Some users root or modify their phones in order to uninstall standard carrier or operating system apps they do not use. Others want more control over automating certain tasks or settings. Rooting or modifying the phone can also allow users to add or access certain settings or features that are restricted by their phone carrier. Alternatively, an attacker can replace a trusted application with high privileges by a modified update to abuse its permissions. Depending on the targeted application, this could enable the hacker to access sensitive information stored on the device or even take over the device completely. An attacker could also pass a modified clone of a sensitive application as a legitimate update, for instance in the context of banking or communications. The cloned application can look and behave like the original application but inject malicious behavior. It may be relatively easy to trick some users because the application can still look exactly like the original application and has the proper signature.
Android applications using tamper detection mechanism are better hardened against cloning attacks. The mechanism performs additional checks to make sure the protected applications have not been modified in any way. The use of tamper detection and other layers of protection help against reverse engineering and cloning.