How I fought modders and crackers? (Android-Tamper-Detector)
This is a small story on how I fought modders and crackers from breaking my app and stealing all my revenue.
It all started a couple of months back when I launched my first machine learning app called Hashtagger (Shamelessly plugging the app 😛)on the Google Play store. It's a simple app that generates hashtags based on your images or keywords using machine learning. I was not seeing much traffic or MAU (Monthly Active Users) so I decided to publish the app to various third-party stores(Mainly Chinese markets). Which is when I actually started seeing a lot of installations and at present have about 300 to 400 daily active users. Life was good. The app was doing fine. Making a decent revenue to sustain itself.
I felt like a super start because this was the first time I actually had an app which was making some movement. Little did I know 😞 just about a month and a half in modded versions of the app started popping up. I got to know about these modded versions with the help of Analytics. That's when I started noticing a dip in ad revenue as well. At first, I thought it was just Google. But as time passed it got clear that my revenue was being stolen because the usage increased but somehow the revenue kept getting less and less day by day. I had the users but no revenue.
So like most developers, I turned to Reddit for answers (cause why not). The community was strong and guided me on a few things I could do the make it harder for the modders and crackers. This led me to start searching for libraries that I could use to easily integrate all the things mentioned in the Reddit post. But to my amazement, I could not find anything concrete. So I set out to write my own library.
Enter Android-Tamper-Detector
This is a simple light-weight library written in Kotlin which does a bit of checkup during runtime to prevent the tampered apps from running. The library uses SHA1 FingerPrint comparison to check if the app was repacked or compromised. You can also check if the package name was changed. You can also block the app from running on emulators and in debug mode
How to integrate into your app?
Integrating the project is simple and refined all you need to do is follow the below steps
1. Add the JitPack repository to your build file. Add it in your root build.gradle at the end of repositories:
allprojects {
repositories {
...
maven { url "https://jitpack.io" }
}
}Step 2. Add the dependency
dependencies {
implementation 'com.github.mukeshsolanki:Android-Tamper-Detector:<latest-version>'
}How to use the library?
Okay seems like you integrated the library in your project but how do you use it? Well its really easy just do this in the app launch
.....
detector =
Detector.Builder().packageName("your actual package name get this via an api call").listener(object: OnTamperDetectionListener{
override fun onAppTampered(errorMessage: String) {
Log.d("onAppTampered->", errorMessage)
} override fun onAppOkay() {
Log.d("onAppTampered->", "App is okay")
}
})
.with(context)
.sha1FingerPrint("release sha 1 finger print get this via an api call as well").build() detector.check()
.....
You simply create a Detector object using the builder and set the details and call the check() and that should be it you will receive a call back with the details in the OnTamperDetectionListener.
To enable debugging for development you can do detector.enableDebugMode(true) and detector.allowEmulators(true)That's pretty much it and you're all wrapped up.
