Crashing vs Closing in Secured Android & iOS Apps
Troubleshooting Tips – Common Reasons for Appdome-Secured Apps to Close Unexpectedly (ie: Exit) or Drop/Deny Sessions
It’s important to understand the differences between apps ‘crashing’ and ‘closing’. In short, when an app crashes, it shuts down due to a bug or defect in the code. Crashing is unintentional. There may be times when a mobile app will close/shut down unexpectedly in response to a detected mobile threat, particularly if the app has been secured with certain features from Appdome’s Mobile App Security suite. In such cases, the behavior is intentional and expected. For example, for apps protected by Jailbreaking/ Rooting Prevention, when the app detects that it is running on a device that has been rooted or jailbroken, the default behavior is for the app to shut itself down in order to protect itself, as well as to protect the mobile user and data.
Here is a list of the most common causes for an app to shut down when Appdome security has been added to your app:
If you Built with URL Whitelisting and the app tried to access a URL that was not on the allowed URL list (ie: the whitelist), this will result in the app ‘exiting’ (shutting down) to protect the mobile user. If you wish to allow that particular URL, simply add the additional URL to the allowed list and Build your app again.
OS Integrity Checks
If you Built/Fused OS integrity checks and the user opens or runs the app on a Jailbroken or Rooted device, this will cause the app to exit. This is the expected behavior. Appdome has specific checks for jailbreak and root detection and does not allow the app to open on a jailbroken or rooted device when this feature is enabled.
Man-in-the-Middle (MiTM) attack detection
If you secured the app with Appdome MITM attack prevention, that feature ensures the security and integrity of the communication channel which connects the app to a service. If Appdome’s technology cannot verify the signer of the CA with certificate validation, the default behavior is for the app to close, for the protection of the end-user. Threat Events allow Appdome customers to take other response actions, such as dropping/denying the TLS session. Another possible cause for this issue is that the server certificate is signed with CA that is not on the standard CA list installed on the iOS or Android device. In this case, please contact Appdome support so we can add it to Appdome’s trusted CA list.
Securing the app using Appdome may have triggered anti-tampering or other security mechanisms already inside the app. To correct this condition, you need to temporarily disable the app’s anti-tampering mechanism. Then build the app on Appdome again. After the app is built, re-apply the anti-tampering mechanism to the Appdome-secured app. Also, note that Appdome provides its own anti-tampering, which may render your existing anti-tampering mechanism redundant, in which case you may want to disable the app’s existing tamper protection method.
Modifying the app package, app bundle, Bundle id, etc for an Appdome-Secured App
To ensure the integrity of the app, Appdome doesn’t allow modifications to the package after building (securing) and signing the app. Doing this will trigger Appdome’s integrity checks. (e.g. if you change the bundle id, add files etc.). If you need to make changes to the app package, make the changes on the .ipa, .apk or .aab before uploading it to Appdome. Then secure the app using Appdome.