How to Add MitM Prevention to Enterprise Mobile Apps
Mobile apps need network connectivity to communicate with the outside world, including the servers and services needed for the app to function properly. Unfortunately, the public (not secured) networks pose the risk of data loss, data theft, identity theft, and more. Organizations often require mobile apps and mobile app users to use secure network connectivity and Man-in-the-middle prevention methods to safeguard mobile app data and use.
Man-in-the-middle (MiTM) prevention is critical to protecting mobile app users and use. Likewise, adding MicroVPN to an app allows a mobile app to securely connect to any standard SSL, VPN, or Proxy corporate gateway. Together, adding MiTM and MicroVPN to a mobile app achieves a layered, multi-pronged defense for secure mobile app use. This Knowledge Base explains how you can use Appdome to add MiTM prevention to enterprise mobile apps, instantly, without coding. Appdome’s proprietary MiTM prevention, called Trusted Session Inspection can be combined with Appdome MicroVPN in any mobile app to protect mobile data ‘in transit’, and ensure that all mobile sessions, connections, and certificates are valid and trusted at all times.
How to Add MitM Prevention to Enterprise Mobile Apps
Appdome is a no-code mobile app security platform designed to add security features in mobile apps.
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps without coding. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Using Appdome, there are no development or coding prerequisites to build secured apps. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, stores, and logic to the app automatically, with no manual development work at all.
Likewise, there are no required infrastructure changes and no dependency on having standard or proprietary VPN protocols, or protections inside the mobile app prior to using Appdome. Users merely upload a mobile app, select the relevant access and security features, and click “Build My App.” The Appdome technology automatically adds MiTM Prevention, MicroVPN, and relevant standards, protocols, and more to the mobile app.
Trusted Session Inspection is part of the Appdome Mobile Security Suite on the Appdome platform. It protects against Man-in-the-Middle (MiTM) attacks and other forms of session hijacking. Appdome MicroVPN is part of the Mobile Access category. It is a secure mobile access feature, unique to Appdome, which enables a mobile app to connect directly to any enterprise SSL, VPN or Proxy gateway in a flexible, efficient, and secure manner. Combining Appdome’s MicroVPN and Trusted Session Inspection ensures connections from a mobile app to a server are protected from MITM and session hijacking attacks. It also ensures that the protocols used for communication are hardened and secure. When the Built app initiates an SSL Handshake with the server, using Trusted Session Inspection with MicroVPN, outgoing traffic will be processed to ensure the connection to the server is secure.
Appdome’s MicroVPN does not require all web service endpoints to be published via a gateway or code change to apps to repoint to the newly published addresses of services. Appdome’s MicroVPN can use any SSL gateway, including Microsoft App Proxy, Netscaler and more in two main modes: a transparent mode which does not require resources to be publicly published and reverse proxy mode which is intended for publicly resolvable resources. Modes can also be set on a per-resource basis, providing full granular control over the access and connectively model.
3 Easy Steps to Add MitM Prevention to Enterprise Mobile Apps
Follow these step-by-step instructions to add MiTM Prevention and MicroVPN to mobile applications on Appdome:
Upload a Mobile Application to Your Account
Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.
From the “Build” Tab, add MiTM Prevention (Trusted Session Inspection)
Select the Build Tab. Note: a blue underline will appear showing the step is active..
- From within the Build tab, select the Security category.
- Click to open Secure Communication then
- Enable Android MiTM Prevention or iOS MiTM Prevention.
For more detailed information about Trusted Session Inspection, check out this Knowledge Base article.
From the “Build” Tab, add MicroVPN
- Click on the Build tab, then select Access
- Click Add Profile on Mobile Access and MicroVPN Profiles
- Enable MicroVPN by Appdome
For more information about MicroVPN, check this MicroVPN Knowledge Base article.
After you make your selections, click “Build My App.” Appdome’s technology will automatically add your selections to the mobile app – no code or coding required.
MiTM Prevention and MicroVPN – Exclusive Inspection (no Proxy configured)
When enabling MiTM Prevention and MicroVPN together without enabling BlindMicroVPN, both features will operate in Exclusive Inspection mode. This feature requires that you have configured Inclusive Routing under MicroVPN by Appdome.
Here’s how Exclusive inspection works. Upon initiation of a connection, MicroVPN validates if the connection is made to a server configured under Inclusive Routing. If yes, it routes the connection through Appdome MicroVPN and will exhibit the following Appdome MicroVPN behavior.
If the connection is made to a server, not through the Inclusive Routing list, the connection will route through Trusted Session Inspection to validate its SSL Handshake integrity. Read this KB article for more details on this feature.
MiTM Prevention and MicroVPN – Blind MicroVPN (Proxy configured)
When enabling both MiTM Prevention and MicroVPN with a Proxy Server configured, both features operate together on every connection. Specifically, when the client initiates the connection, Trusted Session Inspection validates the SSL Connection to the destination server, while MicroVPN validates the SSL Connection to the configured Proxy Server, This ensures both ends of the connection are secure. Here’s how to configure a Proxy Server in MicroVPN).
MiTM Prevention and MicroVPN – No Proxy Configured Attack Vectors
MiTM Prevention and MicroVPN – Proxy Configured Attack Vectors
Local Man-In-The-Middle attacks
A local Man-In-The-Middle attack occurs when the attacker hijacks a connection anywhere between the device and the proxy server. This most commonly occurs in the mobile device’s LAN environment – where traffic from the device routes to the Proxy Server, the attacker injects his own certificate instead of the one returned from the Proxy Server. In this situation, MicroVPN will validate the Proxy Server certificate and close the connection.
Remote (or server-side) Man-In-The-Middle
The Remote Man-In-The-Middle occurs when the attacker intercepts the connection anywhere between the proxy and the destination server. This most commonly occurs on a LAN segment of each server. The attacker sends a request from a proxy to a server, injecting his own certificate instead of the one returned from the Remote Server. When this occurs, Trusted Session Inspection validates the certificate returned from the Remote Server and acts accordingly as configured (See Trusted Session Inspection).
Trusted Session Inspection helps mobile developers release secure apps from the first use. Fusion does not impact your app functionality or add time to your development cycle. It’s fast, easy, and non-intrusive.
Want to Learn More?
Check out the blog on Trusted Session Inspection or request a demo at any time.
To zoom out on this topic, visit the Appdome Mobile Security page on our website.