A lightweight native library for Android app security and anti-tampering checks. Easily integrate signature verification and tampering detection into your Android apps.
Note
Even though CheckBeer provides enhanced security, it is not a silver bullet. It is essential to follow security best practices and regularly update your app to maintain security effectiveness.
- Comprehensive security checks in native code
- Minimal integration requirements
- Customizable security validations
- Individual check functions for granular control
Copy these two files to your project's native code directory:
src/main/cpp/
├── CheckBeer.hpp
└── JNIHelper.hpp
In your native code, include the required headers:
#include "CheckBeer.hpp"
#include "JNIHelper.hpp"You can use individual checks or the complete verification:
// Complete signature verification
bool signatureBypass = checkSignatureBypass(env, context);
if (signatureBypass) {
// Tampering detected
// Handle security violation
}
// Or use individual checks as needed:
bool creatorCheck = checkCreator(env);
bool fieldCheck = checkField(env);
bool proxyCheck = checkPMProxy(env, context);
bool componentCheck = checkAppComponentFactory(env);
bool pathCheck = checkApkPaths(env, context);Note
checkSignatureBypass performs all the following checks.
bool checkCreator(JNIEnv* env);Validates the integrity of PackageInfo's Parcelable.Creator
bool checkField(JNIEnv* env);Verifies the CREATOR class structure for tampering
bool checkPMProxy(JNIEnv* env, jobject context);Ensures legitimate IPackageManager implementation
bool checkAppComponentFactory(JNIEnv* env);Validates App Component instantiation
bool checkApkPaths(JNIEnv* env, jobject context);Verifies APK location and permissions
All checks provide detailed logging with the tag "CheckBeer":
adb logcat | grep CheckBeerHere's a minimal example of using CheckBeer to verify app integrity in your native code:
#include "CheckBeer.hpp"
#include "JNIHelper.hpp"
extern "C" JNIEXPORT jboolean JNICALL
Java_com_example_app_SecurityCheck_verifyIntegrity(
JNIEnv* env,
jobject obj,
jobject context) {
bool suspicious = checkSignatureBypass(env, context);
return suspicious;
}Corresponding Java code:
public class SecurityCheck {
public static native boolean verifyIntegrity(Context context);
public void validateApp(Context context) {
try {
if (verifyIntegrity(context)) {
throw new RuntimeException("Security violation detected!");
}
} catch (UnsatisfiedLinkError | Exception e) {
// Handle errors if needed
}
}
}This project is licensed under the MIT License.
- Android JNI Helper - Core JNI functionality