Secure Mobile Application
Development
Part 10: Runtime Integrity Checks
Jahmel Harris, Technical Director
Detecting whether our applications have been modified or are executing code that has been injected into application important for two reasons; the first is to protect users from trojaned or backdoored versions of our applications. Often, an attacker will add malicious code to popular apps and redistribute them online. We can prevent this by implementing runtime integrity checks.
The second (and arguably) more useful reason to implement integrity checks this is to protect the client side security controls we have implemented. As it is fairly trivial to modify a mobile application, any control we implement has the potential of being removed prior to analysis from a malicious actor.
Because of this, where possible we should not rely on security checks that occur client side. Where this is a requirement (such as with some DRM), the integrity of the application should be confirmed.
The following techniques should be considered for integrity checks:
- File Checksums - The application should compare the checksums of files (including libraries) used with values known by the application. If the checksums do not match, the application should close.
- Code Checksums - The application should compare the checksum functions loaded in memory. If these checksums do not match, the application should close.
- Consider commercial libraries such as guardIT and ensureIT by Arxan.
Android
Android applications can have some level of tamper detection by checking whether the package name is as expected and the application has been signed by the correct developer certificate. This will stop the most common case of application tampering - modifying and resigning the APK. Sample code can be found here.