How to Notify Users Of Non-Approved or Unsafe Certificates
Learn how to Notify mobile users of Non-Approved or unsafe SSL certificates, in order to prevent connections to malicious servers. No Code, No SDK required.
About Certificate Signature Hardening
Appdome Certificate Signature Hardening service secures your app’s connections by verifying that aside from being secure HTTP connections, the certificates are also signed using strong encryption and hashing methods. Customers choose one or more of the following options:
- Enforce Strong RSA Signature – enforces leaf and intermediary certificates received from the server to be signed with a Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits
- Enforce Strong ECC Signature – enforces leaf and intermediary certificates received from the server to be signed with an Elliptic-Curve Cryptography (ECC) key with a size of at least 256 bits
- Enforce SHA256 Digest – enforces leaf and intermediary certificates received from the server to be signed using a Secure Hash Algorithm 2 (SHA-2) with a digest length of at least 256 bits (SHA-256 or greater)
App Compromise Notifications
When Appdome’s technology detects that a mobile app is using a certificate that has been signed using weak encryption, the default behavior is to display an App Compromise Notification to the mobile user and drop the connection.
This Knowledge Base article provides instructions on how to customize the Certificate Signature Hardening Enforcement Notification.
We hope you find it useful and enjoy using Appdome!
3 Easy Steps to Notify Users Of Non-Approved or Unsafe Certificates
Appdome is a no-code mobile app security platform designed to add security features, like SSL Certificate Hardening. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily secure mobile app sessions.
Please follow these 3 easy steps to Notify Users Of Non-Approved or Unsafe Certificates
- Add a mobile app to your Appdome account.
- From the “Build” tab, click Security, then Secure Communications, switch on Trusted Session, expand Session Management and switch on one or more of the following options:
– Enforce Strong RSA Signature
(optional) Fill out the custom message that is displayed in case of a security event.
– Enforce Strong ECC Signature
(optional) Fill out the custom message that is displayed in case of a security event.
– Enforce SHA256 Digest
(optional) Fill out the custom message that is displayed in case of a security event.
(optional) Enable Threat Events if you wish that your app will handle Appdome events.
3. Click Build My App
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Prerequisites
Here’s what you need to build secured apps with App Compromise Notifications.
- Appdome account (If you don’t have an Appdome account, create a free Appdome account here)
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
- Signing Credentials (e.g., signing certificates and provisioning profile)
No Coding Dependency
How to Sign & Publish Secured Mobile Apps Built on Appdome
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
- Signing Secure iOS and Android apps
- Customizing, Configuring & Branding Secure Mobile Apps
- Deploying/Publishing Secure mobile apps to Public or Private app stores
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
Troubleshooting Tips – Learn the Differences between a Mobile App ‘Crashing’ and ‘Closing’
It’s important to understand the differences between apps ‘crashing’ and ‘closing’. In short, when an app crashes, it shuts down due to a bug or defect in the code. Crashing is unintentional. There may be times when a mobile app will close/shut down unexpectedly in response to a detected mobile threat, particularly if the app has been secured with certain features from Appdome’s Mobile App Security suite. In such cases, the behavior is intentional and expected. For example, for apps protected by Jailbreaking/ Rooting Prevention, when the app detects that it is running on a device that has been rooted or jailbroken, the default behavior is for the app to shut itself down in order to protect itself, as well as to protect the mobile user and data. Read this KB to understand the most common reasons for an Appdome-secured app to shut itself down.
How Do I Learn More?
Check out the KB article on Appdome Mobile Security Suite
To zoom out on this topic, visit Appdome for Mobile App Security on our website.
Or request a demo at any time.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.