A Check is a piece of code which examines a particular condition that is injected into existing methods. If that condition is triggered (i.e. determined to be true), you can configure various ways for the application to respond.
PreEmptive Protection - DashO can instrument applications with the following Checks:
- Debug - Is the application being debugged or is enabled to allow debugging?
- Root - Is the application running on a rooted device?
- Shelf Life - Has this application expired (or will it expire soon)?
- Tamper - Has the application been tampered with?
With the exception of Shelf Life, all the different Checks and Responses work in a similar fashion. The Check can respond in different ways either immediately or later via a separate Response. A message can also be sent to a PreEmptive Analytics server. These Checks and Responses can be configured via the Injection UI or by adding code annotations. Shelf Life does not have a separate Response.
Note: Sending PreEmptive Analytics telemetry from Checks and Responses is deprecated.
There are several samples which demonstrate the use of the different Checks and Responses.
When the Check is run you can optionally perform a custom action.
- Call a method or set a field - You can have the Check's state passed back to your application by invoking a method that takes a single
booleanor by setting a
booleanfield. When a Check is triggered the
true. If the Check is not triggered then
falseis used. Your application can act on this information immediately or store it for later interaction with a Response. See Specifying Sources and Actions for more information.
If the Check is triggered you can respond to it in different ways. You can choose one or both of the following:
- Send a message (Deprecated) - A message will be sent to a PreEmptive Analytics server. The default is to not send a message. The message can optionally include custom data and will be sent regardless of any opt-in setting.
Note: If your application is using analytics and contains an
ApplicationStartyou need no further configuration. If you are only using Checks then you need to supply the company and application IDs using other annotations or provide them on the Injection Options panel. See PreEmptive Analytics Overview for additional information if injecting instrumentation into an Android application.
- Perform a response - There are several immediate responses that can be taken:
exit- Exit the application with a random, non-zero return code.
hang- Cause the current thread to hang.
error- Throw a randomly selected subclass of
exception- Throw a randomly selected unchecked subclass of
none- Take no action (default).
The randomization of return codes and the selection of a
Throwableis performed at time the Check is injected. Errors and exceptions are thrown with an empty stack trace to conceal their origin.
exitwill only close the top
Activityon the activity stack. The application will close if there is only one
Activityon that stack.
When you select more than one of these, a message will be sent before the custom action, and the custom action will be called before the response action is taken. If you do not request any of these, the Check will be skipped and DashO will produce a warning message.
An application can contain multiple uses of the Check with various configurations. Using more than one Check or mixing the Responses will hamper attackers.
Note: Many of the Checks inject code which uses reflection, so it is recommended that you enable String Encryption to further hide the Checks.
Separating the Check and Response makes it more difficult for attackers. Having multiple and different Responses scattered throughout the application increases the difficulty. Making those Responses only happen some of the time can make the process maddening. DashO lets you configure your Responses to be as simple or as complex as you desire.
Response adds code that interacts with a
Check to separate the Check and Response code. You can add many
Responses for the same
Responsecoordinates with the Check via a
booleanvalue. A value set using the
Checkis retrieved with the
Response. If the retrieved value is
truethen the Response is executed. See Specifying Sources and Actions for more information.
Response can send a message and/or perform a response. In addition, the Response's action can be made conditional based on a probability factor ranging from
0.0 (never) to
1.0 (always) - the default is