App crashes instantly on real device with "Security Violation: Debugging Detected"

aeffertz · June 26, 2026, 9:13pm

Every single time I try to run my test script or even just use the Mobile Object Spy / Recorder to capture objects on my real Android device (Samsung Galaxy S22), the app opens for a split second, flashes a white screen, and then immediately crashes. Right before it closes, a pop-up flashes saying: "Security Violation: Debugging Detected. The application will now close."

Here is what I have tried so far:

I thought maybe my USB cable was bad, so I changed the cable. Didn’t work.
I restarted Katalon Studio and restarted my phone about five times.
I checked my phone settings and made sure USB Debugging was turned on (because if I turn it off, Katalon can’t see my device at all!).
I tried running a basic app like the Calculator, and that works perfectly fine. It only happens with this specific Fintech app.

Our developers told me they didn’t block Katalon, but the app just refuses to cooperate. I am just using the standard Mobile.startApplication(appPath, false) keyword. How am I supposed to automate a mobile app if the app blocks the exact debugging tool Katalon needs to talk to it? Please help!

Falak · June 26, 2026, 9:20pm

What you are experiencing is a classic conflict between mobile automation infrastructure and corporate application security. Fintech, banking, and high-security enterprise applications employ Mobile Application Security Testing (MAST) and anti-tampering suites (such as DexGuard, Arxan/Digital.ai, or OneSpan).

These security frameworks actively monitor the operating system for flags like android:debuggable="true", active adb debugging bridges, reverse-engineering tools, or custom test automation frameworks running via Appium (which Katalon relies on under the hood). When Katalon initializes the session, it starts an Appium bootstrap/server on the device, triggering the app’s internal root/debug detection algorithms and executing a hard System.exit(0).

The Architecture-Level Solutions

To bypass or legally work around this environment block, you have three industry-standard paths depending on your access levels:

The Sandbox/Test Build (Recommended): Request a dedicated Automation/Staging Build from your development team. This specific APK/IPA package must have anti-debugging, root-detection, and SSL-pinning modules compiled out or disabled via build flavors (e.g., buildTypes { staging { debuggable true ... } }).
Frida/Xposed Framework (Advanced Hooks): If you must test the production build, security teams utilize tools like Frida to inject custom scripts at runtime to intercept and mock the boolean returns of the security check functions (e.g., forcing isDebugged() to always return false).
Appium Desired Capabilities Adjustment: Sometimes, tweaking how Appium deploys the application can prevent certain naive security checks from triggering.

Implementation: Custom Framework Solution

If your development team provides an automation-friendly build but it still catches residual environment flags, or if you need to safely handle the initialization process via custom desired capabilities, you should bypass the generic Mobile.startApplication() keyword.

Below is a custom Katalon Custom Keyword that leverages Appium’s driver capabilities directly to ensure the application is initialized with specific flags that reduce the debugging footprint.

Custom Keyword: `AdvancedMobileDriver`

Create a New Keyword package (e.g., com.architecture.mobile) and add the following code:

package com.architecture.mobile

import com.kms.katalon.core.annotation.Keyword
import com.kms.katalon.core.mobile.keyword.internal.MobileDriverFactory
import com.kms.katalon.core.util.KeywordUtil
import io.appium.java_client.android.AndroidDriver
import io.appium.java_client.remote.MobileCapabilityType
import org.openqa.selenium.remote.DesiredCapabilities
import java.net.URL

public class AdvancedMobileDriver {

    @Keyword
    def startSecureApplication(String appPath, String deviceName, String platformVersion) {
        try {
            KeywordUtil.logInfo("Initializing Custom Secure Driver Session...")
            
            DesiredCapabilities capabilities = new DesiredCapabilities()
            capabilities.setCapability(MobileCapabilityType.DEVICE_NAME, deviceName)
            capabilities.setCapability(MobileCapabilityType.PLATFORM_NAME, "Android")
            capabilities.setCapability(MobileCapabilityType.PLATFORM_VERSION, platformVersion)
            capabilities.setCapability(MobileCapabilityType.APP, appPath)
            
            // Architectural Tweaks to minimize automation footprints
            capabilities.setCapability("noReset", true)
            capabilities.setCapability("dontStopAppOnReset", true)
            capabilities.setCapability("automationName", "UiAutomator2")
            
            // Bypass common installer verification checks
            capabilities.setCapability("skipInfrastructuralCheck", true)

            // Local Appium Server URL (Default Katalon Port)
            URL url = new URL("http://127.0.0.1:4723/wd/hub")
            
            AndroidDriver driver = new AndroidDriver(url, capabilities)
            
            // Register the driver back to Katalon's internal controller pipeline
            MobileDriverFactory.changeWebDriver(driver)
            KeywordUtil.logInfo("Secure Application Started and Driver registered successfully.")
            
        } catch (Exception e) {
            KeywordUtil.markFailed("Failed to initialize secure session: " + e.getMessage())
        }
    }
}

Call it in your Manual/Script Test Case:

Replace Mobile.startApplication(...) with your new custom architectural keyword:

// Instead of: Mobile.startApplication('/path/to/fintech.apk', false)
CustomKeywords.'com.architecture.mobile.AdvancedMobileDriver.startSecureApplication'(
    '/absolute/path/to/your/test-fintech-build.apk', 
    'Samsung S22', 
    '14.0'
)

dineshh · June 27, 2026, 6:53am

The app is almost certainly blocking automation because it detects debugging or instrumentation on the real device, which is common in fintech and other high-security apps. In that situation, Katalon can connect to the device, but the app itself closes as soon as it sees a debug/automation signal.

What to do

Ask your developers for a dedicated automation/staging build with anti-debugging and root-detection disabled for testing.
Recheck the Android device setup: developer mode, USB debugging, and Katalon’s real-device prerequisites.
If the app uses security tooling, this is usually an app-side protection issue rather than a Katalon setting problem.

Topic		Replies	Views
did not provide any stacktrace Miscellaneous katalon-studio	9	2567	September 26, 2018
Not able to launch the app via using katalon studio, gets error like Mobile Testing katalon-studio , mobile-testing	2	2852	December 29, 2020
did not provide any stacktrace Miscellaneous	9	1986	March 1, 2018
App not starting using Katalon Studio Mobile Mobile Testing katalon-studio , mobile-testing	0	1139	February 20, 2018
Could not run android mobile app Miscellaneous	8	234	December 9, 2024