SecurityRiskAndroid v0.1.0

Expanded runtime-security release focused on deeper Android anti-tampering research, cross-view consistency checks, isolated-process comparison, and more detailed native telemetry.

Overview

This release improves SecurityRiskAndroid from a single-process native checker into a layered runtime-risk detector with multiple execution views:

• Main app process checks
• Native fast synchronous checks
• Native deep asynchronous checks
• Optional root-assisted diagnostic checks
• Isolated-process comparison through SecurityIsolatedService

The goal is to make suspicious runtime behavior easier to observe, compare, and debug without relying on one root check or one detection string.

Notes

This project is still a research and educational sample.

The native checker should be treated as a runtime-risk signal generator, not as a perfect security boundary. Advanced root, Zygisk, LSPosed, Shamiko, Frida, or kernel-level tooling may still bypass local checks.

For production enforcement, local runtime signals should be combined with server-side verification such as device/app attestation, backend risk scoring, and account-level abuse detection.

Known Limitations

• Isolated-process comparison requires Java and Manifest wiring.
• Root-assisted checks may require user-granted su access and should be treated as lab diagnostics.
• Timing signals are noisy and should not be used as standalone block reasons.
• /data/app visibility differs across Android versions and OEMs.
• ART/JIT memory behavior can vary by device and Android version.
• Local native checks are bypassable by sufficiently privileged attackers.