📱 An Android application for identifying device state. 🕵️

Tamper

Tamper is a short and simple Tamper-Detection application for Android. Built from concepts used in the Google Play Safety Net Attestation API, Tamper displays a series of system information, including:

• Device State 📱
• System Integrity 📡
• SD Card Tampered State 💾

What is Google Play Safety Net

Google Play Safety Net is an attestation API used on devices with Google Play functionality that allows application developers to identify if they are running on a rooted device. This is done by the application reaching out to the API and receiving two boolean variables in response: ctsProfileMatch and basicIntegrity. While these variables are useful for application developers controlling what functionality runs on compromised / tampered devices there is little information on how Google Play Services come to the conclusion of these variables. While this is unknown, what is known is the variables that feed into this decision. This repo is a re-implementation of the aggregation of these variables.

Currently implemented

The versions of Google Play SNet are undocumented, however, in the 12 versions that I have reviewed I have identified ~55 variable types. The below denotes which of these groups are currently re-implemented in this application:

• Device Data ✔️
• Settings Finder ✔️
• SD Card Analyzer ❌
• CaptivePortalDetector ❌
• Proxy Analyzer ❌
• Preferred Package Finder ❌
• Interesting Files ❌
• More... ❌

Usage

This application is designed more as a reference point, rather than to be used in production. Each class comprises of one type of variable aggregation. All classes are wrapped in an application which when run displays all aggregated variables (which are stored in Shared Preferences) in a Text View.

Thanks

Colorful Typhoon for the font, Maria Leandro for the icon, and UnDraw for additional images.