APP Cloning

App cloning allows multiple instances of the same app to run on a single device, either through third-party tools or native features. This practice is widely exploited in fraud scenarios such as multi-accounting, abuse of promotional benefits, and evasion of device-based blocking or banning mechanisms, in addition to expanding the application's attack surface.

MAD detects the execution of multiple instances or copies of the application on the same device, characterizing cloned or virtualized environments. This behavior indicates possible improper manipulation of the environment and attempts to bypass established security controls or business rules.

Technical Mechanism: Detection is performed through analysis of the execution environment and application identifiers, including file system characteristics, package signatures, and installation information. From this analysis, MAD verifies whether the application is running in a virtual container, non-standard directory, or with identifiers that do not match the legitimate version distributed by the official store. In this way, the solution ensures that only one legitimate and authorized instance of the application runs on the device, applying the configured response measures in case of detection.