How to > AppSec Release Orchestration > Security Release Management™ > How to Create and Manage Mobile App Protection Templates for Android & iOS Apps in DevSecOps Build System

How to Create and Manage Mobile App Protection Templates for Android & iOS Apps in DevSecOps Build System

Last updated March 11, 2023 by Appdome

Appdome users can create mobile app security templates, known as Fusion Sets, to speed up and repeat mobile app security projects. Fusion Sets can include validated, approved, required or known combinations of features, services, and configurations for your app. You can reuse Fusion Sets across different builds and releases, or share them with different teams, or subscribe Fusion Sets to multiple mobile apps at one time.

This Knowledge Base article provides step-by-step instructions on how to create, use, and manage Fusion Sets in Android and iOS apps.

Appdome is a no-code mobile app security platform designed to add security features to mobile apps. Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps without coding. When a user clicks Build My App, Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

Using Appdome, there are no development or coding prerequisites to build secured Android and iOS apps. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

What are Appdome Fusion Sets?  

Fusion Sets are pre-built, reusable, sharable mobile app security templates that contain all the selected security features, settings, options, and configurations that Appdome builds into your iOS and Android apps whenever you click Build My App. Fusion Sets accelerate and automate mobile security implementations, ensure implementation consistency, and reduce integration time for each build or release of your mobile apps.

Prerequisites for using Appdome Fusion Sets

In order to use Appdome Fusion Sets features, you will need:

Default Playground Fusion Set

A default Playground Fusion Set is created for each app whenever you upload a mobile app to Appdome. The Playground Fusion Set cannot be released to Team Workspaces and, therefore, cannot be shared between apps in your workspace and will only affect the app for which it was created. In addition, unlike all other Fusion Sets, the Playground Fusion Set cannot have a versioning history and cannot be modified in any of the following ways:

Nevertheless, it is possible to duplicate the Playground Fusion Set, with all its settings, by clicking the Copy icon as shown below.

Copy Playground Fusion Sets

Copy Playground Fusion Set New

How to Create and Use Fusion Sets for Android and iOS Apps 

You can either use the default Playground Fusion Set or Create a new Fusion Set.

Creating a New Fusion Set

As a best practice, you are strongly advised to create a new blank fusion set and populate it with different security features.

To create a new Fusion Set:

  1. Open the Fusion Set drop-down list by clicking the arrow icon on the right.
  2. Click Create New Fusion Set to create a new blank Fusion Set.
  3. Enter a name in the text box.
  4. Click Save.
    Note: You must assign a unique name, as there cannot be two Fusion Sets that have the same name.
    Create new Fusion SetFusion Set Name Change

Reviewing the Fusion Set List

The Fusion Sets list allows viewing at a glance multiple details about each of the Fusion Sets.

Fusion Set Review

The selected Fusion Set is indicated by the green checkmark on the left.

Clicking a Fusion Set name allows renaming the Fusion Set, as seen below.

Rename Fusion Set

The Services section in each row allows viewing the services assigned to each Fusion Set.

The Fusion Set row displayed the time and date when the last modification took place. If the Fusion Set was imported, the row displays from which team it was imported.

Modified Fusion Sets

The team the FS was Imported from

The Fusion Set row can also be used for performing the following operations:

  • Copying (duplicating) an existing Fusion Set by clicking Copy.
    Copy Fusion Set Icon
  • Subscribing all Android/iOS apps to the selected template (Fusion Set).
    Subscribe all apps
  • Deleting the Fusion Set (if the Fusion Set is frozen, you should unfreeze it prior to deleting).
    Delete Fusion Sets
    Deleting a Fusion Set affects all apps that are subscribed to the Fusion Set at the time of the deletion. After the deletion operation is confirmed, all subscribed apps will revert to be subscribed to the Playground Fusion Set.
    Delete Fusion Set Confirmation

How to Subscribe Apps to a Fusion Set

To Subscribe all iOS or Android apps to a Fusion Set (optional):

  1. Go to the Build tab and select the app.
  2. Click the down arrow at the rightmost location of the law to expand the section as shown below.
    Expand section
  3. Scroll down to the Fusion Set to which you want to subscribe your apps and hover over it. While hovering over the Fusion Set, click the * (asterisk) icon to Subscribe all Android or iOS apps to this Fusion Set.
    Subscribe on row V1
  4. When prompted, confirm to subscribe all apps to the selected Fusion Set.
    Apply to all my apps
    A notification is displayed to inform that the operation has been completed successfully.
    Subscribe all successful

You can now add to your mobile security template by adding features and services to the Fusion Set and creating custom implementations to suit specific use cases. You can also subscribe to new apps or remove apps from this Fusion Set to complete multiple projects in parallel.

Reviewing the Fusion Set Details

You can review the Fusion Set details by clicking the Details button.
Details button
The Details dialog box opens now.
FS Details Dialog Box

You can use this dialog box to view the following tabs:

  1. Fusion Set Details – Contains the details listed below.

    • Signing Credentials
      Indication of the signing credential saved in this Fusion Set (app-specific).

    • Fusion Set ID
      Unique FS ID for API users. For details, see API Documentation.

    • Annotation
      An annotation added during the last modification of the Fusion Set.
      Below the annotation, you can see the date and time and the user who had updated the FS. For further details, see below the section Annotating a Fusion Set.

    • Freeze settings
      For details, see the freeze the Fusion Set Knowledge Base article.

  2. Subscribed Apps – Names and details of the apps subscribed to the selected Fusion Set.
    Subscribed apps tab

Saving and Annotating a Fusion Set

On the platform footer near the “Build my App” and “Annotate Changes” buttons, you can see the data when your fusion set was modified last time and by whom. When you perform one or more modifications in the Fusion Set, the button Annotate Changes becomes enabled at the bottom of the screen.

The annotation is meant to provide Appdome users with enhanced transparency and control over their security services’ selections.
The time and date of the modification are visible below the annotation, and you need to use the annotation field to specify what the modification was and what were the reasons for the modification.

Annotating Fusion Set

To annotate a fusion set:

  1. Click Annotate Changes.
    The dialog box Add Fusion Set Annotation opens.
    Add Fusion Set Annotation Db
  2. Set Fusion Set version, including numbers and dots (optional).
    Enter the requested text for the annotation (up to 250 characters).
    Ensure that you enter meaningful, helpful text, ideally with the following information:
    Meaningful description; for example, the purpose of the modification, the targeted group (QA, development, and so on), and the month of the release.
    Filled Annotation
  3. Click Save.
    Now your Fusion Set is saved and annotated.
    When you produce a Certified Secure certificate, the certificate displays the annotation.
    Cert With Annotation V1

Note:
If you do not click the Annotate Changes button but instead click Build My App, an annotation will automatically be added.
Automatic annotations also will be added when the following operations take place:

  • Building (when there are changes in the Fusion Set)
  • Freezing an Appdome Version
  • Unfreezing an Appdome Version
  • Unfreezing a Fusion Set
  • Session Time Out
  • Selecting to save signing credentials when prompted to
  • Renaming a Fusion Set
  • Adding OS Coverage

How to Sign & Publish Secured Mobile Apps Built on Appdome  

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

Alternatively, see this quick reference Releasing Secured Android & iOS Apps built on Appdome. 

How Do I Learn More?

Here are more articles related to Fusion Sets:

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.  Check out our KB on how to secure an app using Appdome to learn how to get started on Appdome and secure your first app.

To zoom out on this topic, visit the Appdome platform page on our website.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

 

NEED HELP?

let's solve it together

JanMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.