This is a ltitle unrelated, but I still wanted to ask you if you know of any ways to mask the info picked up by the app? There are several IDs and sensors that can be used along with the list of apps installed to fingerprint the device. I'm wondering whether there's a safe way to spoof this data without breaking any apps.

I am working on banking app where App Security Testing Team have raised issue that they are able to bypass the SSL

Actually, they are using Rooted Device and combination of Frida, Magisk, Magisk Hide, Zygisk, Deny List using which RootBeer Library unable to detect the root so using this library will we be able to detect all this and can prevent our app ?

Thanks in Advance!

Crashlytics - Stack trace

Application: com.blvision.hita

Platform: android

Version: 0.0.6 (16)

Issue: 6eb28270d88c441610a5428026ba0496

Session: 65F07C8302F1000175A1077B029E989C_DNE_0_v2

Date: Tue Mar 12 2024 23:02:21 GMT+0700 (Western Indonesia Time)

Fatal Exception: android.os.DeadSystemRuntimeException: android.os.DeadSystemException
at android.app.ApplicationPackageManager.getInstalledPackagesAsUser(ApplicationPackageManager.java:1274)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1251)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1245)
at c.b.(AppListCollector.kt:7)
at b.a.m(FMCore.kt:1)
at b.a.b(FMCore.kt:17)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)

Caused by android.os.DeadSystemException:
at android.app.ApplicationPackageManager.getInstalledPackagesAsUser(ApplicationPackageManager.java:1274)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1251)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1245)
at c.b.(AppListCollector.kt:7)
at b.a.m(FMCore.kt:1)
at b.a.b(FMCore.kt:17)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)

pool-13-thread-1:
at jdk.internal.misc.Unsafe.park(Unsafe.java)
at java.util.concurrent.locks.LockSupport.park(LockSupport.java:341)
at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionNode.block(AbstractQueuedSynchronizer.java:506)
at java.util.concurrent.ForkJoinPool.unmanagedBlock(ForkJoinPool.java:3466)
at java.util.concurrent.ForkJoinPool.managedBlock(ForkJoinPool.java:3437)
at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:1623)
at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:1176)
at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:905)
at java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1071)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1131)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)

https://developer.android.com/develop/ui/views/launch/icon_design_adaptive

magisk error detect，phone not has magisk，but detected install magisk。environment：
phone：vivo U1
model：V1818A
android：8.1.0
vivo room：Funtouch OS_9
software version：PD1818G_A_5.10.32
kernel version：4.9.82-perf+
trustddevice-android branch is master，commit sha : 1cb8f52

use 360 apk reinforcement ，jni hook and debug detect call fail，throw error UnsatisfiedLinkError。environment：
phone：vivo U1
model：V1818A
android：8.1.0
vivo room：Funtouch OS_9
software version：PD1818G_A_5.10.32
kernel version：4.9.82-perf+
trustddevice-android branch is master，commit sha : 1cb8f52

The project is interestring！！！

If a device is accessed by the root, and the magisk module is enabled, can this library recognize it?

1.0.3
vivo y73s Android 10
https://source.android.google.cn/docs/core/tests/debug/native-crash?hl=zh-cn#xom

1.0.4 fixed

Please take care to adjust versionName and increase versionCode when preparing releases: the APK at the latest release (1.0.1) still identifies as 1.0.0+1 (as build.gradle tells it). The former is for the "human eye", the latter is used by Android internal to tell versions apart and notify about updates when a higher number was seen. Thanks!

#00 pc 000000000005c2dc /data/app/com.nmode.xkd-ehhwNHla45iB0JGwa--ZJQ==/lib/arm64/libtrustdevice.so (detect_frida+164) [arm64-v8a::56394d31f69e9cdbd8e55bd47209db2c] #01 pc 000000000005c578 /data/app/com.nmode.xkd-ehhwNHla45iB0JGwa--ZJQ==/lib/arm64/libtrustdevice.so (detect_hook+112) [arm64-v8a::56394d31f69e9cdbd8e55bd47209db2c] #02 pc 000000000013f350 /apex/com.android.runtime/lib64/libart.so (art_quick_generic_jni_trampoline+144) [arm64-v8a::7f0343966300a562c818602b037570a9] #03 pc 0000000000136334 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+548) [arm64-v8a::7f0343966300a562c818602b037570a9] #04 pc 0000000000145060 /apex/com.android.runtime/lib64/libart.so (_ZN3art9ArtMethod6InvokeEPNS_6ThreadEPjjPNS_6JValueEPKc+244) [arm64-v8a::7f0343966300a562c818602b037570a9] #05 pc 00000000002ddb94 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreter34ArtInterpreterToCompiledCodeBridgeEPNS_6ThreadEPNS_9ArtMethodEPNS_11ShadowFrameEtPNS_6JValueE+384) [arm64-v8a::7f0343966300a562c818602b037570a9] #06 pc 00000000002d88f4 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+900) [arm64-v8a::7f0343966300a562c818602b037570a9] #07 pc 000000000058f0a4 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+836) [arm64-v8a::7f0343966300a562c818602b037570a9] #08 pc 0000000000130814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) [arm64-v8a::7f0343966300a562c818602b037570a9] #09 pc 00000000000ce53a /apex/com.android.runtime/lib64/libart.so [arm64-v8a::7f0343966300a562c818602b037570a9] java: cn.tongdun.mobrisk.core.collectors.HookCollector$detectHook$1.invoke(HookCollector.kt:16) cn.tongdun.mobrisk.core.collectors.HookCollector$detectHook$1.invoke(HookCollector.kt:16) cn.tongdun.mobrisk.core.tools.ExceptionSafeExecutorKt.executeSafe(ExceptionSafeExecutor.kt:12) cn.tongdun.mobrisk.core.collectors.HookCollector.detectHook(HookCollector.kt:16) cn.tongdun.mobrisk.core.FMCore.collectorHook(FMCore.kt:109) cn.tongdun.mobrisk.core.FMCore.init$lambda$0(FMCore.kt:63) cn.tongdun.mobrisk.core.FMCore.$r8$lambda$VnrMmRkJNi23SFacqZx5JxQSUjM(Unknown Source:0) cn.tongdun.mobrisk.core.FMCore$$ExternalSyntheticLambda0.run(Unknown Source:2) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) java.lang.Thread.run(Thread.java:919)