App Tamper Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android, iOS | MASVS-RESILIENCE-2 |
Overview
App Tamper Detection verifies that the installed application still matches the protected build produced by AppTego. It helps detect repackaging, unauthorized signing changes, injected code, modified resources, and other changes that can appear when an app is redistributed outside the official release path.
When tampering is detected, AppTego applies your configured response. High-risk apps usually close immediately, while lower-risk apps may log during rollout to evaluate false positives.
When To Use It
Use this control when your app needs to protect against:
- Repackaged APKs or IPAs distributed through unofficial channels.
- Code or resource modification after the app leaves your build pipeline.
- Unauthorized signing or resigned application packages.
- Injected native libraries, modified metadata, or altered protected resources.
How It Works
During protected build creation, AppTego records integrity metadata for critical application resources. At runtime, the protected app verifies that the installed package still matches the expected protected build state. A confirmed mismatch fires the configured response.
Public documentation does not expose exact hash composition, persistence keys, storage behavior, or resource-selection rules. Those implementation details are part of the protection model and may change across platform versions and build pipelines.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the App Integrity And Attestation section. Under this section you will find the App Tamper Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"AppTamperCheck": {
"detection": true,
"action": "die",
"title": "Security Alert",
"message": "This application appears to have been modified. Please install the official version.",
"buttons": ["Exit"],
"actions": ["die"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables app tamper detection. |
action | Selects the response style, such as die, close, logout, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- Apps that apply over-the-air code or resource updates should test carefully because legitimate post-release changes can look like tampering.
- Debug and locally signed builds may not match production integrity metadata. Use development configurations for QA builds.
- Test tamper enforcement with production-signed builds on physical devices before enabling hard blocking.
- Tamper detection should be paired with root, jailbreak, hook, debugger, and attestation controls for stronger coverage.