• Platform
  • Protect Consumer Apps

    MOBILE SECURITY

    • All-in-One Mobile App Security
    • App Shielding / App Hardening
    • Code Obfuscation
    • FIPS 140-2 Encryption
    • Data Encryption
    • iOS Jailbreak Prevention and Android Root Prevention
    • Man-in-The-Middle Prevention
    • Mobile Privacy
    • Protecting Mobile Consumers During COVID-19
    Menu
    • All-in-One Mobile App Security
    • App Shielding / App Hardening
    • Code Obfuscation
    • FIPS 140-2 Encryption
    • Data Encryption
    • iOS Jailbreak Prevention and Android Root Prevention
    • Man-in-The-Middle Prevention
    • Mobile Privacy
    • Protecting Mobile Consumers During COVID-19

    MOBILE THREAT DEFENSE

    • F5 Anti-Bot
    • Check Point SandBlast App Protect
    • Mobile Threat Defense Solutions
    Menu
    • F5 Anti-Bot
    • Check Point SandBlast App Protect
    • Mobile Threat Defense Solutions

    MOBILE Authentication

    • Biometric Security
    • Mobile MFA
    Menu
    • Biometric Security
    • Mobile MFA

    Use cases

    • Mobile CI/CD Integration
    • Secure Mobile Banking & Fintech
    • Secure Mobile Commerce
    • Mobile Compliance and Secure COVID-19 Apps
    • Make Mobile Apps GDPR Ready
    • Mobile Developers’ Guide for Mobile App Security
    • Certified Secure
    Menu
    • Mobile CI/CD Integration
    • Secure Mobile Banking & Fintech
    • Secure Mobile Commerce
    • Mobile Compliance and Secure COVID-19 Apps
    • Make Mobile Apps GDPR Ready
    • Mobile Developers’ Guide for Mobile App Security
    • Certified Secure
  • Secure Enterprise Apps

    Secure Mobile work

    • Zero Management Security
    • Secure Progressive Web Apps
    • Secure Remote Workforce in COVID-19
    Menu
    • Zero Management Security
    • Secure Progressive Web Apps
    • Secure Remote Workforce in COVID-19

    UEM and MAM SDKs

    • Enterprise Mobility Control
    • Microsoft Intune
    • VMware Workspace ONE
    • IBM MaaS360
    • MobileIron
    • BlackBerry Dynamics
    Menu
    • Enterprise Mobility Control
    • Microsoft Intune
    • VMware Workspace ONE
    • IBM MaaS360
    • MobileIron
    • BlackBerry Dynamics

    Mobile IAM

    • Ping Identity Mobile
    • Okta Identity Mobile
    • Microsoft Identity (AD, ADFS, Azure AD, MSAL, NTLM, SCEP)
    • All-in-One Mobile SSO
    • Mobile Enterprise Access and MicroVPN
    • F5 Access Manager
    Menu
    • Ping Identity Mobile
    • Okta Identity Mobile
    • Microsoft Identity (AD, ADFS, Azure AD, MSAL, NTLM, SCEP)
    • All-in-One Mobile SSO
    • Mobile Enterprise Access and MicroVPN
    • F5 Access Manager

    Use cases

    • SecOps and IT Automation
    • Appdome For Salesforce
    • Secure Digital Workplace
    • Appdome For Oracle Mobile Apps
    • Mobile Healthcare Compliance and HIPAA Case Study
    • Securing Mobile Apps in Law Firms Case Study
    • BYOD in Financial Services Case Study
    Menu
    • SecOps and IT Automation
    • Appdome For Salesforce
    • Secure Digital Workplace
    • Appdome For Oracle Mobile Apps
    • Mobile Healthcare Compliance and HIPAA Case Study
    • Securing Mobile Apps in Law Firms Case Study
    • BYOD in Financial Services Case Study
  • Resources

    Appdome resources

    • Pricing
    • Partner With Appdome
    • Dev+Sec Blog
    • No-Code Android & iOS App Security Resources
    Menu
    • Pricing
    • Partner With Appdome
    • Dev+Sec Blog
    • No-Code Android & iOS App Security Resources
  • Sign Up
Search
Menu
  • Platform
  • Protect Consumer Apps
    • Mobile Security
      • All-in-One Mobile App Security
      • App Shielding / App Hardening
      • Code Obfuscation
      • FIPS 140-2 Encryption
      • Data Encryption
      • iOS Jailbreak Prevention and Android Root Prevention
      • Man-in-The-Middle Prevention
      • Mobile Privacy
      • Protecting Mobile Consumers During COVID-19
    • Mobile Threat Defense
      • F5 Anti-Bot
      • Check Point SandBlast App Protect
      • Mobile Threat Defense Solutions
    • Mobile Authentication
      • Biometric Security
      • Mobile MFA
    • Use Cases
      • Mobile CI/CD Integration
      • Secure Mobile Banking & Fintech
      • Secure Mobile Commerce
      • Mobile Compliance and Secure COVID-19 Apps
      • Make Mobile Apps GDPR Ready
      • Mobile Developers’ Guide for Mobile App Security
  • Secure Enterprise Apps
    • Secure Mobile Work
      • Zero Management Security
      • Secure Progressive Web Apps
      • Secure Remote Workforce in COVID-19
    • Mobile IAM
      • All-in-One Mobile SSO
      • Microsoft Identity (AD, ADFS, Azure AD, MSAL, NTLM, SCEP)
      • Okta Identity Mobile
      • Ping Identity Mobile
      • Mobile Enterprise Access and MicroVPN
      • F5 Access Manager
    • UEM and MAM SDKs
      • Enterprise Mobility Control
      • Microsoft Intune
      • VMware Workspace ONE
      • IBM MaaS360
      • MobileIron
      • BlackBerry Dynamics
    • Use Cases
      • SecOps and IT Automation
      • Appdome For Salesforce
      • Appdome For Oracle Mobile Apps
      • Mobile Apps for the Digital Workplace Guide
      • Mobile Healthcare Compliance and HIPAA Case Study
      • Securing Mobile Apps in Law Firms Case Study
      • BYOD in Financial Services Case Study
  • Resources
    • Pricing
    • Dev+Sec Blog
    • No-Code Android & iOS App Security Resources
    • Partner With Appdome
  • Sign In
  • Sign Up
  • August 3, 2020
  • By Alan Bavosa

Prevent App Modifications with Checksum Verification

Checksum verification for mobile apps is table stakes for any mobile app developer that wants to, well, try to stop their app from being hacked, filled with malicious code, becoming self-aware and taking over the world. Too far? I think that may have been too far. Terminator references aside, you’ve put a lot of time and resources into developing a really cool app. You’ve released that app to the world and people are downloading it. In fact, it’s so popular that someone tries to modify your code to do truly nefarious things like steal data and redirect you to illegitimate sites.

This blog will take a closer look at checksum verification for mobile apps and how it is used to prevent any app modifications. It will also explore a few of the ways Appdome can help. Happy reading!

Prevent App Modifications with Checksum Verification

Checksums are a way to ensure the integrity of a file. A mobile app is a file. Better said, the mobile app binary is a file. Any change in a mobile app that uses checksum verification will impact the checksum calculation. Running a mobile app with malicious app modifications causes the checksum verification to fail and should result in the app exiting.

Another way to think about checksum verification is that checksum verification helps ensure the mobile app is what the user expected. If you’ve written your mobile app to take advantage of checksum verification, it greatly increases the difficulty of an attacker modifying your app successfully. For a bit more background on checksum verification, there is an interesting piece on Appleinsider: How to verify checksums when you download an app for your Mac.

How Appdome uses Checksum Verification

Appdome’s security features are only added to a mobile app by choice. When you build an app, we process a checksum of your app and the built code to ensure integrity. The checksum is encrypted and embedded into the final, built app. Furthermore, this checksum is calculated and used as an encryption key for the Appdome-built app, to apply a “seal” to the app. This process is called “checksum verification and sealing.”  When an Appdome-built app runs, the Appdome fusion adapter attached to the app checks to ensure that there is no mismatch in the checksum.  If there is, the fusion adapter will cause the app to exit.

Checksum Verification is part of ONEShield™, Appdome’s app shielding solution.

Thanks for reading! This blog is part of a series focused on Mobile Security Basics, which is appropriate for readers of any level looking to increase their overall mobile security knowledge.

Alan Bavosa

Alan is VP Security Products at Appdome. A longtime security product exec, Alan has previously served as chief of product for Palerra (acquired by Oracle) and Arcsight (acquired by HP).

Table of Contents

Have a question?

Ask an expert

EnrikaMaking your security project a success!

Thanks for contacting us!

One of our technical representatives will be in touch shortly.

Something went wrong, try again later.

Sorry, we are not accepting emails from this domain

Please complete the captcha below.

All-in-One Mobile App Security

Appdome Brings DevSecOps Together Like Never Before!

Hello Appdome community!

We’re constantly innovating at Appdome. This Dev Sec Blog covers some recent updates to the Appdome product, including the introduction of new features and enhancements I’m excited…

Read More »
October 27, 2020
How to Prevent MFA Bypass in Mobile Apps with Appdome
Blog

How to Prevent MFA Bypass In Mobile Apps

In this blog post, I’ll discuss how to prevent MFA Bypass attacks that cybercriminals use to compromise iOS and Android apps.

Multi-factor authentication (MFA) is one of the best practices…

Read More »
September 24, 2020
no-code codi compliance by appdome
All-in-One Mobile App Security

Achieve CoDi Compliance without coding

CoDi Compliance, No coding required – The Fastest Way to Secure Mexico’s Mobile Banking Apps
What is CoDi?
CoDi is a digital/mobile payment system developed and sponsored by the Bank of…

Read More »
September 3, 2020

Subscribe To Our Newsletter

Get updates and learn from the best

PrevPreviousNo-code Jailbreak & Root Prevention in iOS & Android apps
NextPrevent Reverse Engineering with Anti-DebuggingNext

More To Explore

Blog

2020 Holiday and New Year Wishes from Appdome

Tom Tovar December 23, 2020
COVID-19 Mobile Consumer Survey Part 2 Threats Mobile Consumers Fear Most
All-in-One Mobile App Security

COVID-19 Mobile Consumer Survey Part 2 – Threats Mobile Consumers Fear Most

Alan Bavosa November 29, 2020
All-in-One Mobile App Security

Certified Secure Mobile Apps

Tom Tovar November 17, 2020
All-in-One Mobile App Security

COVID-19 Mobile Consumer Survey – What Consumers Expect in Mobile App Security

Alan Bavosa November 17, 2020

Build What You Love Automate What You Don’t

Drop us a line and keep in touch

Contact us
Logos/Appdome_LOGO

Appdome Home Page

DEV+SEC Blog

Request a Demo

Platform

Pricing

About

Knowledge Base

In The News

Work at Appdome

Terms of use

Privacy Policy

Press Releases

Contact

REDWOOD CITY OFFICE

3 Twin Dolphin Drive,
Suite 375 Redwood City, CA 94065

Phone: +1.650.567.6100

Mobile: +1.844.360.FUSE (3873)

Email: info@appdome.com

ISRAEL OFFICE​

2 Eliezer Kaplan St,

12th floor Tel Aviv,
Israel 6473403

Phone: +972.3.720.7915

Email: info@appdome.com
Search

Follow us

Facebook-f
Twitter
Linkedin-in

©2020 Appdome, Inc. All rights reserved. This Website requires the use of technical cookies and, with your consent, profiling, and third-party analytics to improve your experience. If you continue to use our Website, or by clicking any items of our Website, you agree to this.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Ok