Learn how to prevent man-in-the-middle attacks (MiTM) using Appdome. This Knowledge Base article explains how to implement the Appdome Trusted Session feature to prevent mobile Man-in-the-middle attacks. The article also explains how Appdome’s “Permit DNS over TCP” setting works when you implement Appdome Trusted Session.
Appdome is a no-code mobile app security platform designed to add security features, like Permit DNS over TCP to Android and iOS apps without coding. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily secure mobile apps without coding.
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps. When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
You can implement Appdome Trusted Session to prevent man-in-the-middle attacks and other forms of session hijacking. Appdome also protects any app from malicious proxies, modified or untrusted Certificates, and Stale Session renewal.
Appdome Trusted Session validates the authenticity of communication sessions initiated by the app or the server. This includes actively validating TLS/SSL certificates, CAs, session state to prevent any unauthorized modifications.
When implemented in a mobile app, Appdome Trusted Session technology prevents hackers from gaining control over the session before the TLS handshake completes. When the application starts the SSL Handshake with the server, Appdome’s Trusted Session technology inspects the traffic for anything that looks suspicious. When triggered, the Trusted Session will automatically notify the user of the compromise and drop the connection.
The message displayed to the user can be customized.
When you build your app with Trusted Session, you can enable any number of additional Session Controls, as seen below.
When you build your app with Appdome Trusted Session enabled, you can also enable one or more “Session Control” options, including “Permit DNS over TCP”. Building your application with Permit DNS over TCP allows DNS requests over TCP to pass undisrupted.
Follow these step-by-step instructions to enable Appdome Trusted Session and Permit DNS over TCP to a mobile app.
Congratulations! Your app is now secured with Appdome Trusted Session solution.
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
Check out the Appdome Trusted Session KB for more detail on Trusted Session and other optional features available.
If you have any questions, please send them our way at email@example.com or via the chat window on the Appdome platform.