How to Prevent non-approved Android, iOS app store publishing

Learn the 3 easy steps to prevent iOS and Android apps from being published to alternative, unauthorized, or malicious appstores. Appdome App Store/ Google Play  Signature Validation enables developers to ensure that apps intended for Google Play and/or Apple’s App Store cannot be published to any other appstores.

Why Should Developers Protect iOS and Android Apps From Being Distributed on Alternative Appstores? 

Fraudsters and other cyber-criminals often create fake apps by copying or cloning existing popular apps and then repackaging, re-signing, and re-distributing those apps on alternative, malicious or non-approved app stores. There are many different methods, techniques and motivations on why this is done.  Here are some of the top reasons cyber-criminals publish mobile apps on alternative app stores:

  • To create fakes, clones or pirated copies of apps and then masquerading as the original app to divert advertising revenue to fraudulent entities, or to generate in-app purchase revenue at the expense of the original app.
  • To embed malware or trojans inside a well-known app for the purpose of tricking users into downloading malware onto the mobile device.
  • To create game mods to be used in mobile game cheating.
  • To create malicious apps that pose as helpful “utility” apps, such as battery-life extenders, QR code generators, calculators, or productivity apps. Once users are tricked into downloading these apps, the malicious apps often run in the background and monitor user activity or broadcast messages, or to learn what other apps the user has installed and also learn when they are using those other apps. The malicious app can then be used to phone home to a C&C botnet network to receive malware updates or to trigger screen overlay attacks at very precise times because the imposter app has been monitoring the user or device activity and knows what the user is doing.
  • To commit mobile click fraud or mobile ad fraud – For instance, sometimes these malicious apps monitor broadcast events about app installs and then generate a barrage of fake clicks at the very last minute in order to take credit for the app install.
  • To trigger screen overlays:  Another way these imposter apps are used is in triggering screen overlay attacks that cover all or a portion of the mobile user’s real screen to trick them to interact with hidden malicious content. The imposter app triggers the screen overlay that matches the timing, size, and screen placement because it has been monitoring the user’s activity.

Whatever their motivation, it is fairly easy for malicious actors to publish fake, malicious or pirated apps on app stores other than Google Play and Apple’s App Store.  They simply download a target app (such as your app) on a Jailbroken or Rooted mobile device, modify the app, and then repackage, re-sign, and re-distribute the fake or pirated mobile app to any app store they want.

Using Appdome’s no-code platform, mobile developers can prevent their iOS and Android apps from being re-signed and re-distributed to alternative, unauthorized, or malicious appstores.

What is App Store/ Google Play Signature Validation?

Appdome App Store/ Google Play Signature Validation validates that apps signed for Apple App Store and Google Play Store cannot be distributed through any other app stores.

Appdome is a no-code mobile app security platform designed to add security features, like App Store / Google Play Signature Validation to any app without coding. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily prevent the protected mobile app from being re-signed, re-packaged and re-distributed on other app stores. 

Apple App Store Signature Validation (iOS apps)

For iOS apps, if the original app was signed for Apple’s App Store, Appdome will prevent the app from being re-signed with a different application identifier. If the app was originally published to the app store, and the application identifier is different than the originally signed app, Appdome will detect the difference and prevent the app from running.

Google Play Store Signature Validation (Android apps)

For Android apps, Appdome will prevent apps from being re-signed and re-distributed on app stores other than Google Play. If Appdome detects that an Android app has been downloaded from an app store other than Google Play, Appdome will prevent the app from running.

3 Easy Steps to add App Store/ Google Play Signature Validation to Android/iOS apps

 Please follow these 3 easy steps to protect Android and iOS apps against piracy using App Store/ Google Play Signature Validation    

  1. Upload a mobile app binary to Appdome (.ipa, .apk or .aab)
  2. In the Build Tab, under Anti-Fraud, Select Anti-Piracy and enable the toggle for Google Play Signature Validation (shown below for Android apps) or App Store Signature Validation (for iOS apps)
  3. Click Build My App

app.store.signature.validation

Congratulations! The app is now protected with App Store/ Google Play Signature Validation.

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps using App Store/ Google Play Signature Validation. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

Prerequisites

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps using Signature Validation to prevent mobile piracy for iOS and Android apps. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, stores, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome  

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

 

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome. 

More Mobile App Security Resources

Here are a few related resources:

Mobile Piracy Prevention

How to Prevent App Signing by Unauthorized Developers

Check out Appdome’s Mobile App Security Suite or request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Alan Bavosa

Have a question?

Ask an expert

NadavMaking your security project a success!

Get Your Copy
2021 Global Mobile
Consumer Security
Survey