In our application, we check the hashes of native library files. I assume this is done to avoid spoofing these files (this code appeared before I came to the project).
We access the native code files through context.getApplicationInfo().nativeLibraryDir. However, this directory becomes empty when using AAB.
I know that previously when installing an application, uncompressed native code files were copied from APK to a separate directory (maybe that's why we check the hashes), but now native code files can be used directly from APK (unless other behaviour is set in the build settings).
I also know that file swapping inside APK can be detected by checking the signature.
That's why I have 2 questions:
- Is it possible to access native files inside the installed APK (similar to how
context.getApplicationInfo().nativeLibraryDirworks)? - Сan the system detect native file swapping inside the installed APK file?
Well,
can be accessed easily by others but it requires root access to do that, and system dosent have any detection of swapping the native libs, in a rooted device user can do what ever he want to, if you are looking for checks the normal way is Hash Check of the native files or you can add root detection in your app.