Application Tampering Tools Detection

There are some tools that greatly simplify changing an application behaviour at runtime without resorting to a debugger/emulator. Those tools usually behave in the same manner as a debugger, settings breakpoints, monitoring its system and API calls, changing in-memory/variable values, overriding symbols to change their value/operations but can be automated to achieve specific and repeatable goals with minimal effort and targeting the application. Some are detected as if they are a debugger but root can help to try to hide their presence. Usually these tools leave traceable resources in the device that can be scanned for to try to prevent the app execution in the compromised device and its unintended use.

Some tutorials on the internet explain in detail how to achieve different goals, ranging from how to bypass app restrictions on running in rooted devices (https://joshspicer.com/android-frida-1) or bypassing biometric authentication (https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android).