Debugger Detection

Detecting that a debugger is attached to a production app is a key RASP feature. Attaching a debugger to an app should only be possible in the development phase and should never occur with a production app. A debugger attached to a production app is a clear sign of malicious tampering.

Malwarelytics for Android is able to detect that a debugger has been attached to the app and can be configured to terminate the app in such case.

Configuration

This feature can be configured during the Malwarelytics initialization phase:

val raspConfig = RaspConfig.Builder()
    .checkDebugger(Boolean)
    .exitOnDebugger(Boolean)
    // configuration of other RASP features
    .build()
Method Description
checkDebugger(Boolean) indicates whether debuggers should be detected automatically. Defaults to true.
exitOnDebugger(Boolean) indicates whether the app should be terminated when a debugger is automatically detected. Defaults to false.

Usage

After initialization, the debugger detection feature can be accessed via RaspManager. This can be used to register an observer or to trigger a manual debugger detection check.

Registering an Observer

Debugger detection can trigger a certain action. To achieve that, an observer needs to be configured and registered.

Observer configuration:

val raspObserver = object : RaspObserver {
    override fun onDebuggerDetected(debuggerDetected: Boolean) {
        // handle debugger detection
    }
    // handle detection of other RASP features
}

The observer can be registered in RaspManager. When it is no longer needed, it can be unregistered again.

raspManager.registerRaspObserver(raspObserver)
raspManager.unregisterRaspObserver(raspObserver)

Triggering a Manual Check

Debugger detection check can be triggered manually in RaspManager. Two methods are available – isDebuggerAttached() gives a simple boolean answer, whereas getDebuggerDetection() provides more details.

val debuggerDetection = raspManager.getDebuggerDetection()
val isDebuggerAttached = raspManager.isDebuggerAttached()

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on May 02, 2022 (20:53) View product
Search

0.20.x

Malwarelytics for Android