I’m against building Linux apps incompatible with sudo.
P.S. Your extension works fine. Good job.
Thanks mate. My misunderstanding.
My Sincere Apologies.
I have a question, to protect my app, for whpackage nam? I read someting about Magist or Magic but i dont know what package name this app has.
Can someone explain me for what i have to search to make the app more safer against hacking.
Magisk has no fixed Package Name. It can’t be reliably detected.
Ok, so and what can i do now, to protecr my app? To check for a emulator which was my idea ok, and to check for root ok and what can i do more to protect my app. Do have a solution to check if the adb is running? Or if the usb port is running not for charging ( to send data) , because if the adb is running or the usb port is running in data transfer modus, i want to stop the app.
i want to ask at the app start, and i want to check if adb is running each 2 sec with a timer or so
Than i let the phone crash. We have a nice extension which let your app/phone crashing.
And i will not give the user the api codes which the user needs to run the app witgh all features.
Yes . ADB debug check is in the HackProtect
What’s wrong with you guys?!
Duuude. You’ll ruin performance so that you can ruin the UX?
oK nice, my last info was that this will come, i didnt know that it is out.Thanks.
Is that all what we can check to protect the app from hacking? What do / did you guys also to prorect your apps?
If someone really wants to do it, they’ll do it.
Give users no reason to break open the APK, and use different Firebase projects for the apps. Take regular DB backups. Trust the user if you want to be trusted by them.
I do not agree 100%. While I do agree that “a lock only keeps out an honest person” you do not leave your door open. I agree with @plang58 that certain steps need to be taken to secure the app, which is why I created the extension.
I have a very finicky group of users (lawyers and financial advisors) so I have to at least show I am taking big steps to secure.
Checking for debugging every 2 seconds is a bit much perhaps. Just shut the app down if it is paused. If there is no debug on when app is started, if you pause, close the app.
I have some ideas on how to massively improve hackprotect in root detection. Once I get my new version of my app out, I will make some changes.
I don’t think this a good solution.
I think, license verification and checking for root is enough to protect basic modifications.
There are a lot of apps which modifies apps, system, etc. and checking for all of them is a bad choice. Also, whatever you do, there will always a solution to hack. Because we can see almost every day a new app comes to the public to modify apps/system. It is almost impossible to make a non-hackable app. Because even most systems can’t stop hacking totally. So they are preferring to add verification.
Maybe you can add a verification system or something when a user uses your app, instead of trying to disable all hack solutions. So, you can know which user made an abnormal activity (for example earning a lot of in-app digital products instantly) in your app.
This is very clever indeed! Especially in a game, we can know what’s the max a user can progress per unit time. Anything abnormal can be determined with ease.
Can I know what such a app you are developing that you need so much security?
i use a lot of different api keys in my app and i have to pay a lot of money for some api keys. For one call i have to pay.
And there are sensible user data inside the app which the user put in his app.
And i dont want that a crazy guy take my api key and make some fake calls with it and i have to pay.
I have made a system which changes each day the api keys to new ones.
And for a part of the app the user will get the important key from me by email.
If he has not the key he dont get any data.
The same is if a user tried it to hack my app with fake codes or so he will maked in a list and he cannot use the app in the future with his gmail account. And his phone is blocked also.
My app can only be download via app store. this i check also.
A user cant run the app if he istalled it without google.
Just got an idea for a new block… What about a “Is custom recovery installed” block?
Usually a custom recovery creates a folder in the storage (for example TWRP creates a “TWRP” folder in the internal memory).
I guess that it could be like “if /sdcard/TWRP” directory exist then a custom recovery is installed".
Then the use could be like "if is custom recovery installed == true show popup “a custom recovery is installed”.
Could be useful to detect custom rom users and people who roots the device (as magisk must be flashed throug a custom recovery… SuperSU can also be flashed throug download mode on Samsung devices but it’s not so used) and help if an app should run on an untouched OS.
The TWRP folder is just a backup folder where the OS is backed up. It can be deleted and voila Bypassed the security! In My Opinion Adding Security by blocking rooted Device is not right. Do proper code via block and it will make the app secure
I think it’s not that a rooted device could affect app security.
It’s bad because it could let you use apps like GameGuardian or Lucky Patcher…
What if they use it? Take The famous game Clash of Clans as an example. It cannot be hacked using Game guardian or Lucky Patcher and also it allows rooted players to play. The security lies in the app not by blocking rooted users
Volunteers Needed
I have a new version but I need it to be tested by people who can get some of the events to work. Let me know please, and which parts you can test.
Now before the hate mail starts, these are just extra tools that can be used in some circumstances. It is not intended nor do I claim that this is going to work for 100% of rooted devices.
Here are the new blocks. All just boolean.
-
Play Store Installed just checks to make sure the app was installed from Playstore and not sideloaded.
-
Check for Super User APK. It checks for APK’s from com.noshufou, eu.chainfire.supersu, and com.koushikdutta.superuser, or any package with the name magisk in it. More packages can be added if recommended.
-
Is Patching APK Installed. It checks for common packages used to cheat like luckypatcher, rommanager, and lackypatch
-
Is Release Builld. This checks to see if the android build is official, or not. This can be used to prevent developer or non official build from using your app.
-
Is RO Secure. This is another way to test if a device is rooted.
I feel wrong for saying this but, at this point I’m routing/rooting for Magisk, Lucky Patcher, ETC… You guys act like it’s this big thing, this prevents people from wanting your app. At minimum check if the device has root. I don’t think an app being installed from the Package Installer is much of a safety feature, I get you can disable blocks when you’re installing but, come on.