How to > Mobile Fraud Prevention > Android and iOS Malware Prevention > How to Detect and Block Memory Injection Attacks on iOS, Android apps

How to Detect and Block Memory Injection Attacks on iOS, Android apps

Last updated May 24, 2021 by Alan Bavosa

Learn the 3 Easy Steps to Block Memory Injection in iOS, Android apps to prevent mobile game cheating and modifications to mobile app behavior, logic and functionality using dynamic instrumentation.  Stop code injection, dynamic instrumentation, dynamic script injection, and function/method hooking of Android and iOS apps during runtime.

What is Memory Injection?

Memory injection is a common method used to dynamically instrument mobile apps in order to change their behavior or logic. Cyber-criminals often use a dynamic instrumentation tool such as Frida to inspect functions as they are called, modify their arguments, and perform custom calls to functions inside a target process – all while the app is running.

Memory injection is also a common game cheating method that involves altering the running memory of a mobile game dynamically while the game is running. Memory injection can be used to cheat in mobile games by altering game scores, in-app values, player attributes and other game behaviors by creating a new memory-mapped region that can be executed, or a function hook.  The fraudster first scans the memory of the game to learn where certain values or game states are stored. Then they can use a tool like Frida to hook into the application (function hooking or method hooking) to interact with the running processes and inject their own JavaScript code which alters the game’s memory. Memory editing can be done for any mobile game where the player’s actions are stored in local memory, which is true for most mobile games.  

How to protect apps Against Memory Injection 

Appdome is a no-code mobile app security platform designed to add security features, like Block Memory Injection to any Android app without coding. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily Block Memory Injection in Android and iOS apps. 

Appdome Block Memory Injection detects and prevents code injection libraries such as MobileSubstrate from running against this app. Appdome also detects code injected into the app’s process memory and prevents it from running.

3 Easy Steps to Block Memory Injection in Android and iOS apps

 Please follow these 3 easy steps to protect Android and iOS apps against Memory Injection

  1. Upload a mobile app binary to Appdome
  2. In the Build Tab, under Anti-Fraud, Select Mobile Malware Prevention and Toggle on Block Memory Injection (shown below)
  3. Click Build My App

 

block memory injection

Congratulations! The mobile app is now protected against Memory Injection.

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps using Block Memory Injection. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

 

Prerequisites to Block Memory Injection

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps that can Block Memory Injection in iOS and Android apps. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include

 

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.

More Mobile App Security Resources

Here are a few related resources:

How to Prevent Key Injection in Android apps

How to Prevent Malicious Misuse of Android Debug Bridge (ADB)

How to Block Speed Hacking, Prevent Mobile Game Cheating

Check out Appdome’s Mobile App Security Suite or request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Have a question?

Ask an expert

MelinaMaking your security project a success!