Threat-Events™, In-App Threat Intelligence in Swift Apps

Last updated June 6, 2023 by Appdome

This knowledge base article shows you how easy it is to use Appdome Threat-Events™ to get in-app threat intelligence in Swift Apps and control the user experience in your Swift Apps when mobile attacks occur.

What are Threat-Events?

Appdome’s Threat-Events is a powerful threat-intelligence framework for Android & iOS apps, which is comprised of three elements: (1) a Threat-Event, (2) the data from each Threat-Event, and (3) the Threat-ScoreTM.

With Threat-Events, mobile developers can register, listen to, and consume real-time attack and threat data from Appdome’s mobile app security, anti-fraud, mobile anti-bot, and other protections within their mobile applications. This allows them to (1) ensure that mobile application workflows are aware of attacks and threats, (2) customize business logic and user experience based on the user’s risk profile and/or each attack or threat presented, and (3) pass the threat data to other systems of record such as app servers, mobile fraud analysis systems, SIEMs, and other data collection points.

The purpose of Threat-Events is to enable Android and iOS applications to adapt and respond to mobile app attacks and threats in real time. Using Threat-Events will ensure you delight users and keep users, data, and transactions safe.

Mobile Application Threat-Events vs. Threat-Scores

Appdome Threat-Events can be used as a stand-alone implementation in Swift Apps, or in combination with Threat-Scores. Threat-Events provide the mobile developer with the in-app notification of each attack or threat, as well as the metadata associated with the attack. Threat-Scores provide the mobile developer with the Threat-Event event score and the combined (aggregate) mobile end-user risk at the time of the notification.

The figure below shows where you can find Threat-Events and Threat-Scores for each of the runtime

Rootdetection

To enable Threat-Events with any runtime protection, select the check box next to Threat-Events for that feature. Doing so will enable (turn ON) Threat-Events for that feature. To enable Threat-Scores for any runtime protection, click the up/down arrow associated with Threat-Scores to assign a specific score to each protection.
Threat-Scores must have a value greater than zero (0) and less than ten thousand (10,000).

Threat-Events and Threat-Scores can be used with or in place of server-based mobile anti-fraud solutions.

Prerequisites for Using Threat-Events with Swift Apps

Here’s what you need to use Threat-Events with Swift Apps.

Code Snippet Required for Using Threat-Events with Swift Apps

Add the following lines to your app which follow and receive Appdome Security Events: 


center.addObserver(forName: Notification.Name("BlockedKeyboardEvent"), object: nil, queue: nil) { (note) in
    NSLog("BlockedKeyboardEvent Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }
    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let blocked = usrInf["blocked"];// True/false
    let keyboard = usrInf["keyboard"];// keyboard package
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}

center.addObserver(forName: Notification.Name("BlockedClipboardEvent"), object: nil, queue: nil) { (note) in
    NSLog("BlockedClipboardEvent Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let blocked = usrInf["blocked"];// True/false
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}

center.addObserver(forName: Notification.Name("SslCertificateValidationFailed"), object: nil, queue: nil) { (note) in
    NSLog("SslCertificateValidationFailed Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
    let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
    let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
    let host = usrInf["host"];// the host on which the error occurred
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}

center.addObserver(forName: Notification.Name("SslServerCertificatePinningFailed"), object: nil, queue: nil) { (note) in
    NSLog("SslServerCertificatePinningFailed Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
    let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
    let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
    let host = usrInf["host"];// the host on which the error occurred
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
    }


center.addObserver(forName: Notification.Name("UrlWhitelistFailed"), object: nil, queue: nil) { (note) in
    NSLog("UrlWhitelistFailed Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let host = usrInf["host"];// the host on which the error occurred
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("BlockedScreenCaptureEvent"), object: nil, queue: nil) { (note) in
    NSLog("BlockedScreenCaptureEvent Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let context = usrInf["context"];// capturing event type
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslIncompatibleCipher"), object: nil, queue: nil) { (note) in
    NSLog("SslIncompatibleCipher Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let incompatibleCipherId = usrInf["incompatibleCipherId"];// the incompatible cipher id
    let host = usrInf["host"];// the host on which the error occurred
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslIncompatibleVersion"), object: nil, queue: nil) { (note) in
    NSLog("SslIncompatibleVersion Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let incompatibleSslVersion = usrInf["incompatibleSslVersion"];// the incompatible SSL/TLS version
    let host = usrInf["host"];// the host on which the error occurred
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslInvalidCertificateChain"), object: nil, queue: nil) { (note) in
    NSLog("SslInvalidCertificateChain Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
    let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
    let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
    let host = usrInf["host"];// the host on which the error occurred
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslInvalidMinRSASignature"), object: nil, queue: nil) { (note) in
    NSLog("SslInvalidMinRSASignature Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
    let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
    let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
    let host = usrInf["host"];// the host on which the error occurred
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslInvalidMinECCSignature"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidMinECCSignature Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
let host = usrInf["host"];// the host on which the error occurred
let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
let deviceID = usrInf["deviceID"];// unique mobile device identifier
let deviceModel = usrInf["deviceModel"];// mobile device model
let osVersion = usrInf["osVersion"];// The mobile device OS version
let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslInvalidMinDigest"), object: nil, queue: nil) { (note) in
    NSLog("SslInvalidMinDigest Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
    let certificateSHA1 = usrInf["certificateSHA1"];// the certificate sha1 fingerprint
    let certificateCN = usrInf["certificateCN"];// the certificate CN (common name)
    let host = usrInf["host"];// the host on which the error occurred
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}

center.addObserver(forName: Notification.Name("SslNonSslConnection"), object: nil, queue: nil) { (note) in
    NSLog("SslNonSslConnection Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"];// detailed error message
    let host = usrInf["host"];// the host on which the error occurred
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}

To receive Appdome One Shield Threat Events, add the following lines to your app: 


let center = NotificationCenter.default
center.addObserver(forName: Notification.Name("AppIntegrityError"), object: nil, queue: nil) { (note) in
    NSLog("AppIntegrityError Threat-event received")
    guard let usrInf = note.userInfo else {
        return
    }

    var message = "";
    let defaultMessage = usrInf["defaultMessage"];// message passed during fusion
    let blocked = usrInf["blocked"];// True/false
    let reason = usrInf["reason"];// the cause which triggered the Anti-Tampering protection
    let timestamp = usrInf["timestamp"];// UNIX timestamp when event happened
    let deviceID = usrInf["deviceID"];// unique mobile device identifier
    let deviceModel = usrInf["deviceModel"];// mobile device model
    let osVersion = usrInf["osVersion"];// The mobile device OS version
    let kernelInfo = usrInf["kernelInfo"];// Kernel information and details
    let deviceManufacturer = usrInf["deviceManufacturer"];// mobile device manufacturer
    let fusedAppToken = usrInf["fusedAppToken"];// Built App Token
    let carrierPlmn = usrInf["carrierPlmn"];// carrier identity number (PLMN code)
}

Before consuming Threat-Events or Threat-Scores in your Swift Apps mobile application, confirm that the following conditions are met:

  • Threat-Events and/or Threat-Scores have been enabled ( turned ON) for the specific protection
  • You are using the correct identifiers for the Threat-Events for each protection.
    You can find the specific identifiers for each Threat-Event and Threat-Score in the knowledge base article associated with each protection.

Special Considerations for using Threat-Events with Swift Apps.

None.

Meta-Data for Mobile Application Threat-Events and Threat-Scores

Below is the list of metadata that can be associated with each mobile application Threat-Event and Threat-Score in Swift Apps.

[Insert list of values and descriptions]

Some or all of the meta-data for each mobile application Threat-Event and Threat-Score can be consumed in Swift Apps at the discretion of the mobile developer and used, in combination with other mobile application data, to adapt the business logic or user experience when one or more attacks or threats are present.

Using Conditional Enforcement for Mobile Application Threat-Events and Threat-Scores

Conditional Enforcement is an extension to Appdome’s mobile application Threat-Event framework. By using conditional enforcement, developers can control when Appdome enforcement of each mobile application protection takes place or invoke backup, failsafe, enforcement to any in-app enforcement used by the mobile developer.
For more information on using conditional enforcement with your Threat-Event implementation, please contact support@appdome.com.

Verifying Threat-Events in Swift Apps

After you have implemented the required Threat-Event code in your Swift Apps, you can confirm that your Threat-Event implementation(s) is properly recognized by the Appdome protections in the Swift Apps. To do that, review the Certified Secure™ DevSecOps certificate for your build on Appdome.

In the Certified Secure DevSecOps certificate, a correct implementation of Threat-Events in your mobile application looks as seen below.

Android Correct Certificate

In the Certified Secure DevSecOps certificate, an incorrect implementation of Threat-Events in your mobile application looks as seen below.

Certificate Threat Event

For information on how to view and/or retrieve the Certified Secure DevSecOps certification for your mobile application on Appdome, please visit the knowledge base article Using Certified Secure™ Android & iOS Apps Build Certification in DevOps CI/CD

Questions Using Threat-Events™ in Swift Apps?

If you have specific questions about implementing Threat-Events or Threat-Scores in Swift Apps, fill out the inquiry form on the right-hand side of this knowledge base article or contact support@appdome.com. That is it – Enjoy Appdome with Threat-Events™ in your app!

Related Articles

NEED HELP?

let's solve it together

HilaMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.