PreEmptive Protection - DashO v8.2 User Guide

Checks Overview

A Check is a piece of code which examines a particular condition that is injected into existing methods. If that condition is triggered (i.e. determined to be true), you can configure various ways for the application to respond.

PreEmptive Protection - DashO can instrument applications with the following Checks:

  • Debug - Is the application being debugged or is enabled to allow debugging?
  • Root - Is the application running on a rooted device?
  • Shelf Life - Has this application expired (or will it expire soon)?
  • Tamper - Has the application been tampered with?

With the exception of Shelf Life, all the different Checks and Responses work in a similar fashion. The Check can respond in different ways either immediately or later via a separate Response. A message can also be sent to a PreEmptive Analytics server. These Checks and Responses can be configured via the Injection UI or by adding code annotations. Shelf Life does not have a separate Response.

Page Contents

Check

When the Check is run you can optionally perform a custom action.

  • Call a method or set a field. You can have the Check's state passed back to your application by invoking a method that takes a single boolean or by setting a boolean field. When a Check is triggered the boolean value is true. If the Check is not triggered then false is used. Your application can act on this information immediately or store it for later interaction with a Response. See Specifying Sources and Actions for more information.

Note: Shelf Life expects a method which takes a Token instead of a boolean.

If the Check is triggered you can respond to it in different ways. You can choose one or both of the following:

  • Send a message. A message will be sent to a PreEmptive Analytics server. The default is to not send a message. The message can optionally include custom data and will be sent regardless of any opt-in setting.

Note: If your application is using analytics and contains an ApplicationStart you need no further configuration. If you are only using Checks then you need to supply the company and application IDs using other annotations or provide them on the Injection Options panel. See PreEmptive Analytics Overview for additional information if injecting instrumentation into an Android application.

  • Perform a response. There are several immediate responses that can be taken:
    • exit - Exit the application with a random, non-zero return code.
    • hang - Cause the current thread to hang.
    • error - Throw a randomly selected subclass of java.lang.Error.
    • exception - Throw a randomly selected unchecked subclass of java.lang.Exception.
    • none - Take no action (default).

Notes: The randomization of return codes and the selection of a Throwable is performed at time the Check is injected. Errors and exceptions are thrown with an empty stack trace to conceal their origin.

On Android, exit will only close the top Activity on the activity stack. The application will close if there is only one Activity on that stack.

When you select more than one of these, a message will be sent before the custom action and the custom action will be called before the response action is taken. If you do not request any of these, the Check will be skipped and DashO will produce a warning message.

An application can contain multiple uses of the Check with various configurations. Using more than one Check or mixing the Responses will hamper attackers.

Note: Many of the Checks inject code which uses reflection, so it is recommended that you enable String Encryption to further hide the Checks.

Response

Separating the Check and Response makes it more difficult for attackers. Having multiple and different Responses scattered throughout the application increases the difficulty. Making those Responses only happen some of the time can make the process maddening. DashO lets you configure your Responses to be as simple or as complex as you desire.

The Response adds code that interacts with a Check to separate the Check and Response code. You can add many Responses for the same Check.

  • The Response coordinates with the Check via a boolean value. A value set using the action of the Check is retrieved with the source of the Response. If the retrieved value is true then the Response is executed. See Specifying Sources and Actions for more information.

Like the Check the Response can send a message and/or perform a response. In addition, the Response's action can be made conditional based on a probability factor ranging from 0.0 (never) to 1.0 (always) - the default is 1.0.

PreEmptive Protection - DashO Version 8.2.0. Copyright © 2017 PreEmptive Solutions, LLC