How to Use Appdome MOBILEBot™ Defense

How Traditional Anti-Bot Offerings Work 

Traditional anti-bot offerings have struggled to keep pace with the evolving diversity and sophistication of mobile applications, often trying to force-fit bot defense methods designed for web applications onto mobile frameworks. This mismatch often requires mobile app developers to change the mobile application network stack, remove valuable TLS protecting network connections, or limit bot defense to singular hosts. The result, for the increasingly mobile app-driven economy, is that larger parts of the mobile infrastructure are left vulnerable to mobile bot attacks, fraud, ATOs, API abuse, credential stuffing and more.

What is Appdome MOBILEBot™ Defense?

The new MOBILEBot™ Defense solution offers mobile brands an unparalleled bot detection, comprehensive intelligence, and rapid defense against malicious bots, credential stuffing and ATOs in mobile app business lines.

Appdome’s MOBILEBot™ combines several defense methods to address these weaknesses and provide a robust solution for securing mobile apps against malicious bots. Appdome’s MOBILEBot™ offers full support for all mobile languages and frameworks, including Obj-C, C+, Java, JS, C#, C++, Swift, Kotlin, Flutter, React Native, Unity, Xamarin, Cordova and more. Integration with your mobile apps is facilitated through a No-Code, No-SDK, and Fully Automated Delivery, built to integrate seamlessly with mobile DevOps pipelines.

Overview of Appdome MOBILEBot™ Defense Features

MOBILEBot™ Defense

Protected Host
The Mobile AntiBot solution, is configured to allow the addition of multiple protected hosts. Each host is individually fortified with several security features such as mTLS Pre-Authentication, Session Headers, and Secure Certificate Pinning.

mTLS Pre-Authentication
Appdome’s mTLS Pre-Authentication can be used as fourth verification layer before the Anti-Bot payload is sent to the WAF using a P12 client certificate in the TLS handshake. mTLS Re-Authentication is a quick and easy way to identify good mobile app requests from bad.

Heartbeat Solution
The Heartbeat Solution is an advanced security framework by Appdome, designed to safeguard application sessions. It comprises four main elements: Session Headers, Safe Session, At Risk Session, and Payload Signing Key.

Note: The heartbeat solution does not include secure certificate pinning, rate limiting or client certificates.

Session Headers
Appdome’s session headers employs a multi-layered approach with application fingerprinting to guarantee not only a tamper-proof payload but also to enhance the WAF’s ability to thwart session replay attacks. This structure offers the WAF insight into the security status of the device running the protected app. Moreover, the WAF can obtain data on threats identified by the protected app and can accurately differentiate between attacks coming from various devices.

To guarantee that the anti-bot signal cannot be spoofed by an attacker, Appdome protects all data-in-transit with pre-packaged and optional features like Secure Certificate Pinning to the (WAF), TLS Session hardening, active MiTM Defense, as well as optional WAF encryption for the Session Header Payload (over and above the RSA Key). 

Note: Please be aware that Security Certificate Pinning and the Anti Bot Secure Certificate Pinning are mutually exclusive. Implementing them together will result in a conflict within the engine. Ensure to use only one method at a time to avoid potential issues.

Safe Session
Represents sessions that are determined to be safe or not at risk of any threat.

At Risk Session
Represents sessions that are potentially under threat or have detected anomalies.

Payload Signing Key
The public key that Appdome uses to encrypt the payload.

Anti-Bot Connection Hardening

To eliminate hijacking and replay attacks, Appdome MOBILEBot™ Defense solution protects all data-in-rest with pre-packaged features such as data-at-rest encryption for all Anti-Bot configurations, secrets, keys, IDs, etc. as well as a protected memory space for all Anti-Bot functions.

MiTM Attack Prevention enables the performance of mTLS pre-authentication, monitors connections for MiTM attacks, and safeguards connections and anti-bot payload in transit between the anti-bot solution and any industry standard WAF.

Mobile Device & Connection Risk

Mobile Anti Bot Policy

Includes ThreatIDs for jailbreak, root, Magisk, Zygisk, Jailbreak Bypass tool, Frida ToolKit, Emulators and Simulator detection. Standard Risk Policy is ON by default when Anti-Bot is ON.

Note: Please be aware that MiTM Prevention and Mobile Anti Bot Policy features are mutually exclusive. Implementing them together will result in a conflict within the engine. Ensure to use only one method at a time to avoid potential issues.

Advanced On-Device Bot Detection
On-Device Bot Detection is the ability to detect automated programs interacting with the mobile app such as auto-tapping, auto-clickers, memory editing, keystroke injection, emulators, etc. Advanced Bot Detection Intelligence allows payloads to include the Mobile Threat-ID™, detailed threat description, Threat-Score™, attack geolocation, and meta data such as DeviceID and more than two dozen other variables.

Threat Intelligence Policy
Threat Intelligence Policies go beyond Device State and ThreatID to include Threat-Event Meta data like OS, OS version, DeviceID, Threat-Scores and more. Choose the option(s) to be included in your Anti-Bot Payload.