How to Obfuscate Mobile SDK Logic Using Appdome SDKProtect™

Last updated June 4, 2024 by Appdome

Summary: This article provides a comprehensive guide on how to use Appdome’s platform to enhance the security of your mobile SDKs. Here, we’ll cover the essential steps from uploading your SDK to downloading the secured version, including how to handle potential error messages and understand the fusion sets.

What is SDK Logic?

SDK logic encompasses the core operational functions and algorithms of a Software Development Kit (SDK) that dictate how it interacts with other applications and services. This includes data processing routines, communication protocols, and security mechanisms inherent to the SDK. SDK Logic is fundamental to the performance and functionality of the SDK, enabling it to perform its intended tasks efficiently and securely.

Why It’s Important to Obfuscate SDK Logic

Obfuscating mobile SDK logic is crucial because it protects the SDK from being easily understood or manipulated by malicious actors who perform reverse engineering. By making the code more difficult to read, analyze and understand, obfuscation helps prevent reverse engineering and tampering. This ensures that sensitive data handling routines, communication protocols, and other critical operations remain secure, thereby protecting the integrity and security of the mobile applications that rely on these SDKs. Obfuscation adds a vital layer of defense, making it significantly harder for attackers to exploit vulnerabilities within the SDK.

Prerequisites for Using Obfuscate SDK Logic with Appdome SDKProtect™

Before starting the process of securing your SDK with Appdome, ensure you have the following:

    • Appdome account (create a free Appdome account here)
    • A license for SDKProtect™
    • A Valid .aar file or iOS framework- Confirm your SDK is in one of these formats, which are standard for Android and iOS development.

Uploading Your SDK to Appdome

To begin protecting your SDK with Appdome, first, upload your SDK’s source files to the platform:

      1. Log in to your Appdome account.
      2. Navigate to the + Start button.
        Start
      3. Click on ‘Upload SDK’ and select your SDK files from your machine. Make sure the files are in the correct format specified by Appdome for seamless integration.
      4. Upload Method: Choose between Appdome Console or DEV-API
      5. SDK Formats: An .aar or iOS Framework file
        Upload SDK

Handling Error Messages During Upload

If any issues arise during the upload, Appdome will display an error message detailing the problem. This could be due to the file being incomplete, improperly packaged, or not a valid ZIP archive. Address these errors promptly to proceed with securing your SDK.

SDK upload error

Understanding Fusion Sets

Fusion Sets security templates, which allow you to select specific security functionalities to integrate with your SDK. Fusion Sets can include options like “Obfuscate SDK Logic”, “Encrypt SDK Strings”, and “Protect SDK Resources”, among others. By selecting appropriate fusion sets, you customize the security features to meet the specific needs of your SDK, ensuring optimal protection.

For more details on Fusion Sets, see How to Manage Fusion Set Security Templates iOS/Android.

Shielding Your SDK on Appdome

Building Obfuscate SDK Logic using Appdome’s DEV-API:

    1. Create and name the Fusion Set (security template) that will contain the Obfuscate SDK Logic feature as shown below:
      Create Fs Obfuscate Sdk Logic
      Figure 1: Fusion Set that will contain the SDK Threat-Shielding feature
      Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).
    2. To add the Obfuscate SDK Logic feature to this Fusion Set, follow the steps in the section Building the Obfuscate SDK Logic feature via Appdome Console.
    3. Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set, as shown in Figure 3 below, and get the Fusion Set ID from the Fusion Set Detail Summary (as shown below):
      fusion Set Detail Summary image
      Figure 1: Fusion Set Detail Summary
      Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory).
    4. Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, App Center, Jenkins, Travis, Team City, Circle CI, or other systems:

Building the Obfuscate SDK Logic feature via Appdome Console

To build the Obfuscate App Logic protection using Appdome Console, follow the instructions below.

        1. Where: Inside the Appdome Console, go to Build SDKProtect™ > SDK Threat-Shielding section.
        2. How: Check whether SDK Threat-Shielding is toggled On (enabled); otherwise, enable it. The feature Obfuscate SDK Logic is enabled by default, as shown below.
          Save Obfuscate Sdk Logic Fs

          Figure 3: SDK Threat-Shielding option

        3. When you select SDK Threat-Shielding, you’ll notice that the Fusion Set you created now bears the icon of the protection category that contains SDK Threat-Shielding.

          Obfuscate Sdk Logic

          Figure 4: Fusion Set that displays the newly added Obfuscate SDK Logic protection

          Click Build My SDK at the bottom of the Build Workflow (shown in Figure 4).

Congratulations! The SDK Threat-Shielding protection has now been added to the mobile SDK.

Downloading Your Secured SDK

      1. Go to the ‘Download’ tab on the Appdome platform
      2. Find your recent build and click on ‘Download My Built SDK’.
        This downloaded SDK is now enhanced with robust security features and is ready for integration into your client apps.
        Download My Sdk

Certified Secure 

This certificate verifies that Appdome has secured your SDK (com.android.sdk.id) with specific security features, as identified in the certification details. Issued to your secured SDK, this certificate details the implementation of Appdome’s SDK Threat Shielding and SDK Threat Intelligence features that you have chosen to build into your SDK.

Appdome SDK Protection

Conclusion

Appdome offers a powerful, user-friendly platform for SDK vendors to enhance the security of their mobile SDKs. By following the steps outlined above—from meeting the prerequisites to downloading the secured version—you ensure that your SDK is not only more secure but also maintains functionality and reliability in client applications.

Related Articles:

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

Appdome

Want a Demo?

SDK Security Integration

AlanWe're here to help
We'll get back to you in 24 hours to schedule your demo.