Tamper detection not implemented how to gix this issue in android

Question

Tamper detection not implemented: not patched (still able to do reverse engineering / Tampering apk by using apk easy took decompiling and modifying the res folder then again recompiling and successfully able to sign the modified apk and able to see the modifications in apk

How to add anti tampering for android apps.or can we obfuscated the res folder.

Answer 1

Since the APK Signature Scheme v2 (added in Android 7), all of the contents of the APK are hashed and signed (including resources).

During validation, v2+ scheme treats the APK file as a blob and performs signature checking across the entire file. Any modification to the APK, including ZIP metadata modifications, invalidates the APK signature. This form of APK verification is substantially faster and enables detection of more classes of unauthorized modifications.

The signature verification is done by Google Play when an application is uploaded to the Play Store and by the Package Manager when the application is installed onto the device.

More information:

https://developer.android.com/studio/publish/app-signing https://developer.android.com/about/versions/nougat/android-7.0#apk_signature_v2 https://source.android.com/docs/security/features/apksigning#v2