Appdome ThreatID™ Reference Guide
Appdome ThreatID™ is a standardized, text-based identifier that represents specific mobile security threats detected directly within a protected mobile application, including threats such as bot activity, app tampering, rooting, instrumentation, or unauthorized access. When a threat is detected, Appdome generates a Threat Event and assigns the corresponding ThreatID™. For MobileBOT Defense (MBD), the ThreatID™ is transmitted in real time to supported Web Application Firewalls (WAFs) to enable monitoring and enforcement. The same ThreatID™ may also be consumed by other downstream systems—such as SIEMs or fraud and risk engines—through customer-defined integrations for correlation and analysis. Only ThreatIDs for protections that are enabled in the app are generated, ensuring that reported threat signals are accurate, relevant, and directly tied to active defenses within the mobile app.
The table below provides a complete list of all ThreatIDs available in Appdome, mapped to their associated protections and supported operating systems.
Security
OS Integrity
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Root Detection |
RootedDevice |
✔ |
— |
|
Jailbreak Detection |
JailbrokenDevice |
— |
✔ |
|
Detect Unknown Sources |
UnknownSourcesEnabled |
✔ |
— |
|
Detect Developer Options |
DeveloperOptionsEnabled |
✔ |
— |
|
Detect Banned Devices |
BannedManufacturer |
✔ |
— |
Secure Communication
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Prevent MitM Attacks |
SslCertificateValidationFailed |
✔ |
✔ |
|
Secure TLS Version |
SslIncompatibleVersion |
✔ |
✔ |
|
Proxy Detection |
NetworkProxyConfigured |
✔ |
✔ |
|
Enforce Certificate Roles |
SslInvalidCertificateChain |
✔ |
✔ |
|
Enforce Strong RSA Signature |
SslInvalidMinRSASignature |
✔ |
✔ |
|
Enforce Strong ECC Signature |
SslInvalidMinECCSignature |
✔ |
✔ |
|
Enforce SHA256 Digest |
SslInvalidMinDigest |
✔ |
✔ |
|
Block Non-SSL Connections |
SslNonSslConnection |
✔ |
✔ |
|
Enforce Cipher Suites |
SslIncompatibleCipher |
✔ |
✔ |
|
URL Whitelisting |
UrlWhitelistFailed |
✔ |
✔ |
|
Certificate Pinning |
SslServerCertificatePinningFailed |
✔ |
✔ |
ONEShield™ by Appdome
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
App Shielding |
AppIntegrityError |
✔ |
✔ |
|
Anti-Debugging |
DebuggerThreatDetected |
✔ |
✔ |
|
Detect Debuggable App |
AppIsDebuggable |
✔ |
— |
|
Detect Debuggable App |
DebuggableEntitlement |
— |
✔ |
|
Prevent Running on Emulators |
EmulatorFound |
✔ |
— |
|
Detect Google Emulators |
GoogleEmulatorDetected |
✔ |
— |
Anti Malware
Detect Android/iOS Exploit
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Detect Unlocked Bootloader |
DetectUnlockedBootloader |
✔ |
✔ |
|
Detect KernelSU |
KernelSUDetected |
✔ |
— |
|
Detect OS Remount |
OsRemountDetected |
✔ |
— |
|
Detect RCE Attack |
InjectedShellCodeDetected |
✔ |
✔ |
|
Detect Dirty Stream Attack |
VulnerableUriDetected |
✔ |
— |
|
Detect AI Assistant |
UnauthorizedAIAssistantDetected |
✔ |
— |
|
Detect Custom ROM |
DetectCustomRom |
✔ |
— |
|
Detect Android Kernel Patch |
KernelPatchDetected |
✔ |
— |
|
Detect Shamiko |
ShamikoModuleDetected |
✔ |
— |
|
Detect Zygisk |
ZygiskDetected |
✔ |
— |
|
Detect Zygisk Module |
ZygiskModuleDetected |
✔ |
— |
Android/iOS Hacking Tool
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Detect Hooking Frameworks |
HookFrameworkDetected |
✔ |
✔ |
|
Detect Frida Attach |
FridaAttachDetected |
✔ |
— |
|
Detect Frida Spawn |
FridaSpawnDetected |
✔ |
— |
|
Anti-Swizzling |
MethodSwizzlingDetected |
— |
✔ |
|
Detect Magisk |
MagiskManagerDetected |
✔ |
— |
|
Detect Frida Tool |
FridaDetected |
✔ |
✔ |
|
Detect Frida Bypass |
FridaCustomDetected |
✔ |
✔ |
|
Detect SSL Pinning Bypass |
SslIntegrityCheckFail |
✔ |
— |
|
Detect Jailbreak Bypass |
JailbreakBypassDetected |
✔ |
✔ |
|
Detect Malware Injection |
MalwareInjectionDetected |
✔ |
— |
Anti Fraud
Mobile Fraud Detection
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Detect Auto-Clickers |
ClickBotDetected |
✔ |
— |
|
Detect Auto-Clicker Permissions |
ClickBotDetectedByPermissions |
✔ |
— |
|
Detect Keystroke Injection |
KeyInjectionDetected |
✔ |
— |
|
Detect ADB |
ActiveADBDetected |
✔ |
✔ |
|
Detect Second Space / Parallel App |
BlockSecondSpace |
✔ |
— |
|
Detect Virtual Space |
RunningInVirtualSpace |
✔ |
— |
|
Detect Seccomp Abuse |
SeccompDetected |
✔ |
— |
|
Detect Arm-in-Arm Virtual Devices |
CorelliumFileFound |
✔ |
✔ |
|
Signature Validation |
NotInstalledFromOfficialStore |
✔ |
✔ |
|
Secure App Signature |
SecureSignatureAppResigned |
— |
✔ |
Mobile Cheat Prevention
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Detect GameGuardian |
GameGuardianDetected |
✔ |
— |
|
Detect App Players |
AppPlayerDetected |
✔ |
✔ |
|
Detect Speed Hack |
SpeedHackDetected |
✔ |
✔ |
|
Detect Code Injection |
CodeInjectionDetected |
✔ |
✔ |
|
Detect Unity Cheats |
UnityCheatDetect |
✔ |
— |
|
Detect APK Modding Tools |
OatIntegrityBadCommandLine |
✔ |
— |
|
Runtime Bundle Validation |
RuntimeBundleValidationViolation |
✔ |
✔ |
|
Detect Click Fraud |
ClickFraudDetected |
✔ |
— |
|
App-Specific Binding |
AppBindingManipulation |
✔ |
✔ |
Anti ATO
Deepfake Detection
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Protect Face ID / Face Unlock |
FaceIDBypassDetected |
✔ |
✔ |
|
Deepfake Video Detection |
DeepfakeVideoDetection |
✔ |
✔ |
|
Detect Deepfake Apps |
DeepFakeAppsDetected |
✔ |
✔ |
|
Detect Virtual Camera Substitution |
CameraSubstitutionDetected |
✔ |
✔ |
|
Detect Liveness Bypass |
DetectLivenessBypass |
✔ |
✔ |
Social Engineering Prevention
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Anti-Vishing |
ActivePhoneCallDetected |
✔ |
✔ |
|
Prevent Screen Sharing Scams |
BlockedScreenCaptureEvent |
✔ |
✔ |
|
Detect Malicious Remote Click |
ClickBotDetectedVirtualFinger |
✔ |
— |
|
Prevent Remote Desktop Scam |
IllegalDisplayEvent |
✔ |
✔ |
|
Detect Remote Desktop Interaction |
IllegalAccessibilityServiceEvent |
✔ |
— |
Mobile Account Protection
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Immutable Device ID |
DeviceFingerprintEvent |
✔ |
✔ |
|
Detect Overlay Attacks |
OverlayDetected |
✔ |
— |
|
Detect Keylogging |
BlockedKeyboardEvent |
✔ |
✔ |
|
Detect SIM Swap |
SimStateInfo |
✔ |
✔ |
|
Android Device Admin Malware |
RogueMDMChangeDetected |
✔ |
— |
|
Detect Memory Editing Tools |
ActiveDebuggerThreatDetected |
✔ |
✔ |
|
Detect Memory Dump |
MemdumpDetected |
✔ |
✔ |
|
Detect Clipboard Hijacking |
BlockedClipboardEvent |
✔ |
✔ |
|
Detect DeepSeek Attack |
DeepSeekDetected |
✔ |
✔ |
Android / iOS Trojans
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Detect GoldPickaxe |
InstalledMDMProfileDetected |
— |
✔ |
|
Detect Bank Trojan Apps |
BlockedATSModification |
✔ |
— |
|
Detect Mobile RAT |
AbusiveAccessibilityServiceDetected |
✔ |
— |
|
Detect Stalker Spyware |
StalkerSpywareDetected |
✔ |
— |
|
Detect Cloak & Dagger |
CloakAndDaggerCapableAppDetected |
✔ |
— |
|
Accessibility Consent |
UACPresented |
✔ |
— |
Geo Compliance
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Detect Fake Location |
GeoLocationSpoofingDetected |
✔ |
✔ |
|
Detect Fake GPS App |
GeoLocationMockByAppDetected |
✔ |
✔ |
|
Detect VPN |
ActiveVpnDetected |
✔ |
✔ |
|
No SIM Present |
NoSimPresent |
✔ |
✔ |
|
Detect Teleportation |
TeleportationDetected |
✔ |
✔ |
|
Detect Geo De-Sync |
FraudulentLocationDetected |
✔ |
✔ |
|
Geo-Fencing |
GeoFencingUnauthorizedLocation |
✔ |
✔ |
IDAnchor™
Android/ iOS IDAnchor
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
IDAnchor |
ImmutableDeviceID |
✔ |
✔ |
|
Enforce DeviceID Manipulations In-App |
DeviceAttributesIntegrityError |
✔ |
✔ |
|
Protect Advertising IDs |
AdvertisingIdIntegrityError |
✔ |
✔ |
Anti Bot
MobileBOT™ Defense
|
Appdome Protection |
ThreatID |
Android |
iOS |
|---|---|---|---|
|
Pin to Host User Notification |
MobileBotDefensePinToHostCertificatePinningFailed |
✔ |
✔ |
|
Rate-Limit User Notification |
MobileBotDefenseRateLimitReached |
✔ |
✔ |
Related Articles
- How to use ThreatScope™ – Threat Dynamics
- Threat-Events™, In-App Threat Intelligence in Native iOS Apps
- How to Use ThreatScope™ User Remediation Center
- Understanding ThreatScope Views
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
