How to Block EdXposed Framework from Modifying Android Apps

Learn the 3 easy steps to block EdXposed Framework from modifying Android Apps. Prevent hackers from using the EdXposed framework to change the behavior of the app via custom ROM. No Code, Zero Dev, No SDK.

What is EdXposed?

 EdXposed Framework  is a carryover project that stemmed from the original Xposed rooting framework. EdXposed improves on Xposed by using what’s known as a Riru module to inject code into Android’s Zygote process as part of initializing Android. Zygote is a low-level Android OS process that enables shared code across Dalvik and Android Runtime virtual machines. The net result is a more efficient way of Rooting Android, as EdXposed ‘modules’ can work across different versions and different ROMs without any changes. And because all changes are done in the memory space, you just need to deactivate the module and reboot to get your original system back.

This combination of EdXposed and Riru modules allows users to install EdXposed Framework on devices running Android 10, Pie, and Oreo.  EdXposed is used by pen testers and hackers to modify the flow of an Android app at runtime. It does this by writing custom modules for hooking into said Android apps.

block edxposed rooting android

This knowledge base article describes 3 easy steps to block EdXposed Framework from modifying Android apps. Using Appdome, you can automatically detect and block EdXposed from hacking Android apps by adding Appdome Root prevention and Anti-Tampering to the Android app. We hope you find this knowledge base useful and enjoy using Appdome!

Why Should Developers Block EdXposed? 

You can safely assume that anyone using EdXposed to modify your Android app is malicious (outside of the developer or a pen tester you hired). So you’re going to want to block malicious use of EdXposed for modifying Android apps. Appdome is a no-code mobile app security platform designed to add security features to any mobile app, instantly, without coding. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily prevent advanced hacking tools like EdXposed.   

In order to use EdXposed, the Android device must be Rooted. In addition, the hacker will also need to turn on “Enable Unknown Sources”, because that’s how they can install ‘untrusted’ programs (like custom EdXposed modules) onto an Android device.

You can add Appdome Root Prevention to any Android app in order to protect the app against EdXposed. In addition, you can optionally add Detect Unknown Sources to the Android app just to give it a little more protection against EdXposed.

3 Easy Steps to Block EdXposed

Please follow these 3 easy steps to block EdXposed Framework from modifying Android apps.

  1. Upload an Android App to Appdome’s no code security platform (.apk or .aab)
  2. In the Build Tab, under Security, Select Root Prevention 
    • Optional: Enable Detect Unknown Sources
  3. Click Build My App

appdome root prevention

Congratulations! You now have a secured mobile app that blocks the EdXposed Framework.

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android apps against EdXposed and other hacking tools. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

Prerequisites for Blocking EdXposed from Modifying Android Apps

Here’s what you need to build secured apps with Xposed prevention

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps with EdXposed protection. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, stores, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome  

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome. 

More Mobile App Security Resources

Check out related features from Appdome’s ONEShield application shielding (RASP) solution, which includes as Anti-Tampering and Anti-Debugging. Both of these features complement Root prevention to provide a layered defense against hacking tools.

Check out Appdome’s Mobile App Security Suite or request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Alan Bavosa

Have a question?

Ask an expert

DafnaMaking your security project a success!