How to Notify Users When Untrusted Cipher Suite Detected
Learn how to customize the Notification that will display to a mobile user if Appdome detects the use of unauthorized or unapproved TLS Cipher Suites in a TLS session.
App Compromise Notifications – (Cipher Suite Enforcement)
Appdome enables you to restrict the use of Cipher Suites used in TLS sessions with your app, by uploading a list of approved Cipher Suites. Appdome will enforce the use of Cipher Suites to only allow Cipher Suites contained in the list. If Appdome detects the use of unauthorized Cipher Suites, the default behavior is to drop the connection and display an App Compromise Notification to the mobile user.
This Knowledge Base article provides instructions on how to customize the App Compromise notification message when Appdome the use of unauthorized Cipher Suites.
3 Easy Steps to Notify Users when Untrusted Cipher Suite Detected
Follow these 3 Easy Steps to Notify Users when Untrusted Cipher Suite Detected.
You can customize the App Compromise Notification displayed to mobile users when security events trigger the app to exit.
Please follow these steps to add a mobile app to your Appdome account.
- From “Build”, click Security, then Secure Communications, and Turn on Trusted Session
- Expand Session Management, Enable “Enforce Cipher Suites”
- Click Choose File and upload your list of allowed cipher suites. You don’t already have such a file, you can use this template and remove any cipher-suite you want to disallow.
- (Optional) Enable Threat Events and customize the text in the App Compromise Notification free-form text box.
- Click Build My App
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps. When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Congratulations! You now have a mobile app fully integrated with security.
Prerequisites
- Appdome account
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
- Signing Credentials (e.g., signing certificates and provisioning profile)
No Coding Dependency
How to Sign & Publish Secured Mobile Apps Built on Appdome
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
- Signing Secure iOS and Android apps
- Customizing, Configuring & Branding Secure Mobile Apps
- Deploying/Publishing Secure mobile apps to Public or Private app stores
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
How to Learn More
Check out the full menu of features in the Appdome Mobile Security Suite
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.
Or request a demo at any time.
Troubleshooting Tips – Learn the Differences between a Mobile App ‘Crashing’ and ‘Closing’
It’s important to understand the differences between apps ‘crashing’ and ‘closing’. In short, when an app crashes, it shuts down due to a bug or defect in the code. Crashing is unintentional. There may be times when a mobile app will close/shut down unexpectedly in response to a detected mobile threat, particularly if the app has been secured with certain features from Appdome’s Mobile App Security suite. In such cases, the behavior is intentional and expected. For example, for apps protected by Jailbreaking/ Rooting Prevention, when the app detects that it is running on a device that has been rooted or jailbroken, the default behavior is for the app to shut itself down in order to protect itself, as well as to protect the mobile user and data.
Read this KB to understand the most common reasons for an Appdome-secured app to shut itself down.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.