Preventing Android App Cloning
App cloning is nothing but a technique which allows you to run two different instances of an android app at the same time.
There are multiple ways through which an android app can we cloned, we will see two ways here.
- App cloning by OEM’S
- App cloning by third party apps available on play store
App cloning by OEM’s -
Different OEM’s provide app cloning functionality for example Parallel Apps By OnePlus, Dual Apps By Xiaomi etc.
What these OEM’s cloning functionality does is, it creates a new user profile with the ID “999”. Operating System then integrates apps installed on this user profile onto the main user profile and also hides this profile from the lock screen so you can’t sign into it. This hidden user profile has Google Play Services installed, but not the Google Play Store.
Example FileDir() Path -
/data/user/999/com.example.siddhant.cloning/files
App cloning by third party apps on play store -
You can find a lot of apps on play store which is meant for app cloning, for example Dual Space, Clone App, Multi Parallel etc.
As these apps are not the system apps so their functionality of cloning an app differs from that of OEM’s cloning functionality. What these apps does is, they install the apk and create the same file path inside their own fileDir.
Example FileDir() Path -
/data/data/com.ludashi.dualspace/virtual/data/user/0/com.example.siddhant.cloning/files
Issues -
A cloned app can never function the same as the originally installed apps. The main problems comes in while accessing the internal or external storage from cloned application.
Process: com.example.siddhant.cloning, PID: 13986java.lang.SecurityException: Unsupported path /storage/emulated/999/Android/data/com.example.siddhant.cloning/files/Download/111at android.os.Parcel.readException(Parcel.java:2016)at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:183)at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:135)at android.content.ContentProviderProxy.insert(ContentProviderNative.java:476)at android.content.ContentResolver.insert(ContentResolver.java:1555)at android.app.DownloadManager.enqueue(DownloadManager.java:1163)at com.example.siddhant.cloning.ui.HomeActivity.download(HomeActivity.kt:124)
As you can see the above crash stack trace, it’s throwing an SecurityException when I tried to download a file using DownloadManager.
Here I am setting the file destination to Environment.DIRECTORY_DOWNLOADS using setDestinationInExternalFilesDir (Set the local destination for the downloaded file to a path within the application’s external files directory).
This crash occurred because the application has permission to access this/storage/emulated/0/Android/data/com.example.siddhant.cloning/files/Download directory rather than this/storage/emulated/999/Android/data/com.example.siddhant.cloning/files/Download directory created by app cloning.
My Suggestion -
Is to not let the cloned app work in any manner. For that what we can do, is to check the fileDir() of our application whenever the apps runs and if it differ from the original one then stop the application. Below you can see all the different file paths we have.
Original File Path: /data/user/0/com.example.siddhant.cloning/filesApp Cloned by Third Party App File Path: /data/data/com.ludashi.dualspace/virtual/data/user/0/com.example.siddhant.cloning/filesApp Cloned by OEM's App Cloner: /data/user/999/com.example.siddhant.cloning/files
You can use something like this to check the app cloning.
Hope you find this blog post helpful. If so clap and share it, please! Stay tuned for the next one!
Cheers!
Siddhant Panhalkar
