Add the DexGuard Gradle plugin to the project's build.gradle and configure the plugin with your license key and the desired protection module settings
Define a DexGuard configuration file specifying which RASP checks to inject: root detection, emulator detection, debugger detection, tampering detection, and hook detection checks
Configure the response actions for each check: options typically include crashing the app, logging the event to a backend, or gracefully degrading functionality
Build the app using the DexGuard-instrumented build variant; DexGuard injects protection code at build time without requiring source code modifications
Test on a non-rooted device, a rooted device, and an emulator to confirm that protection responses trigger as expected under each threat condition
Integrate protection event reporting with your backend or SIEM by capturing the telemetry signals DexGuard can be configured to emit on detection events
Known gotchas
RASP checks can produce false positives on legitimate enterprise devices that are technically rooted or have certain security software installed; tune detection thresholds and whitelist known-good configurations before rolling out to production
DexGuard's protection is injected at build time; obfuscation and tamper detection are based on the build-time state of the app — any post-build modification (e.g., repackaging) will trigger tampering detection, which is the intended behavior
Performance overhead from RASP checks varies by device hardware; benchmark the instrumented build on representative low-end devices to ensure check frequency and complexity do not degrade the user experience
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp