How to use MobileBOT Source™ with Mobile Bot Defense

Last updated May 6, 2024 by Appdome

What is MobileBOT Source™?

MobileBOT Source™ offers mobile app developers the option to add a set of App-Specific Key Values to their app’s payload. These key values are then utilized to check the legitimacy of session interactions, ensuring that the interactions are secure and authenticated. Developers can define specific key values that are unique to their application. These values could represent various parameters, such as user ID, session ID, transaction ID, etc., that are critical to the app’s functionality and security.

How Does MobileBOT Source™ Protect Mobile Apps?

The primary function of MobileBOT Source™ is to bolster the security of mobile applications by using encrypted, custom key values to track and verify user sessions and interactions. By integrating these key values, developers can more accurately identify and correlate incoming requests to specific users or sessions. This capability is crucial for recognizing and mitigating potential threats, such as bot attacks. For instance, if a request to the server is flagged as suspicious, the source of this request can immediately be traced to a particular user or action within the app, thanks to the predefined key values. This not only helps in promptly blocking malicious activities but also in understanding the behavior patterns of users, thereby significantly enhancing the app’s security measures against automated attacks and other security threats.

Prerequisites for using Appdome’s MobileBOT Source™:

To use Appdome’s mobile app security build system for Mobile Bot Defense, you’ll need:

Appdome account (create a free Appdome account here)
A license for MobileBOT Source™
Mobile App (.ipa for iOS device or .apk or .aab for Android)
Signing Credentials (see Signing Secure Android apps and Signing Secure iOS apps)

How to Setup MobileBOT Source™ on Mobile apps using Appdome

On Appdome, follow these 3 simple steps to create self-defending Mobile Apps that use MobileBOT Source™ without an SDK or gateway:

Upload the Mobile App to Appdome’s Mobile App Security Build System
- Upload Method: Appdome Console or DEV-API
- Mobile App Formats: .ipa for an iOS device or .apk or .aab for Android
- MobileBOT Source™ Compatible With: Obj-C, C+, Java, JS, C#, C++, Swift, Kotlin, Maui, Xamarin, and more.
Build the feature: MobileBOT Source™
- Build MobileBOT Source™ using Appdome’s DEV-API:
- Create and name the Fusion Set (security template) that will contain the MobileBOT Source™ feature as shown below:
  
  Figure 1: Fusion Set that will contain the MobileBOT Source™ feature
  Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).
- To add the MobileBOT Source™ feature to this Fusion Set, follow the steps in the Building the MobileBOT Source™ via Appdome Console section.
- Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set, as shown in Figure 1 above, and get the Fusion Set ID from the Fusion Set Detail Summary (as shown below)
  
  Figure 2: Fusion Set Detail Summary
  
  Note: Annotating the Fusion Set to identify the protection(s) selected is optional (not mandatory).
- Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit such as Bitrise, App Center, Jenkins, Travis, Team City, Circle CI, or other systems
- Build an API for the app – for instructions, see the tasks under Appdome API Reference Guide
- Look for sample APIs in Appdome’s GitHub Repository

Building the MobileBOT Source™ feature via Appdome Console

To build the MobileBOT Source™ protection using Appdome Console, follow the instructions below:

Where: Inside the Appdome Console, go to Build > Anti Bot Tab > MobileBOT™ Defense section
How: Toggle (turn ON) Session Headers > MobileBOT Source™, as shown below.
Figure 3: Validate MobileBOT Source™
When you select MobileBOT Source™, you’ll notice that the Fusion Set you created now bears the icon of the protection category that contains MobileBOT Source™.

Figure 4: Fusion Set that displays the newly added MobileBOT Source™ protection
Click Build My App at the bottom of the Build Workflow (shown in Figure 3).
Certify the Session Headers feature in Mobile Apps.
After building MobileBOT Source™, Appdome generates a Certified Secure™ certificate to guarantee that the MobileBOT Source™ protection has been added and is protecting the app.
To verify that the MobileBOT Source™ protection has been added to the mobile app, locate the protection in the Certified Secure™ certificate as shown below:

Figure 5: Certified Secure™ certificate
Each Certified Secure™ certificate provides DevOps and DevSecOps organizations with the entire workflow summary, audit trail of each build, and proof of protection that Session Headers have been added to each Mobile app. Certified Secure provides instant and in-line DevSecOps compliance certification that MobileBOT Source™ and other mobile app security features are in each mobile app build.

Using Input Threat-Events™ for MobileBOT Source™ in Mobile Apps

Note: Input Threat Events are unavailable for multi-platform frameworks such as React Native, Flutter, and Cardova. If you are using these coding languages, it is recommended to build a bridge class that acts as an intermediary between the framework and the mobile native API.

Java

// Define placeholders for key and value
String key = "<KEY_PLACEHOLDER>";
String value = "<VALUE_PLACEHOLDER>";
 
// Create a new intent with the action "UpdateMBDMap"

Intent intent = new Intent("UpdateMBDMap");
 
// Create a bundle to hold the data

Bundle bundle = new Bundle();
 
// Add the key-value pair to the bundle

bundle.putString(key, value);
 
// Attach the bundle to the intent

intent.putExtras(bundle);
 
// Get the application's context

Context context = getApplicationContext();
 
// Set the package name for the intent

intent.setPackage(context.getPackageName());
 
// Send the broadcast with the intent

context.sendBroadcast(intent);

Kotlin

val key = KEY_PLACEHOLDER>"
val value = "<VALUE_PLACEHOLDER>"
val intent = Intent("UpdateMBDMap")
val bundle = Bundle()

bundle.putString(key, value)
intent.putExtras(bundle)
val context = applicationContext
intent.`package` = context.packageName

// Sending information back to Appdome
context.sendBroadcast(intent)

Xamarin/MAUI Android – CSharp

string key = "<KEY_PLACEHOLDER>";
string value = "<VALUE_PLACEHOLDER>";

// Create a new intent with the action "UpdateMBDMap"
Intent intent = new Intent("UpdateMBDMap");

// Create a bundle to hold the data
Bundle bundle = new Bundle();

// Add the key-value pair to the bundle
bundle.PutString(key, value);

// Attach the bundle to the intent
intent.PutExtras(bundle);

// Set the package name for the intent
intent.SetPackage(ApplicationContext.PackageName);

// Send the broadcast with the intent
ApplicationContext.SendBroadcast(intent);

Objective-C

NSString *key = @;KEY_PLACEHOLDER>";
NSString *value = @"<VALUE_PLACEHOLDER>";
NSDictionary *userInfo = @{key: value};

// Sending information back to Appdome
[[NSNotificationCenter defaultCenter] postNotificationName:@"UpdateMBDMap"
                                                    object:nil
                                                  userInfo:userInfo];

Swift

let key = "<KEY_PLACEHOLDER>"
let value = "<VALUE_PLACEHOLDER>"
let userInfo = [key: value]

// Sending information back to Appdome
NotificationCenter.default.post(name: Notification.Name("UpdateMBDMap"),
                                object: nil,
                                userInfo: userInfo)

Xamarin/MAUI iOS -CSharp

String key = "<KEY_PLACEHOLDER>";
String value = "<VALUE_PLACEHOLDER>";

// Create a dictionary to hold the data
NSDictionary userInfo = new NSDictionary(key, value);

// Post a notification with the data
NSNotificationCenter.DefaultCenter.PostNotificationName("UpdateMBDMap", null, userInfo);

Using Appdome, there are no development or coding prerequisites to build secured Mobile Apps using MobileBOT Source™. There is no SDK and no library to code or implement in the app, and no gateway to deploy in your network. All protections are built into each app and the resulting app is self-defending and self-protecting.

Releasing and Publishing Mobile Apps with Session Headers

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:

Customizing, Configuring & Branding Secure Mobile Apps
Deploying/Publishing Secure mobile apps to Public or Private app stores
Releasing Secured Android & iOS Apps built on Appdome.

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.