Developer Options Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android, iOS | MASVS-RESILIENCE-1 |
Overview
Developer Options Detection identifies device and app states associated with development tooling, debugging access, or development-mode operation. Developer settings can be legitimate for testing, but in production they can weaken the device posture and increase the risk of inspection, tampering, or data extraction.
When developer-mode risk is detected, AppTego applies your configured response.
When To Use It
Use this control when:
- Production sessions should not run on devices configured for debugging or development access.
- Your app handles payment, identity, healthcare, enterprise, or regulated data.
- You want visibility into users running production builds with development tooling enabled.
- Developer posture should influence risk scoring or step-up decisions.
How It Works
The protected app evaluates platform-specific development and debugging posture. Android and iOS expose different signals, so AppTego uses platform-appropriate checks and response behavior.
Public documentation does not publish exact setting names, entitlement checks, library indicators, or monitoring mechanisms used by the control.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Device Compromise Detection section. Under this section you will find the Developer Options Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"DeveloperOptionsDetectionResponse": {
"detection": true,
"action": "warn",
"title": "Developer Settings Detected",
"message": "Your device appears to have developer settings enabled. Some features may be restricted.",
"buttons": ["OK"],
"actions": ["warn"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables developer options detection. |
action | Selects the response style, such as warn, alert, close, or log. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- Developers, QA testers, and power users may intentionally enable developer settings. Use a development configuration for internal testing.
- Enterprise-managed devices may allow some developer features for support workflows. Validate with your MDM policies before hard blocking.
- Developer posture is most useful when combined with debugger, hook, root, jailbreak, and tamper signals.