How to Notify Users If SSL Certificate Mismatch Detected

Learn how to customize the App Compromise Notification that will display to a mobile user if Appdome detects a certificate pinning mismatch (ie: if a digital certificate presents a public key to the app which differs from that of the pinned certificate).

Certificate Pinning Explained

Digital Certificates are usually verified against intermediate CA certificates, which are then verified against root CA certificates. Root CA certificates are normally stored on a device’s trusted CA store.

Certificate Pinning is the process in which an app stores specific certificates or public key hashes in the app itself, thereby foregoing the verification process as described above. With certificate pinning, the app verifies a server certificate or CA certificate it received directly against the stored certificate or public key hash. If there is a mismatch, the session will be dropped and an App Compromise Notification will be displayed to the mobile user.

Appdome is a no-code mobile app security platform designed to add security features like Secure Certificate Pinning to Android and iOS apps without coding. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily customize the App Compromise notification message when Appdome detects a Certificate Pinning mismatch.

3 Easy Steps to Notify Users If SSL Certificate Mismatch Detected

Please follow these 3 easy steps to Notify Mobile Users if SSL Certificate Mismatch is Detected.

    1. Upload an Android or iOS App to Appdome’s no code security platform (.apk, .aab, or .ipa)
    2. In the Build Tab, under Security, expand Secure Communication, switch ON Trusted Session, switch ON SecureAPI
      • Enter a Service Domain
      • Select a Pinning Scheme
      • Add Certificate(s)
        • Enable Threat Events and customize the Certificate Pinning Mismatch Message notification.
    3. Click Build My App

 

customizing App Compromise Notifications

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

Prerequisites

Here’s what you need to build secured apps with App Compromise Notifications.

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.

Troubleshooting Tips – Learn the Differences between a Mobile App ‘Crashing’ and ‘Closing’

It’s important to understand the differences between apps ‘crashing’ and ‘closing’. In short, when an app crashes, it shuts down due to a bug or defect in the code. Crashing is unintentional. There may be times when a mobile app will close/shut down unexpectedly in response to a detected mobile threat, particularly if the app has been secured with certain features from Appdome’s Mobile App Security suite. In such cases, the behavior is intentional and expected. For example, for apps protected by Jailbreaking/ Rooting Prevention, when the app detects that it is running on a device that has been rooted or jailbroken, the default behavior is for the app to shut itself down in order to protect itself, as well as to protect the mobile user and data. Read this KB to understand the most common reasons for an Appdome-secured app to shut itself down.

How Do I Learn More?

Check out the KB article on Appdome Mobile Security Suite

To zoom out on this topic, visit Appdome for Mobile App Security on our website.

Or request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

 

Alan Bavosa

Have a question?

Ask an expert

EnrikaMaking your security project a success!