Debugger Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | iOS | MASVS-RESILIENCE-4 |
Overview
Debugger Detection identifies whether an iOS app appears to be running under an active debugger during protected startup. It helps stop sensitive operations from beginning while the app is being inspected, stepped through, or manipulated by debugging tools.
When a debugger is detected, AppTego applies your configured response.
When To Use It
Use this control when:
- Your iOS app handles payment, identity, healthcare, enterprise, or other high-value data.
- Sensitive controls should not initialize while a debugger is attached.
- You want production telemetry for debugger activity.
- You already use jailbreaking, hooking, and tamper controls and want layered iOS coverage.
How It Works
The protected app checks platform runtime state during initialization to determine whether the process appears to be under debugger control. The exact platform calls, flags, and inspection details are not published in public documentation.
This control is intentionally lightweight and startup-focused. For broader runtime coverage, pair it with Debuggable Detection.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Runtime Attack Detection section. Under this section you will find the Debugger Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"DebuggerDetectionResponse": {
"detection": true,
"action": "close",
"title": "Debugger Detected",
"message": "A debugger is currently attached to this application.",
"buttons": ["OK"],
"actions": ["close"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables startup debugger detection. |
action | Selects the response style, such as close, alert, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- Disable or soften this control in development builds where Xcode debugging is expected.
- Profiling tools and security research workflows can legitimately trigger debugger detection.
- This control is iOS-focused. For Android runtime debugger coverage, use Debuggable Detection and Set Debuggable to False.