Debuggable Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android, iOS | MASVS-RESILIENCE-4 |
Overview
Debuggable Detection identifies signs that a production app is being actively debugged or inspected during runtime. It complements Set Debuggable to False by looking for debugger activity after the app has started, not only at build or launch time.
When debugger activity is detected, AppTego applies your configured response.
When To Use It
Use this control when:
- Attackers may attach debuggers after the app has already launched.
- Sensitive logic runs during longer sessions, not only at startup.
- You need telemetry about runtime debugging attempts in production.
- You want dynamic debugger detection alongside root, jailbreak, hook, and tamper controls.
How It Works
The protected app evaluates platform runtime signals associated with active debugging and inspection tools. AppTego uses a risk-based approach to reduce noise and fires your configured response when the environment appears unsafe.
Exact signal names, timing, thresholds, process indicators, and scoring weights are intentionally not published in public documentation.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Runtime Attack Detection section. Under this section you will find the Debuggable Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"DebuggableDetectionResponse": {
"detection": true,
"action": "close",
"title": "Debugger Detected",
"message": "Active debugging has been detected. The application will now close.",
"buttons": ["OK"],
"actions": ["close"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables runtime debugger detection. |
action | Selects the response style, such as close, alert, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- Disable or soften this control in development and QA configurations where debugging is expected.
- Performance and battery impact are designed to be low, but long-running apps should test representative sessions.
- Debugger signals can overlap with security research and profiling tools. Choose response behavior based on your production risk model.