HackProtect v4.1 UPDATE (Emulator Detection) 
HackProtect.aix (13.7 KB)
ChangeLog
New Features:
-
AmazonStoreInstalled: Returns true if application was installed via Amazon
-
PlayStoreInstalled: Returns true if the application was installed via GooglePlay
-
GetPackagerManagerName: . Gets the name of the Package Manager that installed the app.
-
GetPackageName: Returns the name of the current application package,
-
IsRoSecureRoKernelQemu: This returns true if either the ro.secure or ro.kernel.qemu have been modified, which is a root indicator as the kernel activity may be compromised and viewable.
-
CheckForSuperUserAPK: Returns TRUE if one of 6 known root packages or variants is installed. The name of the package is not returned, so the user does not know which package name to change.
-
CheckForDangerousAPK: Returns TRUE if one of 12 known patching or root emulating packages is installed. The name of the package is not returned, so the user does not know which package name to change.
Updates:
-
RoSecure process has been deleted and replaced with isRoSecureRoKernelQemu.
-
Added more root detection processes.
-
Disabled super user check, as it is giving strange results on different android versions.
-
Improved and Added Emulator Detection support for: (over 160 different checks)
-
- Android Studio
-
- Andy
-
- Droid4x
-
- Generic
-
- Genymotion
-
- Goldfish
-
- MIT
-
- Nox
-
- TitaniamVM
-
- VBox
Some reports that nox support is not working perfect .
-
Updated Descriptions.
-
Updated names.
Raodmap:
-
Method to scan for user defined packages
-
Method to scan for certain processes
Notes:
-
The only way to ensure you have emulator or virtual device detection is by getting the READ_PHONE_STATE, so you can get the Carrier ID, and Phone Number. I decided not to do this because it is a very aggressive permission. If people want this as a separate extension, let me know.
-
Another method is to watch the accelerometer, and make sure that it is moving. Emulators don’t move. If there is enough demand, I will try to add this.
DISCLAIMER:
This is not perfect. I know it, and I do not claim it is now, or ever. So if there are bugs be kind, and report them.
Total Blocks (11)
Example Use Case
Description
This light weight extension helps you limit how your users can hack your application. 9 critical elements are detected.
- Was the application installed from Amazon
- Is ADB Debugging enabled,
- Is the application running on an emulator,
- Is the device rooted,
- Is the app installed from the Google Playstore,
- Is a well known Super User APK installed,
- Is a well known Patching APK installed,
- Name of the package manager that installed the application,
- Name of the package of the current app,
- Is RO secure, or Ro kernel qemu modified.
(NOX Emulator Bug should be fixed)
When you handle these elements properly, you can shut your app down before people can logcat, or intercept network traffic, thereby protecting things like API credentials, passwords, proxies, etc.
