This document provides a simple overview of the threat detection categories supported by DoveRunner. These detections help protect your application from tampering, misuse, fraud, and insecure environments.
1. Code Hooking
What it means: The app’s behavior is altered while it is running.
Why it matters: Attackers can bypass security checks or change how the app works, which may lead to data leakage or fraud.
2. Security Configuration Manipulation
What it means: Security settings of the app or device are changed without authorization.
Why it matters: This can weaken protections like secure communication and expose sensitive data.
3. Source Code Modification
What it means: The original app code has been changed.
Why it matters: Modified code may remove security controls or add malicious functionality.
4. Application Repackaging
What it means: The app is modified and redistributed through unofficial sources.
Why it matters: Repackaged apps may contain malware, ads, or altered logic, harming users and your brand.
5. Application Debugging
What it means: The app is being analyzed using debugging tools.
Why it matters: Debugging makes it easier for attackers to understand and exploit the app.
6. Rooted / Jailbroken Device
What it means: The app is running on a device with system-level restrictions removed.
Why it matters: Such devices allow deeper access to app data and increase security risks.
7. App Cloning Environment
What it means: The app is running in a cloned or virtual app environment.
Why it matters: This is often used for multiple accounts, fraud, or abuse of app services.
8. Malware & Cheat Tools
What it means: Known malicious or cheating tools are present on the device.
Why it matters: These tools can manipulate app behavior, automate actions, or enable fraud.
9. Emulator
What it means: The app is running on an emulator instead of a real device.
Why it matters: Emulators are commonly used for automation, reverse engineering, and abuse.
10. USB Debugging Enabled
What it means: USB debugging is turned on for the device.
Why it matters: This allows external tools to control or inspect the app, increasing risk.
11. Speed or Time Modification
What it means: The device time or app execution speed is being manipulated.
Why it matters: This can be used to gain unfair advantages or bypass time-based controls.
12. ETC
What it means: Suspicious or emerging behaviors not covered above.
Why it matters: Helps protect against new or evolving attack techniques.