How to Implement Trusted Domains with MiTM Prevention Using AI
This Knowledge Base article explains how to add a list of trusted domains to your mobile app using Appdome’s Prevent MitM Attacks feature.
What are Trusted Domains?
Trusted Domains is a security feature used to define a list of pre-approved internet domains that a mobile app recognizes as legitimate for network communication. This protection is crucial for defending against Man-in-the-Middle (MitM) attacks, where attackers intercept, modify, or reroute traffic between an app and its intended server. Without Trusted Domains, malicious actors can exploit insecure connections to steal login credentials, inject malicious payloads, or redirect users to fraudulent sites. By restricting app communication to verified and authorized domains, this feature ensures that data transmissions remain encrypted and unaltered, safeguarding sensitive information, authentication flows, and transactions. Trusted Domains also support compliance initiatives by enforcing strict network access policies, ensuring that apps only communicate with secure and authorized endpoints. This is particularly important for financial, healthcare, and enterprise applications where data integrity and confidentiality are essential.
How Appdome Protects Mobile Apps With Trusted Domains
Appdome’s dynamic Trusted Domains plugin verifies that all outbound app communications are directed only to authorized domains specified by the developer. Integrated as part of Appdome’s Prevent MitM Attacks protection, the Trusted Domains plugin allows mobile apps to define a whitelist of trusted domains using wildcard patterns for SSL validation. This ensures that the app does not communicate with unverified or unauthorized servers, mitigating risks from malicious proxies, network spoofing, and traffic interception. Unlike SSL pinning, Trusted Domains applies flexible domain validation without enforcing rigid certificate binding, providing security while maintaining operational flexibility. Mobile developers can configure Trusted Domains without code, SDKs, or server modifications, ensuring continuous protection against MitM threats in CI/CD workflows.
Prerequisites for Adding Trusted Domains to Prevent MitM Attacks on Appdome
To use Appdome’s Trusted Domains feature, ensure that you have the following:
- Appdome account (create a free Appdome account here)
- A license for Prevent MitM Attacks
- Mobile App (.apk or .aab for Android, .ipa for iOS)
- Signing Credentials (see Signing Secure Android apps and Signing Secure iOS apps)
How to Implement Trusted Domains in Android & iOS Apps Using Appdome.
Note: This example uses an Android app. You can also apply the Prevent MitM Attacks feature to iOS apps using the .ipa format.
- Designate the mobile app to be protected.
1.1 Upload a mobile app via the Appdome Mobile Defense platform GUI or via Appdome’s DEV-API or CI/CD Plugins.
1.2 Android Formats: .apk or .aab / iOS Formats: .ipa
1.3 Prevent MitM Attacks is compatible with Java, JS, C++, C#, Kotlin, Flutter, React Native, Unity, Xamarin, Cordova, and other mobile apps. - Select the defense: Prevent MitM Attacks
2.1. Create and name the Fusion Set (security template) that will contain the Prevent MitM Attacks feature as shown below:
Figure 1: Fusion Set that will contain the Prevent MitM Attacks feature
Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).
2.1.1 When you select Prevent MitM Attacks, you’ll notice that the Fusion Set you created in step 2.1.1 now bears the icon of the protection category that contains Prevent MitM Attacks.
Figure 2: Fusion Set that displays the newly added Trusted Domains protection.
Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory).2.1.2 Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set. Copy the Fusion Set ID from the Fusion Set Detail Summary (as shown below):
2.1.3 Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, Jenkins, Travis, Team City, Circle CI, or other systems:
2.1.3.1 Refer to the Appdome API Reference Guide for API building instructions.
2.1.3.2 Check Appdome’s GitHub Repository for sample APIs.2.2 Add the Prevent MitM Attacks to the security template
2.2.1 Navigate to Build > Security tab > Secure Communication section in the Appdome Console.
2.2.2 Expand Prevent MitM Attacks > Session Control Accordion
2.2.3 Click + Add Trusted Domain and provide a list of trusted domains using standard wildcard patterns for Prevent MitM Attacks.
Figure 3: Selecting Prevent MitM Attacks and adding a list of trusted domains
Note: The Appdome platform displays the Mobile Operating System supported by each defense in real-time. For more details, see our OS Support Policy KB.
3. Initiate the build command either by clicking Build My App or via your CI/CD.
Certify the Prevent MitM Attacks feature in Android Apps.
After building Prevent MitM Attacks, Appdome generates a Certified Secure™ certificate to guarantee that the Prevent MitM Attacks with the list of trusted domains has been added and is protecting the app. To verify that the Prevent MitM Attacks protection has been added to the mobile app, locate the protection in the Certified Secure™ certificate as shown below:
Related Articles:
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
