How to Connect to Trusted Mobile Hosts with URL Whitelisting
URL Whitelisting ensures that a mobile app connects only to the server URLs which you intended it to connect. This measure protects apps from attacks such as XcodeGhost, which can insert malware and adware into the app, thereby potentially making the app send user data to undesired locations.
This Knowledge Base article provides step by step instructions on how to build URL Whitelisting into any mobile app in minutes, thus only enabling connection to Trusted Mobile Hosts.
What is URL Whitelisting?
URL Whitelisting in mobile apps includes a list of approved, trusted websites that the app is permitted to communicate with. All other URLs are blocked. URL Whitelisting provides a method to identify sites that an app can access. The goal of whitelisting is to provide a safe space for users accessing services via an app.
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps by using URL Whitelisting. When an Appdome user clicks Build My App, Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
3 Easy Steps Add URL Whitelisting to Android & iOS Apps
Follow these 3 Easy Steps to add URL Whitelisting to Any iOS or Android App:
- Upload a mobile app to Appdome (.apk, .ipa, .aab)
- Go to the Build tab, Select Security, Expand Secure Communication, turn on URL Whitelisting.
- Click + Add and add the hostname you want to whitelist
- You can edit the App Compromise Notification (Optional)
- You can use Threat Events to handle compromises internally in the app (Optional)
- Click Build My App.
Congratulations! You now have a mobile app fully integrated with URL Whitelisting.
Prerequisites for URL Whitelisting
Here’s what you need to build secured apps with URL Whitelisting
- Appdome account (If you don’t have an Appdome account, create a free Appdome account here)
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
- Signing Credentials (e.g., signing certificates and provisioning profile)
No Coding Dependency
How to Sign & Publish Secured Mobile Apps Built on Appdome
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
- Signing Secure iOS and Android apps
- Customizing, Configuring & Branding Secure Mobile Apps
- Deploying/Publishing Secure mobile apps to Public or Private app stores
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
How To Learn More?
Or request a demo at any time.
To zoom out on this topic, visit Appdome for Mobile App Security on our website.
Check out the full menu of features in the Appdome Mobile Security Suite
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.
Or request a demo at any time.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.