Use TLSVerify to Test TLS Connections for Mobile Apps

Last updated January 24, 2024 by Appdome

Learn how to troubleshoot TLS issues and other network connectivity issues between your mobile apps and your servers. To simplify the troubleshooting process, Appdome has created TLSVerify, a dedicated debugging apps for iOS and Android to assist you in testing the TLS connections of your mobile apps. This knowledge base articles describes how to use TLSVerify to test TLS connections for mobile apps.

Prerequisites to Use TLSVerify to Test TLS Connections for Mobile Apps

  • The debugging app (iOS or Android, available upon request from the Appdome support team).
  • Mobile device (iOS or Android) with access to the tested servers.
  • The servers URLs which your app connects to.

How to Use Use TLSVerify to Test TLS Connections for Mobile Apps

After you received the TLSVerify from the support team, you’ll need to install in on your device.

You will receive an installation link:

Screenshot 2023 01 22 At 16.38.37

You can access this link in your mobile device’s browser and install the app directly on your phone (you might need to allow installation of apps from “unknown sources”).

Alternatively, you can access the link with a PC, and download the binary to sideload the app. For Android devices, you can sideload it from the Command Line Through ADB (Android debug bridge), or services like AirDroid to install the app. For iOS devices, you can sideload the debug app using MacOS.

Once you have the app ready, follow these steps:

5 Easy Steps to Use TLSVerify to Test TLS Connections for Mobile Apps

  1. Launch the TLSVerify app
  2. Enter the server URL that your app is connecting during its run time.
  3. Click on the UIWebView browser
  4. The requested browser will be opened and you will be redirected to the entered server URL.
    Troubleshoot TLS issues
    The TLSVerify App will inspect the connection for anything that looks suspicious. Once the app detects an unprotected connection. Many problems can be found when troubleshooting TLS issues. Some key examples are expired certificate, non-secure or disallowed cipher suite, old TLS version) it will alert the problem with a pop-up custom notification.
    For example, here is a notification about an expired certificate:
    Troubleshoot TLS issues - expired certificate

5.  To close the browser and return to the debug app main screen, click Close.

Using the Android Debug App to troubleshoot TLS issues

  1. Launch the app
  2. Enter the server URL that your app is connecting during its run time.
  3. Click GO.
    You will be redirected to the entered server URL.
    The Secured Network Communication Debugging App will inspect the connection for anything that looks suspicious. Once the app detects an unprotected connection (for example, expired certificate, not allowed cipher suite, etc) it will alert the problem with a pop-up custom notification.
    For example, here is a notification about an expired certificate:

  4. To refresh the connection, click on GO again

Common Network Error Notifications When Testing TLS Connections

Notification Troubleshooting
The certificate has expired Check the expiration date of the certificates in your SSL certificates chain.
The issuer certificate of a locally looked up certificate could not be found.
This normally means the list of trusted certificates is not complete.
Verify that the identity of the Intermediate Certificate Authority (CA) certificate isn’t missing and recognized on the device.
The certificate was not found in the list of trusted certificates. Add the relevant certificate to your SSL certificates chain.
The TLS version is not 1.2 Verify the app is using TLS 1.2 version for network communication.

Appdome can assist the user to Enforce TLS Versions.

The Hostname didn’t match the hostname in the certificate Verify the hostname in the certificate is the same host that your app tries to access.
Leaf certificate shouldn’t be CA Change the leaf certificate in your SSL certificates chain.
Non-leaf certificate should be CA Verify all the certificated in the certificates chain are valid.
Appdome can assist the user to Enforce Certificates Roles.
Only specific cipher suites are allowed Verify the cipher suite the connection is using was defined in the allowed cipher suites.
Appdome can assist the user to Enforce TLS Cipher-Suites.
The certificate doesn’t have basic constraints The error occurs because basicConstraints extension in one of the basic CA certificates is not set to TRUE.
One of the basic CA certificates is not enabled to sign other public keys to generate client certificates.

You are welcome to contact Appdome’s support team with any questions.

Didn’t get any notification?

Great! Your network is configured and there are no connectivity problems between your mobile app and your servers.
You can now build your app with MitM Attack Protection using Appdome Trusted Session.

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Related Articles

How to Use Appdome’s Build-to-Test Service

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Appdome

Want a Demo?

Test Secured Mobile Apps

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.