I found the following methods good fighting them:
- Use ProGuard to obfuscate the code. If the code is obfuscated it's harder to remove other protective measures listed below. Some notes on ProGuard:
(a) Move important functionality from non-obfuscated functions (such as onCreate) - Check application signature, use: getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES).signatures[0]
- CRC/Checksum validation of resources
- CRC/Checksum validation of the APK.
- Check if the application is running in debugger.
- Check installed package name.
When you discover an issue DO NOT stop the application. Start a sequence that will cause the application crash (for example, clear a list that should not be empty).