Integrity Checker

Repackaging is one of the most common attacks on Android. Attackers download a legitimate app, decompile it, inject malware (such as banking trojans or adware), recompile it and distribute it through unofficial channels.

Technical Mechanism: MAD computes a cryptographic checksum (digital signature) of all critical APK components (classes.dex, resources, native .so libraries) during the protection process. At runtime, the RASP recalculates these hashes in memory and compares them with the original values embedded in an obfuscated way. If there is any divergence, indicating that a single byte was altered, the system identifies the integrity breach and triggers the configured response measures, aiming to be a definitive anti-tampering measure.

<antiTampering>
    <enabled>true</enabled>
    <checkIntegrity>true</checkIntegrity>
    <verifyHashSections>true</verifyHashSections>
</antiTampering>