How to Block Mobile App Bots, Add Android/iOS Session Secret

Learn How to Block Mobile App Bot attacks using Session Secrets, and Stop Credential Stuffing Attacks. No Code, No SDK, Continuous Security.

What does a Shared Secret Protect?

Shared Secret is a service that enables developers to specify a secret, such as a unique password, that will be embedded within each mobile app client request. The purpose of the unique secret is to validate that the mobile app is valid, and not an automated bot or botnet. The secret will be verified by the backend server, and will only allow valid clients to connect.

By specifying a unique secret that will be included in the header of every URL request made by the application, this service allows the backend server to identify the mobile app and verify its validity. When this feature enabled, all traffic to the backend server that does not contain the shared secret will be blocked.

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps with a Shared Secret. When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

3 Easy Steps to Block Bots Using a Shared Secret

Please follow these 3 easy steps to block bots in mobile apps using a Shared Secret

  1. Upload an Android or iOS App to Appdome’s no code security platform (.apk, .aab, or .ipa)
  2. In Build, select Security, expand Secure Communication and toggle “ON” Shared Secret. Enter a unique secret in the text field.
    • (Optional) specify a name for the signature header (e.g. X-MYCOMPANY-SIGNATURE).
    • (optional) to encrypt the Shared Secret – Expand the sub-category TOTALData™ Encryption under the Build tab and enable “Data at Rest Encryption”
  3. Click Build My App

block mobile app bots with shared secret

Congratulations! You now have a secured mobile app that will block bots using a Shared Secret.

block mobile app bots

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

Prerequisites for Using Appdome Shared Secret

Here’s what you need in order to use Shared Secret in iOS and Android apps:

  • Appdome account. If you don’t have an Appdome account, click here to create a free Appdome account.
  • Mobile application (.ipa for iOS, or .apk or .aab for Android)
  • Signing Credentials (e.g., signing certificates and provisioning profile)
  • Pre-configured backend server to only allow client requests with the unique shared secret. For example, iRule in F5 Silverline server.

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps with Shared Secret. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.

How To Learn More

Optionally, Shared Secret can be combined with certificate pinning, which verifies the authenticity of the SSL certificates received from the server.

To learn more about how you can add security to any mobile app, visit the Appdome Mobile Security on our website.

You can request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

 

Liron Dror

Have a question?

Ask an expert

TomMaking your security project a success!