Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.
How to Create and Manage Mobile App Protection Templates for Android & iOS Apps in DevSecOps Build System
Appdome users can create mobile app security templates, known as Fusion Sets, to speed up and repeat mobile app security projects. Fusion Sets can include validated, approved, required or known combinations of features, services, and configurations for your app. You can reuse Fusion Sets across different builds and releases, or share them with different teams, or subscribe Fusion Sets to multiple mobile apps at one time.
This Knowledge Base article provides step-by-step instructions on how to create, use, and manage Fusion Sets in Android and iOS apps.
Appdome is a no-code mobile app security platform designed to add security features to mobile apps. Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps without coding. When a user clicks Build My App, Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
What are Appdome Fusion Sets?
Fusion Sets are pre-built, reusable, sharable mobile app security templates that contain all the selected security features, settings, options, and configurations that Appdome builds into your iOS and Android apps whenever you click Build My App. Fusion Sets accelerate and automate mobile security implementations, ensure implementation consistency, and reduce integration time for each build or release of your mobile apps.
Prerequisites for using Appdome Fusion Sets
In order to use Appdome Fusion Sets features, you will need:
- Appdome account – IDEAL GO or higher.
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
Default Playground Fusion Set
A default Playground Fusion Set is created for each app whenever you upload a mobile app to Appdome. The Playground Fusion Set cannot be released to Team Workspaces and, therefore, cannot be shared between apps in your workspace and will only affect the app for which it was created. In addition, unlike all other Fusion Sets, the Playground Fusion Set cannot have a versioning history and cannot be modified in any of the following ways:
- Deleting (it is only possible to reset PFS to blank mode, thereby switching off all toggles)
- Freezing (see Freezing App Protection Templates)
- Using for API actions (see Appdome API documentation)
Nevertheless, it is possible to duplicate the Playground Fusion Set, with all its settings, by clicking the Copy icon as shown below.
How to Create and Use Fusion Sets for Android and iOS Apps
You can either use the default Playground Fusion Set or Create a new Fusion Set.
Creating a New Fusion Set
As a best practice, you are strongly advised to create a new blank fusion set and populate it with different security features.
To create a new Fusion Set:
- Open the Fusion Set drop-down list by clicking the arrow icon on the right.
- Click Create New Fusion Set to create a new blank Fusion Set.
- Enter a name in the text box.
- Click Save.
Note: You must assign a unique name, as there cannot be two Fusion Sets that have the same name.
Reviewing the Fusion Set List
The Fusion Sets list allows viewing at a glance multiple details about each of the Fusion Sets.
The selected Fusion Set is indicated by the green checkmark on the left.
Clicking a Fusion Set name allows renaming the Fusion Set, as seen below.
The Services section in each row allows viewing the services assigned to each Fusion Set.
The Fusion Set row displayed the time and date when the last modification took place. If the Fusion Set was imported, the row displays from which team it was imported.
The Fusion Set row can also be used for performing the following operations:
- Copying (duplicating) an existing Fusion Set by clicking Copy.
- Subscribing all Android/iOS apps to the selected template (Fusion Set).
- Deleting the Fusion Set (if the Fusion Set is frozen, you should unfreeze it prior to deleting).
Deleting a Fusion Set affects all apps that are subscribed to the Fusion Set at the time of the deletion. After the deletion operation is confirmed, all subscribed apps will revert to be subscribed to the Playground Fusion Set.
How to Subscribe Apps to a Fusion Set
To Subscribe all iOS or Android apps to a Fusion Set (optional):
- Go to the Build tab and select the app.
- Click the down arrow at the rightmost location of the law to expand the section as shown below.
- Scroll down to the Fusion Set to which you want to subscribe your apps and hover over it. While hovering over the Fusion Set, click the * (asterisk) icon to Subscribe all Android or iOS apps to this Fusion Set.
- When prompted, confirm to subscribe all apps to the selected Fusion Set.
A notification is displayed to inform that the operation has been completed successfully.
You can now add to your mobile security template by adding features and services to the Fusion Set and creating custom implementations to suit specific use cases. You can also subscribe to new apps or remove apps from this Fusion Set to complete multiple projects in parallel.
Reviewing the Fusion Set Details
You can review the Fusion Set details by clicking the Details button.
The Details dialog box opens now.
You can use this dialog box to view the following tabs:
Fusion Set Details – Contains the details listed below.
Indication of the signing credential saved in this Fusion Set (app-specific).
Fusion Set ID
Unique FS ID for API users. For details, see API Documentation.
An annotation added during the last modification of the Fusion Set.
Below the annotation, you can see the date and time and the user who had updated the FS. For further details, see below the section Annotating a Fusion Set.
For details, see the freeze the Fusion Set Knowledge Base article.
- Subscribed Apps – Names and details of the apps subscribed to the selected Fusion Set.
Saving and Annotating a Fusion Set
On the platform footer near the “Build my App” and “Annotate Changes” buttons, you can see the data when your fusion set was modified last time and by whom. When you perform one or more modifications in the Fusion Set, the button Annotate Changes becomes enabled at the bottom of the screen.
The annotation is meant to provide Appdome users with enhanced transparency and control over their security services’ selections.
The time and date of the modification are visible below the annotation, and you need to use the annotation field to specify what the modification was and what were the reasons for the modification.
To annotate a fusion set:
- Click Annotate Changes.
The dialog box Add Fusion Set Annotation opens.
- Set Fusion Set version, including numbers and dots (optional).
Enter the requested text for the annotation (up to 250 characters).
Ensure that you enter meaningful, helpful text, ideally with the following information:
Meaningful description; for example, the purpose of the modification, the targeted group (QA, development, and so on), and the month of the release.
- Click Save.
Now your Fusion Set is saved and annotated.
When you produce a Certified Secure certificate, the certificate displays the annotation.
If you do not click the Annotate Changes button but instead click Build My App, an annotation will automatically be added.
Automatic annotations also will be added when the following operations take place:
- Building (when there are changes in the Fusion Set)
- Freezing an Appdome Version
- Unfreezing an Appdome Version
- Unfreezing a Fusion Set
- Session Time Out
- Selecting to save signing credentials when prompted to
- Renaming a Fusion Set
- Adding OS Coverage
How to Sign & Publish Secured Mobile Apps Built on Appdome
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
- Signing Credentials (see Signing Secure Android apps and Signing Secure iOS apps)
- Customizing, Configuring & Branding Secure Mobile Apps
- Deploying/Publishing Secure mobile apps to Public or Private app stores
Alternatively, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
How Do I Learn More?
Here are more articles related to Fusion Sets:
- How to Freeze Fusion Sets
- How to Release Fusion Sets to Team Workspaces
- How to Release Fusion Sets (with separation of duties)
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform. Check out our KB on how to secure an app using Appdome to learn how to get started on Appdome and secure your first app.
To zoom out on this topic, visit the Appdome platform page on our website.