search

talsec / Free-RASP-Android

Library for improving app security and threat monitoring on Android mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
152 stars 12 forks source link

Able to recompile the APK #8

Closed abhishekpalad closed 2 years ago

abhishekpalad commented 2 years ago

I am able to modify the manifest file (changed the backup to false ) and recompile the application. The application is getting successfully installed on the system..

talsec-app commented 2 years ago

Hello @abhishekpalad , First, we want to commend you for verifying the security features over blindly trusting! That's the way to go. Second, we would like to understand better the steps you've taken so far. Usually, you should receive an onTamperDetected callback in such a case. One needs to repackage the application to be able to modify the AndroidManifest.xml. Talsec checks the developer key/certificate used to sign the application. Suppose someone tries to repackage your application without access to the keystore you used to sign the application. In that case, they won't be able to sign the application with the credentials you entered into TalsecConfig, and onTamperDetected will be triggered. Thank you in advance Talsec Team

abhishekpalad commented 2 years ago

Hi Team,

I build the app using Android Studio

then i just followed default steps to decompile the application using apktool v 2.6.4 and then recompiled it with different developer key (i have generated new keys) then used adb install with (-r -t ) to install the app.

I have attached the modified APK. app-debugTampered.zip

talsec-app commented 2 years ago

Hi @abhishekpalad, There are two versions of Talsec SDK - one for development and one for production (link https://github.com/talsec/Free-RASP-Android#dev-vs-release-version). Some of the checks are disabled during the development phase (application is not usually signed during development/ application runs in debug mode, etc…). These lines in your build.gradle file define which version of the SDK will be used:

    // Talsec Release
    releaseImplementation ‘com.aheaditec.talsec.security:TalsecSecurity-Community:4.2.1-release’
    // Talsec Debug
    debugImplementation ‘com.aheaditec.talsec.security:TalsecSecurity-Community:4.2.1-dev’

If you run assembleDebug, dev version will be automatically used, if you assemble application by using assembleRelease, release version will be used. I hope this will help you solve the issue. Best regards, Talsec Team

talsec-app commented 2 years ago

Hello @abhishekpalad , did the explanation helped?

Kind regards, Talsec team