How to check if the Dalvik cache has been modified
So there are tools to patch the application’s Dalvik cache to remove copy protection – is there actually a way to check the Dalvik cache?
Is it just the DEX file copied, and if so, does it still have the same checksum? Is it really possible for a non-root application to get a checksum?
Solution
The files in the Dalvik cache are not original DEX files – they are ODEX (optimized DEX) files. When an application is installed, its dex file is extracted, and Dalvik runs an optimization pass on it and stores the result in the Dalvik cache.
The directory permissions of the dalvik cache directory prevent non-system applications from listing directory contents, but execute permissions are set and the ODEX files themselves are world-readable, so applications can access them if they know their file names
However, it is difficult to check the integrity of ODEX files because they can be different on each device. Therefore, you will not be able to perform a simple checksum checksum.
I guess you have to do an in-depth comparison of dex file structures and compare them with the original dex file. If you really want to be sure, you need to DEX the ODEX file first, and then compare the result with the original DEX file.