Appdome’s Mobile Security Suite is a comprehensive no-code mobile app security solution that delivers best practice mobile security functionality to any iOS/Android app on-demand, with no coding. Appdome’s Mobile App Security Suite includes six categories of security and mobile app protections, covering every major mobile security category.
This Knowledge Base article provides a comprehensive overview of Appdome’s Mobile App Security Suite.
Mobile App Security Made Easy
Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement mobile app security. Appdome’s Mobile App Security Suite can be added to any iOS or Android app in seconds, with no code or coding.
On Appdome, users merely upload and Android (.apk or .aab) or iOS (.ipa) app, select the new features, SDKs or APIs needed in the apps, and click “Build My App.” There is no development or coding dependencies, no wrappers and no limitation on the development environment used to build the app. Appdome’s technology adds the new features to the mobile app as if the new features were natively coded to the app. Appdome is compatible with all Android and iOS mobile apps, including apps built natively and in non-native development environments like React Native, Cordova, and Xamarin.
Generally speaking, using Appdome requires public data only. For example, Appdome users upload mobile app binaries only (not source code) and implement mobile service vendor SDKs and APIs (all of which are publicly available). Even so, Appdome uses several safeguards to ensure that mobile apps are not malicious, user and project data are safe and access is controlled. Our goal is to protect our users and protect the use of Appdome to facilitate the broad adoption of our service.
The Complete List of Appdome Mobile App Security Suite
Below is a comprehensive listing of all categories, features, and options available in the Appdome Mobile App Security Suite.
Anti Reversing – Encrypts key logical elements and resources within your application such as methods, strings, and assets.
Obfuscate Built Services – Every application contains (embedded in its code) various string constants such as URLs, tokens, names of files, etc. These are an attractive easy target for attackers as it gives them a very firm foot-hold on what a specific piece of code is responsible for, not to mention that some strings are valuable information in the own right (such as authentication tokens, user credentials, API keys and secrets). Appdome located those strings and additional resources during the build and encrypts them. This ensures that they can only be accessed by the application itself. Naturally, if the application has been tampered with, Appdome will not allow access to those strings.
Prevent Running on Simulators/ Emulators – Protects the app by restricting execution to physical mobile devices only. Mobile simulators and emulators are software applications used on a computer as a virtual machine of a mobile device. They are often used to create virtual environments for hackers to scale their attacks, obtain/elevate root permissions, and perform reverse engineering, and hack mobile games.
Data at Rest Encryption – Protects the data the application creates on the device. It will also create a secure data container that will prevent other applications from accessing the app’s encrypted data and prevent the same application on a different device to open this encrypted data as well.
Encrypt and decrypt media files– With this option enabled, Android MediaPlayer can access encrypted media files, regardless of how the application accesses its files.
Exclude Media Files -With this option enabled, media files can be shared to leverage external media apps and browsers
Exclude Web Files – With this option enabled, local web file caching is enabled and will not be encrypted for web-intense apps.
Encrypt In-App Preferences – Encrypt all configuration files under/shared-prefs in Android and specific keys under NSUserDefaults in iOS.
In addition, Appdome offers encryption controls for different app needs:
Smart Offline Handoff – With this option enabled, Appdome will decrypt the app’s data only after authentication with a remote server. Additionally, the developer can specify a folder for offline file access, and specify restriction for offline access to that folder.
Enable Restore From Backup – With this option enabled, the encryption key will be independent of device data, so migrating or restoring the device will not affect access to encrypted data.
In-App Generated Seed – With this option enabled, the app will seed the TotalData-Encryption-Key via event. Until the key is seeded, no files will be encrypted.
Encrypt Java Classes (.DEX files) – Obfuscates and encrypts compiled Java code (ie: Java Classes, aka .DEX files). Only decrypts it during the run time while the app is used, then encrypts it again after use. APPCode Packer is compatible with mobile apps built with any development environment including Xamarin, Cordova, native Android apps, React Native, Ionic, and more app environments.
Appdome-Threat Events – Let’s developers change the default enforcement action upon detected threats. Appdome can pass enriched events or event metadata back to the app so that the app’s own internal event structure, or a 3rd party threat response tool can handle the enforcement action after Appdome detects a threat. When In-App Event handling is enabled (ie: the toggle switch is ON), the event is handled by a mechanism within your app. When In-App Event Handling is OFF, the Appdome Security engine handles the event (usually resulting in the app Exiting after displaying a notification to the end-user).
MiTM Prevention – Performs automatic session validation on all attempted connections with the mobile app. Actively validates the session state machine, TLS certificates.
Malicious Proxy Detection – detects and prevents MITM attacks on the application by preventing connections to unknown, untrusted, malicious proxies, or other intermediary devices.
URL Whitelisting – Ensures that the built app can only connect to a trusted set of destinations or hosts, that you must specify in the URL List setting.
Copy/Paste Prevention – Prevents application data from being copied and pasted outside of the application.
Prevent App Screen Sharing – Prevents screenshots of the Built app and disables screen sharing when presenting or mirroring from a PC.
Blur Application Screen – When enabled, this blurs the application preview screen whenever minimized, protecting selective data from being visible outside the app.
Keylogging Preventions – Disallow all non-OS official keyboards or allow a specific set of keyboards to be used with the application.
Appdome’s App Security Suite is perfect for mobile developers to help them release secure apps from the first use. Building apps on Appdome don’t impact your app functionality or add time to your development cycle. It’s fast, easy, and non-intrusive.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.