Tampering & repackaging
Tampering modifies an app's code or resources after signing — the strongest integrity violation — and often leads to patched or cloned builds being redistributed.
What it is
Attackers decompile and patch an app to remove checks, ads or payments, then re-sign it and distribute it through unofficial channels.
How attackers use it
Repackaged apps are used for license bypass, malware injection, impersonation/phishing and revenue theft.
How Appsolid detects it
Tamper detection (self-checksum)
A GCM-protected manifest verifies SHA-256 hashes of critical files/entries at runtime; on mismatch it reports a TAMPER event and exits (APK).
Key entanglement
A patched or repackaged build can't derive the correct decryption key, so the original code never decrypts.
Unofficial-store & sideload detection
Detects installs from outside trusted stores, with an optional hard-stop before code loads.
Honest scope: This is detect-and-respond — it detects, terminates and reports tampering, but does not physically prevent re-signing. Self-checksum is APK-only; for AAB, pair it with Play App Signing.