I have developed an android application using ionic angular. To protect from tampering, I have implemented obfuscation. In the VAPT testing, the application is reverse engineered and adding new permission in android manifest XML and build the apk. After doing this the application is working as expected. My question is how to protect the androidmanifest.xml is not being inject?
Asked
Active
Viewed 222 times
1 Answers
0
This is actually an Android-based question and not an Ionic specific question.
However, I imagine you would need to verify the signing signature at run time.
https://www.airpair.com/android/posts/adding-tampering-detection-to-your-android-app
-
Thanks for your immediate reply. If the application is developed using ionic (hybrid), how do we handle this scenario?. – Irulandi Ganesan Sep 03 '20 at 04:47
-
By create a custom cordova plugin. Or you could try capacitor. Personally, I prefer cordova. – Sep 03 '20 at 15:34