Application Integrity Validation

There are several integrity checks for the application to prevent running a tampered-with application which might compromise its intended secure operation. These checks can be to verify that the signing keystore for the app is the intended one to prevent application modification and re-signing with a different keystore; the integrity check of the installed apk matches the expected value; the verification checks were not tampered with to try to bypass them; and that runtime symbols necessary for the app to function are not being replaced by modified ones.

APKs are easy to disassemble, modify, recompile and re-sign, leaving a modified app to run malicious code if the necessary prevention steps are not done. One of the easiest methods is to decompile to smali code, modify the decompiled app and compiling it again.

There are several tutorials on the internet on how to achieve several goals such as: https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting/smali-changes

These changes can be very small and quick but have a big impact on the application behaviour, for example a function variable value can be changed to bypass some check or validation return value, preventing the correct app execution.