How to Use an In-App Generated Seed Encryption Key in Android & iOS Apps

Last updated June 6, 2024 by Appdome

This Knowledge Base article summarizes the steps needed to provide your own seed to generate encryption keys used by a mobile app for Appdome data at rest encryption.

What is an In-App Generated Seed?

An external seed for data-at-rest encryption is a number used to initialize a pseudo or random number generator, which creates the encryption keys utilized in data-at-rest encryption for mobile apps.

About External Seed for Data at Rest Encryption

With In-App Generated Seed for Data at Rest Encryption, developers or other mobility, security, or IT professionals can seed Appdome’s data at rest capabilities with an external secret derived from a backend server or from user input. This results in the derivation of a unique encryption key. The Data at Rest encryption key will be seeded via Appdome Input Threat-Events.  With Input-Events™, you can use Appdome to handle in-app events and seed your key internally.

Prerequisites for In-App Generated Seed For Data at Rest Encryption

There are some app developer steps you can take with apps to set an external seed to receive the key that is being sent for Data-at-Rest encryption.

Initialize In-App Generated Seed on Mobile apps using Appdome

On Appdome, follow these simple steps to create self-defending Mobile Apps that Initialize In-App Generated Seed without an SDK or gateway:

  1. Upload a Mobile App to Appdome’s Mobile App Security Build System

    • Upload Method: Appdome Console or DEV-API
    • Mobile App Formats: .ipa for iOS, or .apk or .aab for Android
    • Data at Rest Encryption > In-App Generated Seed Compatible With: Obj-C, Java, JS, C#, C++, Swift, Kotlin, Flutter, React Native, Unity, Xamarin, and more
  2. Build the feature: Data at Rest Encryption > In-App Generated Seed

    • Building Data at Rest Encryption > In-App Generated Seed using Appdome’s DEV-API:
        • Create and name the Fusion Set (security template) that will contain the Data at Rest Encryption > In-App Generated Seed feature as shown below:

      In-App Generated Seed Fusion Set

      Figure 1: Fusion Set that will contain the Data at Rest Encryption > In-App Generated Seed feature
      Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).

      • To add the Data at Rest Encryption> In-App Generated Seed feature to this Fusion Set, follow the steps in section 3, Building the Data at Rest Encryption > In-App Generated Seed feature via Appdome Console.

      • Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set, as shown in Figure 1 above, and get the Fusion Set ID from the Fusion Set Detail Summary (as shown below):
        fusion Set Detail Summary image

        Figure 2: Fusion Set Detail Summary
        Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory).

      • Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, App Center, Jenkins, Travis, Team City, Circle CI, or other system:

  3. Building the Data at Rest Encryption > In-App Generated Seed feature via Appdome Console

    Follow the instructions below to build the Data at Rest Encryption > In-App Generated Seed protection using the Appdome Console.

    • Where: Inside the Appdome Console, go to Build Security Tab > TOTALData™ Encryption section.
    • How: Toggle (turn ON) Data at Rest Encryption > In-App Generated Seed, as shown below.Data at Rest Encryption > In-App Generated Seed option

      Figure 3: Initialize In-App Generated Seed option

    • When you select the Data at Rest Encryption > In-App Generated Seed, you’ll notice that the Fusion Set you created in Step 2 now bears the icon of the protection category that contains Data at Rest Encryption > In-App Generated Seed.

      Fusion Set applied Data at Rest Encryption > In-App Generated Seed

      Figure 4: Fusion Set that displays the newly added Data at Rest Encryption > In-App Generated Seed protection

    • Click Build My App at the bottom of the Build Workflow (shown in Figure 3).


      Congratulations!  The In-App Generated Seed protection is now added to the mobile app.
  4. Certify the Data at Rest Encryption > In-App Generated Seed feature in Mobile Apps

    After building Data at Rest Encryption > In-App Generated Seed, Appdome generates a Certified Secure™ certificate to guarantee that the In-App Generated Seed protection has been added and is protecting the app.
    To verify that In-App Generated Seed protection has been added to the mobile app, locate the protection in the Certified Secure™ certificate as shown below:
    Myandroidapp Certificate In App Generated Seed
    Figure 5: Certified Secure™ certificate
    Each Certified Secure™ certificate provides DevOps and DevSecOps organizations with the entire workflow summary, audit trail of each build, and proof of protection that Data at Rest Encryption > In-App Generated Seed has been added to each Mobile app. Certified Secure provides instant and in-line DevSecOps compliance certification that Data at Rest Encryption > In-App Generated Seed and other mobile app security features are in each build of the mobile app.

Using Input Threat-Events™ for In-App Generated Seed in Mobile Apps

Use the following code to input the external seed for the key with Data at Rest Encryption for iOS and Android.

Note: Input Threat Events are unavailable for multi-platform frameworks such as React Native, Flutter, and Cardova. If you are using these coding languages, it is recommended that you build a bridge class that acts as an intermediary between the framework and the mobile native API.

Java

// Define placeholders for key and value
String key = "Seed";
String value = "<SECRET_VALUE_PLACEHOLDER>";
 
// Create a new intent with the action "SeedDataAtRest"

Intent intent = new Intent("SeedDataAtRest");
 
// Create a bundle to hold the data

Bundle bundle = new Bundle();
 
// Add the key-value pair to the bundle

bundle.putString(key, value);
 
// Attach the bundle to the intent

intent.putExtras(bundle);
 
// Get the application's context

Context context = getApplicationContext();
 
// Set the package name for the intent

intent.setPackage(context.getPackageName());
 
// Send the broadcast with the intent

context.sendBroadcast(intent);

Kotlin

val key = KEY_PLACEHOLDER>"
val value = "<SECRET_VALUE_PLACEHOLDER>"
val intent = Intent("SeedDataAtRest")
val bundle = Bundle()

bundle.putString(key, value)
intent.putExtras(bundle)
val context = applicationContext
intent.`package` = context.packageName

// Sending information back to Appdome
context.sendBroadcast(intent)

Xamarin/MAUI Android – C#

string key = "<KEY_PLACEHOLDER>";
string value = "<SECRET_VALUE_PLACEHOLDER>";

// Create a new intent with the action "SeedDataAtRest"
Intent intent = new Intent("SeedDataAtRest");

// Create a bundle to hold the data
Bundle bundle = new Bundle();

// Add the key-value pair to the bundle
bundle.PutString(key, value);

// Attach the bundle to the intent
intent.PutExtras(bundle);

// Set the package name for the intent
intent.SetPackage(ApplicationContext.PackageName);

// Send the broadcast with the intent
ApplicationContext.SendBroadcast(intent);

Objective-C

NSString *key = @;KEY_PLACEHOLDER>";
NSString *value = @"<VALUE_PLACEHOLDER>";
NSDictionary *userInfo = @{key: value};

// Sending information back to Appdome
[[NSNotificationCenter defaultCenter] postNotificationName:@"SeedDataAtRest"
                                                    object:nil
                                                  userInfo:userInfo];

Swift

let key = "<KEY_PLACEHOLDER>"
let value = "<VALUE_PLACEHOLDER>"
let userInfo = [key: value]

// Sending information back to Appdome
NotificationCenter.default.post(name: Notification.Name("SeedDataAtRest"),
                                object: nil,
                                userInfo: userInfo)

Xamarin/MAUI iOS -C#

String key = "<KEY_PLACEHOLDER>";
String value = "<VALUE_PLACEHOLDER>";

// Create a dictionary to hold the data
NSDictionary userInfo = new NSDictionary(key, value);

// Post a notification with the data
NSNotificationCenter.DefaultCenter.PostNotificationName("SeedDataAtRest", null, userInfo);

How to Sign & Publish Secured Mobile Apps Built on Appdome

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

How to Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

Appdome

Want a Demo?

Mobile Data Encryption

AlanWe're here to help
We'll get back to you in 24 hours to schedule your demo.