App Cloning Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android | MASVS-RESILIENCE-1 |
Overview
App Cloning Detection identifies when an Android app appears to be duplicated, isolated, or launched through a cloning feature rather than running as the primary installed application. Cloning can undermine account separation, device binding, fraud controls, and enterprise device-management assumptions.
When cloning is detected, AppTego applies your configured response. High-risk apps often block cloned environments, while consumer apps may begin with telemetry to understand legitimate usage.
When To Use It
Use this control when your app needs to protect against:
- Multi-account fraud, referral abuse, bonus abuse, or ban evasion.
- Account takeover automation across multiple isolated app instances.
- Use of corporate apps outside expected managed environments.
- App instances that bypass device-level policy or account uniqueness assumptions.
How It Works
The protected app evaluates Android environment signals associated with duplicated app instances, virtualized storage, manufacturer cloning features, and third-party cloning tools. AppTego does not publish the exact package lists, path checks, signatures, or scoring logic because those details are part of the protection model and change as cloning tools evolve.
The control is designed to account for legitimate enterprise work-profile usage where possible, but any cloning policy should be tested with the device-management products your users rely on.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Environment Detection section. Under this section you will find the App Cloning Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"AppCloningDetectionResponse": {
"detection": true,
"action": "close",
"title": "App Cloning Detected",
"message": "This app cannot run in cloned or duplicated environments.",
"buttons": ["Exit"],
"actions": ["close"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables app cloning detection. |
action | Selects the response style, such as alert, close, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- Some Android manufacturers provide legitimate dual-app features. Decide whether those features are acceptable for your threat model.
- Enterprise work profiles and MDM-managed environments should be included in QA before enforcing a hard block.
- Cloning risk often overlaps with virtual app, root, debugger, and hook risk. Use related controls together for stronger coverage.