Skip to content

MASTG-BEST-0046: Hardening Against Emulation

Emulated devices allow target applications to be executed in controlled environments that may use custom system images, modified platform components, or instrumentation that is difficult for the app to detect. This enables advanced reverse-engineering techniques.

Defending against emulated devices involves a layered approach that commonly consists of applying several types of security controls:

  • Detective controls: Scan for common device emulator indicators and properties ( Emulator Detection) and use the Google Play Integrity API ( Google Play Integrity API) to help identify risky devices, emulated environments, modified app binaries, and other untrusted interactions.
  • Deterrent controls: Obfuscate this detection logic ( Obfuscation), scatter checks throughout the app, and vary their timing to increase the cost and effort required to bypass these checks.
  • Hardening against reverse-engineering tools: Implement detection of reverse-engineering tools ( Detection of Reverse Engineering Tools), as custom or emulated environments are often combined with such tools.

Tests

MASTG-TEST-0351: Runtime Use of Emulator Detection Techniques