The anti-emulation process is used to detect if an application is running on an emulator or an android device. It can do this by checking a few things like the Build.VERSION_CODES, Build.VERSION_NAME, ro.build.version.sdk, ro.build.version.sdk.bionic, ro.build.version.base.emulator, ro.build.version.base.emulator.versionCode, ro.build.version.base.emulator.versionName, ro.build.version.base.emulator.extract_version_number, ro.build.version.base.emulator.extract_variant_number, ro.build.version.base.emulator.extract_build_date, ro.build.version.base.emulator.extract_hw_abi, ro.build.version.base.emulator.extract_arch, ro.build.version.base.emulator.extract_build_type, etc.
We can use these to detect if it is running on a android device or emulator. There are other different methods to validate this, like checking the telephony manager, the system properties (like those of «ro.product.device»), the kernel version and qemu version (ro.kernel.qemu)
These methods work best when the emulator is using a real device, but they don't work as expected when the emulator is using the generic emulator. For example, if the emulator uses the generic emulator to run a specific application, the app will detect if it is running on a real device instead of a emulator.
Anti-Analysis Techniques are used by applications to verify if they are running on an emulated environment or on a physical device. Some examples of this kind of protection are: “Is on an Android emulator?” 'Is the Android OS's signature version correct?” 'Is the /system partition mounted on /system?’ 'Is root?’ “Is the device connected to a debugger?” 827ec27edc