DefaultTamperDetector

Provides the default comprehensive set of tamper detectors for device security analysis.

This function returns a configuration block that adds a complete suite of tamper detection mechanisms to analyze various aspects of device compromise. The default detector set includes multiple detection strategies to provide thorough coverage of common rooting and tampering methods.

Included Detectors:

Build & System Property Analysis:

• BuildTagsDetector - Checks for test-keys in build tags indicating unofficial firmware

• DangerousPropertyDetector - Examines system properties for insecure configurations

File System Analysis:

• BusyBoxProgramFileDetector - Detects BusyBox Unix utilities package

• RootProgramFileDetector - Searches for core root binaries (su, magisk)

• RootApkDetector - Looks for root management APK files in system directories

• NativeDetector - Uses JNI-based low-level file detection

Application Analysis:

• RootAppDetector - Identifies installed root management applications

• RootRequiredAppDetector - Detects apps that require root access to function

• RootCloakingAppDetector - Finds applications designed to hide root access

System Security Analysis:

• PermissionDetector - Examines filesystem mount permissions for write access

• SuCommandDetector - Checks for superuser command availability in PATH

This comprehensive approach provides multiple layers of detection, making it difficult for sophisticated tampering attempts to evade all detection mechanisms simultaneously.