As per the recommendation from Digital AI team earlier, we are planning to rely root detection and dynamic compromise detection operations fully on App protect.
But we see a challenge for detecting Frida using App protect's Dynamic Instrumentation Detection Guard. Basically Dynamic Instrumentation Detection Guard requires app finalisation. https://docs.digital.ai/appsec-android/docs/protection-reference/dynamic-instrumentation-detection-guard. But this is not practically possible in our solutions, because we ship the AAR to our customers and we can't make it mandatory to make their application as finalised.
We are shipping our solution SDK as AAR, instead of a final APK. Our customers will consume this AAR and generate their APK during their integration process. So we can't really enforce them to enable the finalisation.
That's why we would like to get an alternative method to overcome current limitation or we need DIDG to work without the need of finalisation.
So we need this DIDG guard to be working even without app/aar finalisation like Root detection guard. This is already discussed in our previous synch ups
by: Ajith Kumar V. | 3 days ago | Integration
Comments
Thanks for creating this idea. We made a note and will include it into our planning process. The finalization exists for logical reasons and it is impossible for some guards to function without finalization. We will review our guards to see if there is anything possible to be done with Dynamic Instrumentation Detection Guard .