ONEShield™ No-Code Mobile RASP Explained
Learn how to protect mobile apps with App Integrity/Structure Scan, Anti-Tampering, Detect Debugger Code Manipulations, Prevent Running on Simulators and Emulators, Checksum Validation, Anti-Debugging, Anti-Emulator, Obfuscate Built Services, and more.
This Knowledge Base article explains how you can use Appdome’s no-code mobile RASP to harden any mobile app and protect against tampering, dynamic analysis, reverse engineering, debugging, emulators, and more.
We hope you find it helpful and enjoy using Appdome!
About ONEShield Mobile App Shielding/App Hardening
ONEShield™ is Appdome’s mobile RASP solution which includes Anti-Tampering, Anti-Debugging, Anti-Emulator protections, and other features – making Appdome the single most comprehensive solution for mobile app protection.
The Appdome platform adds ONEShield™ to every app our customers build on Appdome, so each app gets equipped with advanced mobile app hardening automatically! Whether you’re building Appdome Mobile Security Suite, EMM SDKs, or an Identity SDK, your app will automatically be protected with ONEShield advanced app shielding.
The app you are building on Appdome can be built with any native tool, such as Xcode for iOS or Android Studio, or any other framework, including hybrid and cross-platform frameworks such as Xamarin, Cordova, React Native, and Flutter. ONEShield™ by Appdome supports only ARM 64-bit architectures.
ONEShield™ includes all of the following app hardening features:
Anti-Debugging will do the following, depending on the platform:
- Connecting a debugger will cause the debugging client (lldb) to halt.
- After a sufficient wait time, the debug session will terminate and the debugger will crash.
- Attempting to attach to the process with a debugger, tracing tool, or code injectors will result in the app misbehaving in random and unpredictable ways. The app will eventually terminate.
- Attempting to debug the Java Virtual Machine (JVM) using JDB (or anything that utilizes the JDWP protocol) will disconnect the debugger automatically.
Detect Debugger Code Manipulations: Appdome actively detects and blocks any code manipulations performed by debuggers and other dynamic analysis tools during the app run-time. This includes blocking hooking frameworks and attack methods that include techniques such as method hooking, function hooking, and API hooking.
Anti-Tampering – Protects against all of the following:
- Resigning the application
- Attempting to Modify the Appdome adapter
- Modifying the application’s executable
- Repackaging the app
Checksum Validation – Checksum validation calculates a cryptographic hash (a unique fingerprint of information, binary data, and assets), and validates the hash at runtime, detecting any modifications to the app, app resources, configuration elements, and more.
App Integrity and Structure Scan – App integrity and structure scan check the app’s composition, data structure, data elements, and communication paths to validate the integrity and authenticity of the app, as well as to detect elements within the app that could be used as attack vectors (such as unknown or malicious URLs).
Appdome looks for weakening elements in the application, such as malicious URLs.
- In iOS apps, the Anti-Emulator feature obfuscates selector references in the primary executable (which prevents cross-reference searches).
- In Android apps, the Anti-Emulator feature obfuscates all plaintext strings in DEX files.
Obfuscate Built Services: Obfuscates Appdome’s code and the new customer-selected services added to the app during Fusion. In addition, the data embedded in Appdome’s code will be encrypted to prevent common “recon” attacks (like searching for strings in the code).
Note: 3rd party services will not be obfuscated. For example, the code responsible forTOTALDataTM Encryption will be obfuscated, while for VMWare Workspace ONE (AirWatch), only the adapter code that glues the SDK to the application will be obfuscated, the VMWare Workspace ONE (AirWatch) code will remain as it is.
Prevent Running on Simulators – A standard method for attackers to compromise mobile apps is to run the app on a simulator, observe the app’s behaviors and study how it functions in a running environment (a process called dynamic code analysis). Appdome detects when the app is running on a simulator and disconnects the app.
Prevent Running on Emulators – Detects if the app is running on an emulator. Emulators can be used to reverse engineer, hack your application, and sniff its communications, making it a security threat.
After selecting and clicking Build My App, in about 20 – 40 seconds, your app will be protected with ONEShield™”.
Follow these step-by-step instructions to add ONEShield™ to Any Mobile App in seconds:
Upload a Mobile App to Your Account
- Click the Build tab.
- In the top menu, select any category (eg: Security, Management, Access, Identity, Mobile Threat, etc).
- (optional) switch on the feature and add any configuration or input requirements (if needed).
- Click Build My App.
After Adding ONEShield™ to a Mobile App on Appdome
After you have added ONEShield™ to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Add Context™ to the Appdome-Built App
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read the Knowledge Base article How to Update App Icon Branding in Secure Android & iOS Apps.
Sign the Appdome-Built App (Required)
In order to deploy an Appdome-Built app, the app must be signed. Signing iOS apps and Signing Android apps on Appdome is easy. Alternatively, you can use Private Signing, download your unsigned app, and sign locally using your own signing methods.
Deploy the Appdome-Built App to a Mobile Device
Once you have signed your Appdome-Built app, you can deploy it using your distribution method of choice. For more information on deploying your Appdome-Built apps, please read the Knowledge Base article How to Auto Publish Secured Android & iOS Apps to app stores.
That is it – Enjoy Appdome’s ONEShield™ protection in your app!
How Do I Learn More?
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.