How to Use Appdome AppID In Mobile Bot Defense
What is Appdome AppID?
Appdome AppID serves as a unique identifier, functioning like a fingerprint for the app token and build ID within the Appdome system. This identifier makes it possible to distinguish between different fusion sets or versions of apps built using Appdome.
Why is Appdome AppID Important?
Appdome’s AppID is a crucial feature for the security and management of mobile applications, especially when it comes to distinguishing between authentic users, legitimate apps and malicious bots—a key aspect of Mobile Bot Defense. The AppID acts as a unique identifier for each version of an app fused with Appdome’s services, allowing customers to track a request back to the specific Appdome version in use. This precise level of tracking is essential for the effective operation of Mobile Bot Defense, as it uses AppID in its suite of app fingerprinting techniques to accurately separate legitimate app traffic from that of malicious bots. In addition to its role in bot detection and defense, the AppID allows customers to customize various shared secrets for distinct app versions. As the app evolves and undergoes multiple build integrations over its lifecycle, each version can have unique configurations, enhancing security and ensuring optimal performance.
Moreover, the method of transmitting Appdome’s AppID via the session header contributes an additional layer of defense. This acts as a robust method of identification that safeguards against unauthorized access in client-server communication, ensuring that each interaction with the server is legitimate and secure. The integration of Appdome AppID within Mobile Bot Defense exemplifies a strategic approach to mobile app protection, reinforcing the infrastructure against sophisticated bot threats and unauthorized access attempts.
Prerequisites for using Appdome’s MobileBot AppID:
To use Appdome’s mobile app security build system to validate a Appdome AppID, you’ll need:
- Appdome account (create a free Appdome account here)
- A license for MOBILEBot™
- Mobile App (.ipa For iOS device or .apk or .aab for Android)
- Signing Credentials (see Signing Secure Android apps and Signing Secure iOS apps)
Note: The “Appdome AppID” is integrated within the “Session Headers” feature. For your convenience, there’s no need to construct separate fusion sets—simply build one comprehensive set for “Session Headers” to include the Appdome AppID functionality.
Building the Appdome AppID feature via Appdome Console
- To build the Appdome AppID protection using Appdome Console, follow the instructions below:
- Where: Inside the Appdome Console, go to Build > Anti Bot Tab > MOBILEBot™ Defense section
- How: Toggle (turn ON) Session Headers, then, toggle (turn ON) Appdome AppID™ as shown below.
Figure 3: Validate Session Headers
When you select Session Headers you’ll notice that the Fusion Set you created now bears the icon of the protection category that contains Anti Bot defense.
Figure 4: Fusion Set that displays the newly added Session Headers protection
- Click Build My App at the bottom of the Build Workflow (shown in Figure 3).
- Certify the Session Headers feature in Mobile Apps.
After building Session Headers, Appdome generates a Certified Secure™ certificate to guarantee that the Session Headers protection has been added and is protecting the app.
To verify that the Session Headers protection has been added to the mobile app, locate the protection in the Certified Secure™ certificate as shown below:
Figure 5: Certified Secure™ certificate
Each Certified Secure™ certificate provides DevOps and DevSecOps organizations the entire workflow summary, audit trail of each build, and proof of protection that Session Headers have been added to each Mobile app. Certified Secure provides instant and in-line DevSecOps compliance certification that Session Headers and other mobile app security features are in each build of the mobile app.
Using Appdome, there are no development or coding prerequisites to build secured Mobile Apps using Session Headers. There is no SDK and no library to code or implement in the app and no gateway to deploy in your network. All protections are built into each app and the resulting app is self-defending and self-protecting.
Releasing and Publishing Mobile Apps with Session Headers
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
- Customizing, Configuring & Branding Secure Mobile Apps
- Deploying/Publishing Secure mobile apps to Public or Private app stores
- Releasing Secured Android & iOS Apps built on Appdome.
All apps protected by Appdome are fully compatible with any public app store, including Apple App Store, Google Play, Huawei App Gallery and more.
- How to Use Appdome MOBILEBot™ Defense
- How to Use Fastly WAF with Appdome MOBILEBot™ Defense
- How to Use Imperva WAF with Appdome MOBILEBot™ Defense
- How to Use Akamai WAF with Appdome MOBILEBot™ Defense
- How to Configure GCP for a WAF to Use Appdome MOBILEBot™ Defense
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.