How to Validate Runtime Integrity, prevent file changes in Android, iOS apps

Learn 3 Easy Steps to validate runtime integrity of Android and iOS apps to prevent unauthorized, malicious file modifications.

Why Should Developers Validate the Integrity of Android and iOS Apps At Runtime?

Any Android or iOS app can be modified and re-signed by malicious actors, either by adding to or altering the application executable and/or libraries to make an app behavior or function differently. Or they can change assets and resources in order to change the look and feel of an app. This type of malicious activity is often done for the purpose of tricking mobile app users into installing fake malicious apps which they believe are legitimate/useful apps, or to unknowingly dowload Trojans, botnets, or other malware that can be controlled or updated remotely.

If running on a jailbroken or rooted device, the fraudster could also bypass signature checks or other security controls, which makes the app and/or users highly susceptible to abuse, trickery and other forms of mobile fraud.  To prevent unauthorized file-level modifications, mobile developers can use Appdome’s  Runtime Bundle Validation to validate the integrity of each code section of the app on a file-by-file basis, to prevent against highly targeted, sophisticated app alternations that attempt to conceal the activity.

 

What is Appdome Runtime Bundle Validation?

Appdome Runtime Bundle Validation ensures the integrity of iOS and Android apps by running checksums on every file included in the app bundle. Appdome saves cryptographic hashes of the files in the application and compares them to the actual files that are used during runtime. In addition, because some files are changed by Google and Apple after publishing the app, Appdome saves specific content portions for these files and compares the relevant content, as opposed to performing a blind hash validation. This ensures highly accurate detection and minimizes false positives.    Runtime Bundle Validation protects against advanced mobile app tampering techniques and prevents mobile piracy.

Keep reading to learn how to use Appdome to protect any Android and iOS app using Runtime Bundle Validation.

 3 Easy Steps to Use Runtime Bundle Validation to Prevent Mobile App Piracy

Please follow these 3 easy steps to add Runtime Bundle Validation to a mobile app to prevent mobile piracy. 

  1. Upload an Android app (.apk)
  2. In the Build Tab, under Anti-Fraud, Click on Mobile Piracy Prevention, and Toggle ON Runtime Bundle Validation (shown below)
  3. Click Build My App

 

runtime bundle validation

 

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to prevent mobile piracy using Runtime Bundle Validation. When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

Prerequisites

Here’s what you need to build secured iOS and Android apps with Runtime Bundle Validation enabled.  

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps with Runtime Bundle Validation and prevent mobile piracy. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome 

 How to Learn More

Check out the following related KB articles:

How to Prevent App Signing by Unauthorized Developers

How to Prevent non-approved Android, iOS app store publishing

Check out the full menu of features in the Appdome Fraud Prevention

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Or request a demo at any time.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

 

 

 

Alan Bavosa

Have a question?

Ask an expert

LironMaking your security project a success!