-App Defense’).
  3. Click Build My App


Congratulations! Your mobile application can now Detect Malware Controls in Android apps.

Build My App Success (Mattermost)


Here’s what you need to build secured apps with Appdome’s Detect Malware Controls feature

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to secure Android apps using Detect Malware Controls. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome  

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome. 

How to Learn More

Check out the following related KB articles and resources:

Mobile Malware Prevention

How to Block StrandHogg Malware and Protect Android Apps Against Overlay Attacks

How to Block Overlay Attacks on Android Apps

How to Block Magisk Manager, Prevent Rooting Android Apps

If you have any questions, please send them our way at or via the chat window on the Appdome platform.

Or request a demo at any time.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Have a question?

Ask an expert

MoathMaking your security project a success!