APK Code Tampering
APK is android application package. These files install applications in the Android Device.
Such applications should have a restriction over code tampering. Applications are supposed to be detecting if the code of the base.apk is tampered by verifying the signature of such files. As if an attacker modifies the code, they cant replicate the signature as the private key would be with developer. And hence verifying the current signature, can help application owners securing their applications.
One way to bypass tamper detection is to change the detection code itself, so it becomes a always true condition 😂😂.
Another way is to bypass using debugging as per other discussion-link
There are a lot of advantages with such techniques. We can bypass most of the security measures pertaining to android root, ssl-pinning etc.. and make a custom code to test the application for further vulnerabilities.
We can also append our code to make it run additional, few activities such as frida-objection pre-built attacher etc..
Such applications should have a restriction over code tampering. Applications are supposed to be detecting if the code of the base.apk is tampered by verifying the signature of such files. As if an attacker modifies the code, they cant replicate the signature as the private key would be with developer. And hence verifying the current signature, can help application owners securing their applications.
One way to bypass tamper detection is to change the detection code itself, so it becomes a always true condition 😂😂.
Another way is to bypass using debugging as per other discussion-link
There are a lot of advantages with such techniques. We can bypass most of the security measures pertaining to android root, ssl-pinning etc.. and make a custom code to test the application for further vulnerabilities.
We can also append our code to make it run additional, few activities such as frida-objection pre-built attacher etc..