Integrity Checker

Repackaging is when attackers download a legitimate app, decompile it, inject malware (such as banking trojans or adware), recompile it and distribute it on unofficial channels.

Technical Mechanism: MAD calculates a cryptographic checksum (digital signature) of all critical APK components (classes.dex, resources, native .so libraries) during the protection process. At runtime, the RASP recalculates these hashes in memory and compares them with the original values embedded in an obfuscated way. If there is any divergence, indicating that a single byte was changed, the system detects the integrity breach and triggers the configured response (e.g., crash). This serves as a definitive anti-tampering measure.

<key>anti-tampering</key>
    <true>