The app is running in a virtual environment intercepting its system calls and designed to patch app‘s memory to fake an ID.