Garuda Defender
July 4, 2026 · View on GitHub
Android RASP project, Protect Mobile App from any vulnerabilities.
#1 The First Indonesian Android Security Framework :indonesia:.
#Cyber Security Solution.
#Since 2023 (Repository will always be overwritten).
Reach us on Telegram
Contact services & support
Protection Feature Provided
Runtime Application Self-Protection
| Feature | Status |
|---|---|
☑ Anti HookingInline Hook, PLT Hook, Stackplz, Frida, jshook, Java Hook (xposed/lsposed, simple hook, pine, etc) | Available |
☑ Dynamic tamper detection (e.g Code Patching)Anti patch code, such as dex, libso, hermes engine (React Native). | Available |
☑ Anti Debugging & Breakpoint (Java & Native)Detects debugging attempts on your application through a wide variety of tools, including IDA PRO, Binary Ninja, GDB, ADB, etc | Available |
☑ Anti InstrumentationProtected from Instrumentation Tools like (Frida, Stackplz, QBDI, and others) | Available |
☑ Anti EmulationString encryption is protected with anti-emulation mechanisms such as the unicorn engine and the qiling framework. | Available |
☑ Memory ProtectionSensitive data protected with obfuscated region & pointer encryption | Available |
☑ Root DetectionResist root hiders like Shamiko, ZygiskNext, and other trick module | Available |
☑ Certificate Signature IntegrityCertificate Signature anti-tamper app. (supports sign scheme v1, v2, v3) | Available |
☑ Emulator/Virtual Machine DetectionDetect all types of emulators, such as gaming emulators and any Android virtual device, also supports detecting Android emulators such as VPhoneGaGa, Vmos, Virtual Master, F1VM (X8 Sandbox), twoyi | Available |
☑ Game Engine Protection "Anti Cheat"Protecting Game Engine from tampering or hacking for anti game cheat based on (Unity, Unreal Engine, Cocos) | Available |
☑ Memory Patch DetectionAnti Memory Patching, such as memory patcher framework, and GameGuardian | Available |
☑ Dalvik code patch detectionAnti tools patcher such as (LuckyPatcher, JasiPatcher, etc), Anti modify without modifying the APK file. | Available |
☑ Screen ProtectionAnti ScreenShot, ScreenCapturing, ScreenRecording, and ScreenSharing. | Available |
☑ Auto Clicker & Overlay attacks DetectionProtects the screen from malicious clickers, and prevents overlay attacks | Available |
☐ Fake GPS Detection | Coming Soon |
Code Protection
| Feature | Status |
|---|---|
| ☑ String Encryption (Java Layer Protection) | Available |
| ☑ Control Flow Obfuscation (Java Layer Protection) | Available |
| ☑ Callsite Encryption (Breaking xref flow in java/dex layer) | Available |
| ☐ Obfuscate method and field names | Coming Soon |
Network Communication Protection
| Feature | Status |
|---|---|
| ☑ HTTP Capture Detection | Available |
| ☑ Certificate SSL Pinning | Available |
Changelog
New support encrypt static string field
Realtime Remote Control
Currently, the Garuda Defender System is connected to the server in real time, so that users can remotely activate/deactivate detection in real time via the network.
Watch the demonstration here
1. RASP Controller
2. User controll with announcement dialog
3. User controll with dialog license key
Everything controll in realtime
PREVIEW & DEMO
1. Control Flow Obfuscation
Protecting the application's business logic.
| Before | After |
|---|---|
![]() | ![]() |
JADX failed to decompile
2. Emulator detection
| Memu Emulator | LDPlayer Emulator | VPhoneGaGa Android Virtual/Emulator | Mumu Emulator |
|---|---|---|---|
![]() | ![]() | ![]() | ![]() |
I can't provide many example images for all emulator detection, you can try it yourself.
3. HTTP Capture Detection
A demo for Anti HTTP Capture
https://github.com/kikyps/GarudaDefender/assets/38471660/3a20a2d9-1193-4bb2-91c0-d391824741ca
For Android
https://github.com/user-attachments/assets/1e517ff7-f531-41ff-8ce5-1d6a750f4c40
4. Certificate SSL Pinning (ANTI BYPASS)
How does this work so it is anti bypass?
Strong and Private built from scratch and is not like existing certificate pinner libraries
A demo for SSL Pinning
https://github.com/user-attachments/assets/5872f997-92a0-4015-a2a9-f3381e149ba6
5. Dalvik code patch detection
A demo for Dalvik code patch detection using LuckyPatcher
https://github.com/user-attachments/assets/0f1837b5-de47-49e6-acd6-56ec49ec6cb7
6. Auto Clicker & Overlay attacks Detection
A demo for Auto Clicker & Overlay attacks Detection
https://github.com/user-attachments/assets/20ddc04e-6996-43f4-ad00-49f85f5e2490
7. ScreenSharing Protection
A demo for ScreenSharing Protection
https://github.com/user-attachments/assets/a74cbd23-84b9-437c-88e0-ab46eeea310d
8. Support Multi-Language
| English Language | Indonesian Language | Russian Language | Chinese Language |
|---|---|---|---|
![]() | ![]() | ![]() | ![]() |
Supports 40 languages
| Language | Status |
|---|---|
| English | ☑ |
| Indonesian | ☑ |
| Chinese | ☑ |
| Russian | ☑ |
| Hindi | ☑ |
| Turkish | ☑ |
| German | ☑ |
| Spanish | ☑ |
| Italian | ☑ |
| Portuguese | ☑ |
| Dutch | ☑ |
| French | ☑ |
| Ukrainian | ☑ |
| Kazakh | ☑ |
| Japanese | ☑ |
| Korean | ☑ |
| Vietnamese | ☑ |
| Thai | ☑ |
| Filipino | ☑ |
| Burmese | ☑ |
| Polish | ☑ |
| Arabic | ☑ |
| Persian | ☑ |
| Urdu | ☑ |
| Afrikaans | ☑ |
| Belarusian | ☑ |
| Georgian | ☑ |
| Uzbek | ☑ |
| Lithuanian | ☑ |
| Romanian | ☑ |
| Estonian | ☑ |
| Nepali | ☑ |
| Latvian | ☑ |
| Armenian | ☑ |
| Azerbaijani | ☑ |
| Danish | ☑ |
| Norwegian | ☑ |
| Greek | ☑ |
| Slovak | ☑ |
| Finnish | ☑ |
NOTE
-
Emulator detection is more suitable for games, this feature is specifically for game developers who don't want their games to be played via an emulator for certain reasons.
-
HTTP Capture detection and SSL Pinning are different but share the same goal of protecting network communications from malicious activities commonly conducted via MITM attacks. The difference between the two is that HTTP Capture detection directly identifies network capture activities such as HTTP, while SSL Pinning verifies the authenticity and integrity of the server’s SSL certificate.
-
Screen Capture protection and Anti auto clicker are not activated in this demo app!
TODO
- Fake GPS Detection.
- Integration with servers for more convenient detection monitoring and control.
- Built-in Anti-Malware (Threat detection from other applications, similar to what Play Protect does).
FAQ
1. Support Most Android Version
- Support Android 5.0 - 17 (API level 21 - 37).
- Support armeabi-v7a, arm64-v8a and x86_64. (We are discontinuing x86 support as it is no longer relevant to modern versions of Android.)
- Support Android Framework App (Flutter, React Native)
2. Extremely fast and modern vulnerability detection
Sometimes, expensive products out there have slow detection systems that consume a lot of resources. We confidently make this statement and are willing to compare the sophistication of our product against others, because we have conducted comparative research and obtained proven results.
Designed for extremely fast detection and high stability, advanced algorithms to adapt to modern vulnerabilities and tested intently and measurably.
Launch speed testing
Results will vary depending on device specifications!
3. Less RAM Consumption
Rich in features but still runs efficiently with minimal RAM usage without overhead and memory leaks.
Memory usage comparison
Comparison of memory usage on protected apk and unprotected apk
| Unprotected APK | Protected APK With Garuda Defender |
|---|---|
![]() | ![]() |
| Unprotected APK |
|---|
![]() |
| Protected APK With Garuda Defender |
|---|
![]() |
Results will vary depending on device specifications!
Testing carried out in debug mode in theory at release should be lower than the results in the video.
4. Does not affect application performance
We employ the most effective methods to maintain the performance of the application. This framework ensures that the application remains fast and preserves the speed of app launch.
We don't use Shell/ClassLoader because we find it less efficient and it slows down the application launch. Decrypting and loading the dex files take up considerable time, which contributes to the delay. Another drawback is that shells can be easily repackaged.
In doing so, we opt for another approach to safeguard your Java source code, protecting it from the exposure of application business logic and the authenticity of its code.
5. Friendly with other applications and piracy tools
Sometimes some security framework providers block piracy tools or applications to prevent unwanted things, of course this is not friendly in our opinion.
Therefore our goal is that all such tools will be useless for our framework, there is no need to blindly block other applications that are not desired.\
6. No Developer Option Blocker
One of the funniest things is why block the developer options?
GarudaDefender will handle everything without restricting your usage policies or disrupting the user experience.
7. No threats or viruses detected
This framework does not cause false detection as a virus, of course this will increase the success rate of submitting applications to the Playstore
8. No special android permissions required
You can analyze it yourself by opening AndroidManifest.xml, see uses-permission, there are no permissions used, So don't claim we are digging up your information!
Download Demo APK
Limitations
- At the moment, the framework only works for Android applications.
Lessons
Of course we are aware and care about the security, authenticity, robustness in our systems, so we continue to maintain and research modern vulnerabilities to continue to maintain our security. Carrying out rigorous analysis and testing from various angles to provide the best service for our users.
Interested?
This project is not available as open-source. If you are interested and want to build a business, we are open to it.
Contact:
r383425@proton.me













