react-native-malwarelytics/docs/Repackaging-Detection.md

Malwarelytics for React Native protects your banking or fintech app from a broad range of mobile security threats with an industry-leading mobile threat intelligence solution.

# Repackaging detection

Repackaging detection is a security feature that detects if the application was modified and re-signed with a different signing certificate.

## iOS Setup

To properly configure the repackage detection, you need to get the Base64 encoded string of your signing certificate:

1. Open the `Keychain Access` application.
2. Find a certificate that will be used to sign your application, for example, "Apple Development: Jan Tester (c)".
3. Right-click on the item and click "Export...".
4. Export the certificate in the `.cer` format.
5. Open up the terminal and `cd` into the folder with your exported certificate.
6. Encode the certificate in Base64 with `cat your_exported.cer | base64`.
7. Copy the output of the command and use it as a parameter for the repackage detection configuration:

```typescript
const configuration = {
    apple: {
        rasp: {
            repackage: { 
                action: "NOTIFY",
                trustedCertificates: [ "BASE64" ] 
            }
        }
    }
}
```

## Android Setup

The same feature can be configured also for Android platform. At first, follow the steps from [Obtaining Signature Hash](https://github.com/wultra/antivirus/blob/develop/docs/Repackaging-Detection.md#obtaining-signature-hash) document available from the Malwarelytics for Android SDK.

Once you have the signature hash, then alter your configuration:

```typescript
const configuration = {
    android: {
        rasp: {
            repackage: {
                action: 'NOTIFY',
                signatureHash: [ "HEXADECIMAL-HASH" ]
            }
        }
    }
}
```