How to Use Client Certificates to Validate Mobile Apps, protect against bots

 

Learn how to use mobile client certificates to ensure that only validated apps can connect to your backend servers.

Background

Mobile apps connect to all sorts of external services. They connect to their host server to authenticate users, to download content, to connect to other mobile resources, and more. Mobile apps also connect to 3rd party services embedded in the app, such as payment providers, analytics vendors, location services, and more. As a mobile app connects with the outside world, hackers and malicious parties can intercept and spy on each connection, exploit unprotected connections to steal data, compromise the app, and destroy the user experience and your brand. Preventing MitM attacks is a very important part of ensuring secure connections and delivering a layered security defense. In fact, OWASP, a leading nonprofit foundation that works to improve the security of software, lists insecure communication as one of its OWASP Mobile Top 10 risks.

Appdome is a no-code mobile security and development platform that enables anybody to add a wide variety of security features, SDKs and APIs to Android and iOS applications. Using a simple ‘click to add’ user interface, anyone can use mobile client certificates in any app in seconds, no-code or coding required.

This Knowledge Base article describes how to pin mobile client certificates to a mobile app so that only trusted, valid mobile apps can connect to protected resources/servers. This protects the backend servers and infrastructure against connections originating from compromised endpoints or malicious bots.

How to Use Mobile Client Certificates to Ensure Only Valid Apps can Connect to Servers

Mobile Client Certificates – Using Appdome’s no-code mobile app security platform, you can ensure that only validated apps can connect to backend servers. This is done by pinning (embedding) the certificate and private key to the mobile app so that only trusted, validated mobile apps can connect to protected resources/servers. This protects the backend servers and infrastructure against connections originating from compromised endpoints or malicious bots. It enables the app to present a unique client-side certificate as part of the initial TLS connection to its server (provided that the server is configured to distribute digital certificates via SCEP or similar protocol).

4 Easy Steps to Use Mobile Client Certificates in Android & iOS apps

Please follow these 3 easy steps to add Mobile Client Certificates to any iOS and Android app using Appdome.

  1. Upload an Android or iOS App to Appdome’s no code security platform (.apk, .aab, or .ipa)
  2. In the Build Tab, under Security, expand Secure Communication, switch ON Mobile Client Certificates
  3. Upload client’s private certificate and key (client P12/PKCS) for authentication.
  4. Click Build My App

appdome mobile client certificates

 

appdome fusion success message simulator and emulator prevention

Prerequisites

Here’s what you need to build secured apps with Mobile Client Certificates

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.

How To Learn More?

Read other Secure Communication Knowlege Base Articles:

Secure Certificate Pinning

MitM attack prevention

Learn more about Appdome Platform or request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Liron Dror

Have a question?

Ask an expert

DanaMaking your security project a success!