Certified Secure™ Android & iOS Apps | Guaranteed Security Without Scanning

This Knowledge Base article describes Appdome’s automated mobile app security certification service, called Certified Secure™, including how it works and how to access and download the Certified Secure certificate as part of DevSecOps and Android and iOS release processes.

What is Appdome Certified Secure™?

Certified Secure™ is Appdome’s automated mobile app security certification service designed to help organizations build security and fraud prevention features into mobile apps as part of the SLDC, CI/CD and DevSecOps processes. Certified Secure generates an instantly available, easily accessible and understandable certification covering all security features built into Android and iOS apps by Appdome, either via the Appdome product, via Appdome’s DEV APIs, or as part of a customer’s SDLC, CI/CD and build process. Certified Secure allows organizations to validate and audit exactly which security and fraud prevention features were implemented in Android and iOS applications, trace which app(s) have been secured, which user created the secured build and more. Specifically, Certified Secure is designed to allow customers to:

  • Internally validate security, fraud prevention, internal and industry compliance objectives, build by build.
  • Speed release processes by using the Certify Secure™ certificate in the app release processes (i.e., verify security in apps before publication to public app stores, as part of ‘go/no-go’ app release meetings, etc).
  • Verify that Android and iOS apps, app product lines, and app builds include universal standards of security and fraud prevention, release by release.
  • Reduce or eliminate release blockers discovered by app scanning, code scanning, pen testing, and other services.

Appdome’s Certified Secure™ eliminates the guesswork in security releases, providing instant verification of security readiness to release teams, eliminating a dependency on app scanning, pen tests or other vulnerability assessments at the end of the process (where it is typically too late to act on the results).

What’s in the Certified Secure™ Mobile App Security Certification?

Each Certified Secure certificate is designed to provide documented evidence of each secured build created on Appdome. The sections below illustrate each component of the Certified Secure Certificate and provide details of what’s included in each certificate. appdome certified secure certificate

  1. Quick View Protection Summary
  2. App-Specific Security Attestation-Certification
  3. Complete Build History
  4. Security Template in Use
  5. Android & iOS Security Details
  6. Advanced Enforcement Options
  7. Context/App-specific Configuration
  8. App-Signing Details

Certified Secure certificates are generated each time an Appdome user creates a secure version of an Android or iOS mobile app on Appdome. The certificate can be accessed directly from the users’ account on the Appdome product, or via the confirmation email sent to the user after each secure build is created on Appdome. Each certificate is specific to the app, version, build, and user.

Certified Secure™ Android and iOS App Details

Each Certified Secure™ certification includes a description of the mobile application secured on Appdome, including:

appdome certified secure certificate summary

  • App Icon
  • App Name
  • App Version
  • App Dev Build No
  • App Bundle ID
  • OS

Quick View Protection Summary

Each Certified Secure™ certification includes a description of the Appdome Mobile App Security and Anti-Fraud features added to the Android and iOS app via Appdome, as follows:

    • ONEShield™
    • TOTALCode™ Obfuscationappdome certified secure certificate categories
    • TOTALData™ Encryption
    • OS Integrity
    • Mobile Privacy
    • Secure Communication
    • Mobile Malware Prevention
    • Mobile Privacy Prevention
    • Mobile Fraud Prevention

This provides app-release and security teams quick verification that the target application meets the mobile app security and anti-fraud objectives before each release.

App-Specific Security Certification

Each Certified Secure™ certification includes an attestation and certification that the mobile app is protected by the Mobile App Security and Anti-Fraud features added to the Android and iOS app via Appdome, as follows:

  • App and App Versionappdome certified secure certificate build
  • Build Number
  • OS
  • Team Name – if relevant
  • Date of build
  • Who performed the build
  • Build ID
  • Appdome Version, including whether Freeze Fusion Set is enabled

This provides Appdome’s guarantee that target build meets the mobile app security and anti-fraud objectives as of the date of the certification.

Complete Build History

Each Certified Secure™ certification includes the complete build history of the protected Android and iOS app on Appdome, as follows:

  • Who uploaded the app appdome certified secure certificate context
  • Date and Time
  • Team ID (if applicable)
  • App ID
  • Bundle ID
  • Version Number
  • Dev Build Number
  • Team License type
  • Original App Size

Compliance and certification teams can instantly verify who built the security and ensure segregation of duties.

Security Template in Use

Each Certified Secure™ certification includes the specific mobile app security and anti-Fraud feature template, called a Fusion Set™, used to protect the Android and iOS app, as follows:

  • Appdome API or GUIappdome certified secure certificate template
  • Name of Fusion Set
  • Fusion Set ID
  • Last modified by
  • OS Platform (Appdome OS support policy)
  • Security Size Impact (increase in App size from security features implemented in the app)

Dev and release teams can manage security templates by release, by app(s) or by platform and trace security for apps back to specific templates placed in use at any point in the lifecycle of the app.

Android & iOS Security Plugin/Parameter Details

Each Certified Secure™ certification includes a full list of security plugins and parameters chosen by the Appdome user and built into the application by the Appdome platform.

Plugins and parameters are the specific code sets that have been added by Appdome to implement the security features selected by Appdome customers.

appdome certified secure certificate plugins and parameters

Context Data

Each Certified Secure™ certification includes details and descriptions of any branding and other configurations added to secured Android and iOS apps via Appdome, as follows:

  • Who added Contextappdome certified secure certificate
  • With which Fusion Set
  • Date and Time Context was added
  • Parameters
  • App icon
  • Favicon
  • App name
  • Version
  • Bundle ID

App-Signing Information

appdome certified secure certificate advanced

Each Certified Secure™ certification includes details and descriptions of any branding and other configurations added to secured Android and iOS apps via Appdome, as follows:

  • Sign Type (how the app was signed)
  • Who Signed the app
  • Fusion Set
  • Date and Time the app was signed
  • General data about the signature
  • Certificate SHA-256 Checksum
  • Final App SHA-256 Checksum

Advanced Enforcement Optionsappdome certified secure certificate threat events

  • Details if Appdome Threat-events are in use
  • Threat Event Scoring Value

How to Download the Certified Secure Certificate For Any Mobile App on Appdome

Please follow the steps in this knowledge-based article on how to Build apps with your desired features and successfully implement security features to your Android and iOS mobile apps.

Once you have successfully protected your app using Appdome, you can download Appdome’s Certified Secure™ certificate in one of the following ways:

Download the certificate from the platform notification email

After each successful build on the platform, you will receive a notification to the email of your Appdome account.
You can download the Appdome certificate by clicking on the download link. Then you will be redirected to Appdome’s platform and the certificate will be downloaded automatically.

certified secure example

Download the certificate from the App Workflow Summary Screen

Access the Appdome Workflow Summary screen by clicking the marked button on the Build, Context™ and Sign tabs, or by clicking the “Workflow Summary” button in the Deploy tab.

Download or export the certificate of the current build by clicking on the download icon

Or download the previous build certificate by opening the build history and clicking on the download icon next to the chosen build.

app builds appdome

 

You can also download the Certified Secure certificate using Apdome’s REST-APIs

Prerequisites to Use Certify Secure Android and iOS Apps

In order to download a Certified Secure certificate, you’ll need to protect your app using Appdome

  • Appdome account
  • Mobile App (.ipa for iOS, or .apk or .aab for Android)
  • A license to Appdome Certified Secure™ (separate license required. If you don’t have a license, contact support@appdome.com)
  • Signing Credentials (e.g., signing certificates and provisioning profile)

How To Learn More?

Check out other KB articles on Appdome Certified Secure:

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform, or feel free to request a demo at any time.

 

Liron Dror

Have a question?

Ask an expert

ThomasMaking your security project a success!