Debugger Detection
Detecting that a debugger is attached to a production app is a key RASP feature. Attaching a debugger to an app should only be possible in the development phase and should never occur with a production app. A debugger attached to a production app is a clear sign of malicious tampering.
Malwarelytics for Android is able to detect that a debugger has been attached to the app and can be configured to terminate the app in such case.
Configuration
This feature can be configured during the Malwarelytics initialization phase:
val raspConfig = RaspConfig.Builder()
.checkDebugger(Boolean)
.exitOnDebugger(Boolean)
// configuration of other RASP features
.build()
Method | Description |
---|---|
checkDebugger(Boolean) |
indicates whether debuggers should be detected automatically. Defaults to true . |
exitOnDebugger(Boolean) |
indicates whether the app should be terminated when a debugger is automatically detected. Defaults to false . |
Usage
After initialization, the debugger detection feature can be accessed via RaspManager
. This can be used to register an observer or to trigger a manual debugger detection check.
Registering an Observer
Debugger detection can trigger a certain action. To achieve that, an observer needs to be configured and registered.
Observer configuration:
val raspObserver = object : RaspObserver {
override fun onDebuggerDetected(debuggerDetected: Boolean) {
// handle debugger detection
}
// handle detection of other RASP features
}
The observer can be registered in RaspManager
. When it is no longer needed, it can be unregistered again.
raspManager.registerRaspObserver(raspObserver)
raspManager.unregisterRaspObserver(raspObserver)
Triggering a Manual Check
Debugger detection check can be triggered manually in RaspManager
. Two methods are available – isDebuggerAttached()
gives a simple boolean answer, whereas getDebuggerDetection()
provides more details.
val debuggerDetection = raspManager.getDebuggerDetection()
val isDebuggerAttached = raspManager.isDebuggerAttached()
More information on general RASP feature configuration and usage can be found in this overview.