How does Snapchat detect XPosed Framework?

SnapChat uses Google's SafetyNet Attestation API and does not specifically check if XPosed is installed. SnapChat runs SafetyNet the first time the app is launched.

To make sure SnapChat does not specifically check for the XPosed framework, I decompiled Snapchat and ran grep -lri xposed. The search came up with no results.

Checking if XPosed is installed:

I'm sure there are plenty of ways you could check if Xposed is installed. I wrote the following method which gets the currently installed Xposed version or returns null if the XposedBridge.jar was not found on the device:

/**
 * Get the current Xposed version installed on the device.
 * 
 * @param context The application context
 * @return The Xposed version or {@code null} if Xposed isn't installed.
 */
public static Integer getXposedVersion(Context context) {
  try {
    File xposedBridge = new File("/system/framework/XposedBridge.jar");
    if (xposedBridge.exists()) {
      File optimizedDir = context.getDir("dex", Context.MODE_PRIVATE);
      DexClassLoader dexClassLoader = new DexClassLoader(xposedBridge.getPath(),
          optimizedDir.getPath(), null, ClassLoader.getSystemClassLoader());
      Class<?> XposedBridge = dexClassLoader.loadClass("de.robv.android.xposed.XposedBridge");
      Method getXposedVersion = XposedBridge.getDeclaredMethod("getXposedVersion");
      if (!getXposedVersion.isAccessible()) getXposedVersion.setAccessible(true);
      return (Integer) getXposedVersion.invoke(null);
    }
  } catch (Exception ignored) {
  }
  return null;
}

As far as I can tell, Xposed has always had XposedBridge.jar in /system/framework so this should work for the official releases of Xposed but could break in future releases.

I believe Snapchat uses SafetyNet, the API which also protects Android Pay and Pokemon GO.