Virtual App Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android | MASVS-RESILIENCE-1 |
Overview
Virtual App Detection identifies when an Android app appears to be running inside a third-party virtualized, containerized, or parallel-app environment. These environments can allow multiple app instances, weaken device-binding assumptions, bypass enterprise policy, or support automated abuse.
When virtual environment risk is detected, AppTego applies your configured response.
When To Use It
Use this control when your app needs to protect against:
- Multi-account fraud, referral abuse, gaming abuse, or promotional abuse.
- Credential stuffing or account creation at scale across isolated app instances.
- Bypassing device binding, device fingerprinting, or account uniqueness controls.
- Corporate data being accessed outside an expected managed profile or MDM environment.
How It Works
The protected app evaluates Android environment signals associated with virtualization, containerization, non-standard execution contexts, and third-party parallel-app tools. AppTego does not publish exact file markers, package identifiers, namespace checks, or path rules in public documentation.
The control is intended to complement App Cloning Detection. In practice, cloned and virtualized environments often share risk patterns, but they are not identical.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Environment Detection section. Under this section you will find the Virtual App Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"VirtualAppDetectionResponse": {
"detection": true,
"action": "close",
"title": "Virtual Environment Detected",
"message": "This app cannot run in virtualized app environments.",
"buttons": ["Exit"],
"actions": ["close"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables virtual app detection. |
action | Selects the response style, such as alert, close, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- Enterprise work profiles, BYOD deployments, and MDM products should be tested before enforcing a hard block.
- Some power-user or developer tools create signals that overlap with virtualized app environments.
- Use logging first if you expect legitimate multi-profile usage.
- Pair this control with App Cloning Detection, Root Detection, Hook Detection, and Debuggable Detection for stronger Android coverage.