This Knowledge Base article lists 3 Easy Steps to Use Checksum Validation to Prevent Unauthorized changes to iOS and Android apps. No Code, Zero Dev, No SDK.
We hope you find it useful and enjoy using Appdome!
Any mobile application passes two major stages on its way to a mobile device: 1) a developer builds it, and then it 2) gets uploaded to a mobile store from which it gets installed on the user’s device. But there’s a problem here, how does the application’s author/owner know that the application that is installed on the user’s device is the same application that left her build-system? In other words, how does a developer prevent code injections & flow changes in their mobile apps. One of the methods to ensure no modifications occur is for the application to verify its own integrity using checksum validation. A checksum is a unique identifier that reflects the composition of the application (code, data, assets, etc..).
Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. The Appdome technology adds Checksum Validation and relevant standards, frameworks and more to the app automatically, with no manual development work at all. Using Appdome, Checksum Validation will run on the application to validate its integrity.
Checksum Validation is a technique used in the security industry to calculate a unique fingerprint of information, binary data, and assets. By creating checksums, and validating them at run-time, Appdome prevents changes to your app, its resources, code, configuration and more.
Checksum Validation is a built-in part of the Appdome Mobile Security Suite, falls under ONEShield by Appdome.
Appdome’s security features are only added to a mobile app by choice. When you build an app, Appdome generates a checksum of your app and the fusion code to ensure integrity. The checksum is encrypted and embedded into the final, built app. Furthermore, this checksum is calculated and used as an encryption key for the built app, to apply a “seal” to the app.
This process is called “checksum validation and sealing”. When a built app runs, an integrity check is performed to ensure that there is no mismatch in the checksum. If there is a difference, the app will exit. For more information on checksum validation check out our blog. Also, to learn how app shielding can be used to thwart mobile malware, check out this blog.
Follow these step-by-step instructions to prevent code injection & flow changes by adding Checksum Validation to any mobile app:
Checksum Validation is added automatically to every secured mobile app as part of the ONEShield™ bundle.
Congratulations! You now have a mobile app fully built with Checksum Validation.
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps with Checksum Validation. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Here’s what you need to build secured apps with Checksum Validation
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
For more information on Appdome Mobile Security Suite please visit this resource.
To zoom out on this topic, visit Appdome for Mobile App Security on our website.