How to Secure Mobile App Sessions, SSL Certificate Hardening

Last updated November 11, 2021 by Alan Bavosa

Learn 3 Easy Steps to secure mobile app sessions in Android and iOS Apps using SSL Certificate Hardening.

Why SSL Certificate Hardening is needed to protect Android and iOS Apps

In order to prevent certificate modification and MiTM attacks, certificates are generally signed. Most certificates are hashed using a hashing algorithm to produce a cryptographic hash, which is then encrypted using the CA’s private key. Generally speaking, the security of a certificate is determined by 2 things:

the encryption strength of the private key that was used to sign the certificate and
the strength of the hashing function used in the signature.

Until a few years ago, most certificates relied on the SHA1 hashing function, which is now obsolete and considered insecure. Most security professionals and reputed security organizations now recommend SHA-2, which has a significantly stronger key strength.

Appdome’s Certificate Signature Hardening protects all your application connections and enforces strong encryption and hashing methods such as RSA, ECC, and SHA-256 on each certificate signature.

Appdome Certificate Signature Hardening service secures your app’s connections by verifying that aside from being secure HTTP connections, the certificates are also signed using strong encryption and hashing methods with the following options:

Enforce Strong RSA Signature – enforces leaf and intermediary certificates received from the server to be signed with a Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits
Enforce Strong ECC Signature – enforces leaf and intermediary certificates received from the server to be signed with an Elliptic-Curve Cryptography (ECC) key with a size of at least 256 bits
Enforce SHA256 Digest – enforces leaf and intermediary certificates received from the server to be signed using a Secure Hash Algorithm 2 (SHA-2) with a digest length of at least 256 bits (SHA-256 or greater)

This Knowledge Base article provides step-by-step instructions for using Appdome to enforce Certificate Signature Hardening to increase the strength of digital certificates used in Android and iOS apps.

We hope you find it useful and enjoy using Appdome!

3 Easy Steps to use SSL Certificate Hardening in Android and iOS Apps

Appdome is a no-code mobile app security platform designed to add security features, like SSL Certificate Hardening. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily secure mobile app sessions.

Please follow these 3 easy steps to Secure Mobile App Sessions with SSL Certificate Hardening.

Add a mobile app to your Appdome account.
From the “Build” tab, click Security, then Secure Communications, switch on Trusted Session, expand Session Management and switch on one or more of the following options:

– Enforce Strong RSA Signature

(optional) Fill out the custom message that is displayed in case of a security event.

– Enforce Strong ECC Signature
(optional) Fill out the custom message that is displayed in case of a security event.

– Enforce SHA256 Digest
(optional) Fill out the custom message that is displayed in case of a security event.

(optional) Enable Threat Events if you wish that your app will handle Appdome events.

3. Click Build My App

Congratulations! You now have a mobile app fully integrated with Certificate Signature Hardening

appdome platform fusion success message

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps with Certificate Signature Hardening. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

Prerequisites for Certificate Signature Hardening

Here’s what you need to build secured apps with Certificate Signature Hardening

Appdome account (If you don’t have an Appdome account, create a free Appdome account here)
Mobile App (.ipa for iOS, or .apk or .aab for Android)
Signing Credentials (e.g., signing certificates and provisioning profile)

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps with Certificate Signature Hardening. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:

Signing Secure iOS and Android apps
Customizing, Configuring & Branding Secure Mobile Apps
Deploying/Publishing Secure mobile apps to Public or Private app stores

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.

How to Learn More

For more information on Certificate Signature Hardening and some of the attacks, it can thwart such as mobile Phishing and MiTM attacks, check out this blog.

To zoom out on this topic, visit Appdome for Mobile App Security on our website.

Here’s a helpful article on hashing and encryption.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Request a demo at any time.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.