How to Secure an Android App Bundle (.aab) App Using Appdome
The Android App Bundle is Android’s new, official publishing format that offers a more efficient way to build and release Android apps to Google Play. By publishing your apps using the Android App Bundle, developers can reduce the size of their apps, simplify releases, and deliver features on demand. Because of its added benefits, the Android App Bundle is the recommended publishing format on Google Play. Appdome is a no-code mobile app security platform designed to secure Android aab apps without coding. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily secure Android apps..
This Knowledge Base article summarizes Android App Bundle (aab) file functionality and benefits and instructs how to add Appdome’s services to it with no code or coding.
We hope you find it useful and enjoy using Appdome!
How App Bundles work
App bundles use a new serving model, known as Google Play’s Dynamic Delivery, to build and deliver APKs that are optimized for each device configuration. By removing unused code and resources for other devices, this delivery model results in a smaller, more efficient app for users to install.
The Android App Bundle lets developers more easily deliver a great experience in smaller app size, by creating “splits”, allowing the Play Store the ability to tailor fit the app to the phone it’s being installed on, downloading only the relevant resources.
Benefits of Uploading an App Bundle
With Android app bundles you only need to build, sign, and upload a single artifact in order to support optimized APKs for a wide variety of device configurations. Google Play then manages and serves your app’s APKs for you. As a result, you don’t need to manage different versions of app builds for each combination of ABI, screen density, and locale that you want to support. Also, by using Android app bundles, you can benefit from ongoing improvements that are added to the delivery process.
Compared to APKs, app bundles:
- Have smaller download sizes and smaller size on disk
- Can use uncompressed native libraries that are stored on the APK instead of the user’s device, which can lower download sizes, the size on disk, and installation times
- Serve users the functionality and configurations they need on-demand, instead of during installation
- Simplify build and release management by removing the need to build and publish multiple APKs
How to Enhance Your Android App Bundle With Appdome
Appdome is a no-code mobile app security and fraud detection platform that allows users to add a wide variety of features, SDKs, and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily implement various features and services in any mobile app – instantly, no code or coding required.
The Appdome Fusion process allows multiple security projects to be completed in parallel, leveraging a variety of productivity and collaboration tools. Individuals or teams can use Appdome’s Mobile Integration Workflow, allowing organizational audibility, traceability, and accountability in completing mobile integration projects.
Prerequisites to Building your Android App Bundle on Appdome
In order to build an Android App Bundle on Appdome, you’ll need:
How to create an Android App Bundle using Android Studio
To build app bundles follow these steps:
- Download Android Studio 3.2 or higher
- Add support for Dynamic Delivery by including a base module, organizing code and resources for configuration APKs, and, optionally, adding dynamic feature modules.
- Build an Android App Bundle using Android Studio. On your Android project click on Build –> Build Bundle(s)/APK(s) –> Build Bundle(s).
- If you’re not using the IDE, you can instead build an app bundle from the command line.
For more information on how to compile your app to the Android App Bundle with android studio please see this documentation.
How to Secure an Android App Bundle (.aab) Using Appdome
- Sign in to your Appdome account.
If you don’t have an Appdome account, click here to create an account.
- Please follow these steps to upload a mobile app to your Appdome account.
In a few seconds, your upload will be completed. The app will be added to your App Library.
- After selecting your mobile Android App Bundle, click Start Building.
Appdome enables you to add different features and SDKs to a single app binary at the same time!
- Optionally, you can now customize your Built app. Within Context, users can brand the app, including adding a favicon to denote the new service added to the app.
Sign your Appdome Built AAB app (Required)
In order to deploy an Appdome-Built AAB app, it must be signed. Appdome allows you to choose from the following options:
- You can sign your app through the Appdome platform. Signing an Android app is easy using Appdome. (recommended)
- You can choose Private Signing, download your unsigned app and sign locally using your own signing methods.
- You can choose Appdome’s Auto-DEV private signing, download a signing script with the unsigned app embedded in it, run the script on your trusted environment which will extract and sign the app using a certificate you provide.
- You can sit back and chill, do nothing, and make the decision later. We will save all your Built apps in the App Library, and they’ll be waiting for you in the exact state that you last worked on them.
Deploy the Appdome Built Android App Bundle
Once you have signed your Appdome Built app, select the Deploy tab. You can deploy it using your distribution method of choice. You can enable Automatic Deploy to Google Play Store or you can deploy to your device.
For more information on deploying your Appdome Built app(s), please read this knowledge base article.
Enroll your Built App Bundle to app signing by Google Play
You must enroll in app signing by Google Play before uploading your app bundle on the Play Console. Google will generate optimized APKs from your app bundle and sign them with the app signing key.
Appdome’s “Anti-Tampering” is added automatically to every application as part of the build process. This service is included in Appdome’s OneShield™, a set of app shielding mechanisms and services that prevent the app from being tampered with. Anti-Tampering will protect your app against any static and dynamic modifications to the application, including app resigning.
To ensure your aab enrollment to Google, verify you upload the same signing credentials you used during the signing process on Appdome.
For more information on how to upload your signing credentials to Google and enroll your aab app please review this knowledge base article.
How Do I Learn More?
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.