Threat Events in Android & iOS Apps Explained
Developers can use mobile app threat intelligence with Appdome built apps. After you configured the app, it can receive all security alerts when they occur with iOS and Android apps.
This Knowledge Base article reviews in detail how users can use Threat-Events to respond or enforce actions after Appdome detects a security event in a mobile app.
About Appdome Mobile App Threat-Events
Threat-Events use industry-standard notification methods to pass events from the Appdome layer back to the application so that the application can take further action whenever Appdome detects malicious events against an Appdome-protected app.
When a security event is detected by Appdome, the event can be handled in one of the following ways:
- In-App Detection – Appdome detects the attack or threat and passes the event in a standard format to the app for processing (your app chooses how and when to enforce).
- In-App Defense – When a security event is detected by Appdome, Appdome will pass the event from the Appdome layer to the app. Appdome’s security engine will handle the event, the default behavior is for the app to exit after displaying a compromise notification to the end user (compromise notifications are customizable).
- Enforce Connection Only (only for Secure Communication/MitM Attack Prevention and Secure Certificate Pinning) When a security event is detected by Appdome, Appdome will pass the event from the Appdome layer to the app and will block the connection that triggered the event.
By design, when the mobile application registers to receive Appdome Threat-Events, Appdome will send an initial event. If a security event was detected by Appdome during the app launch/run, the initial event will hold the triggered security event details. If no security event was triggered, the initial event will only indicate a successful registration to Appdome’s Threat-Events (the event fields will hold no data).
About Appdome Threat-Event Score
You also can use Appdome Threat-Event Score for advanced threat handling & response. With Threat-Event Score, you can configure each Threat-Event with a unique score in order to value the importance of a particular threat and/or prioritize how threats are handled after Appdome detects a threat.
Risk scoring allows users to get a threat evaluation based on multiple selected Threat Events at a given time. By assigning a risk weight to each Threat Event, you can prioritize the importance of each event in the total risk assessment.
Appdome divides the Threats into two groups: consistent and volatile. Whereas consistent events affect the total score for the entire session of the app, volatile events only affect the total score for a short period of time. Consistent events include root detection and tampering with the app. All other events are considered volatile.
When activating the Threat-Event Score toggle on Appdome, you can set a numerical value (between 1-1000) that you can set for each applicable Threat-Event for any Android or iOS app. This additional scoring attribute is passed as part of an Appdome Threat-Event. Threat-Event Score attributes are persistent (i.e., fixed) in each mobile app build. To update a Threat-Score to reflect a new risk profile for the app or a given threat, you can re-build the app with a new Threat-Event Score on Appdome.
The Threat-Event Score can be set or adjusted according to a user-defined risk model. Threat-Event Scores can be assigned to multiple threats, allowing you to set a threshold for when a security action or workflow will be taken. With Threat-Event Score, developers are enabled to customize the enforcement model and tailor the user experience according to the relative or absolute importance, criticality, or severity level of each threat.
How to Implement Appdome Mobile App Threat-Events in Android and iOS Apps
Follow these step-by-step instructions to implement Appdome Threat-Events in any iOS or Android app. Two examples are provided below. Follow the instructions on the knowledge-based article for each Appdome security protection that includes Threat-Events, which includes code samples.
Note
For instructions about implementing threat events in Java code, see the Knowledge Base article Implementing Threat Events in Code.
Upload a Mobile App to Your Account
- Appdome account – IDEAL-DEV or Higher.
- Threat-Events license
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
From the Build > Security
Expand the OS Integrity category (optional)
- Click on the toggle to enable Jailbreak Prevention/ Root Prevention, check the Threat Events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Detect Unknown Sources (Android), select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Detect Developer Options, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Detect Banned Devices (Android), select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Require Security Services (Android), select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
Expand the Secured Communication category (optional)
- Click on the toggle to enable Android/iOS MiTM Prevention, select the Threat Events check box, and choose the notification mode (In-App Detection, In-App Defense or Notify on Network Enforcement).
- Click on the toggle to enable Secure Certificate Pinning, select the Threat Events check box, and choose the notification mode (In-App Detection, In-App Defense or Enforce Connection Only).
- Click on the toggle to enable Enforce Cipher Suites, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Enforce TLS Version, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Enforce Certificate Roles, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Enforce Strong RSA Signature, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Enforce Strong ECC Signature, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Enforce SHA256 Digest, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable URL Whitelisting, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
Expand the Mobile Privacy category (optional)
- Click on the toggle to enable Copy/Paste Prevention, select the Threat Events check box, and choose the notification mode (In-App Defense).
- Click on the toggle to enable Prevent App Screen Sharing (iOS), select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
How to Add Threat-Event Score to an Android or iOS App
With Threat-Event turned ON for any applicable feature, turn ON Threat-Event Score and set the Threat-Score to the requested value (1-1000) for each attack or threat.
After you have finished making your selections, Click Build My App
The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add Threat-Events to the mobile app in seconds.
Congratulations! You now have a mobile app Built with Threat-Events™.
No Coding Dependency
How to Sign & Publish Secured Mobile Apps Built on Appdome
After successfully securing your app by using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
- Signing Secure iOS and Android apps
- Customizing, Configuring & Branding Secure Mobile Apps
- Deploying/Publishing Secure mobile apps to Public or Private app stores
Alternatively, see this quick reference guide Releasing Secured Android & iOS Apps built on Appdome.
Related Articles
- Threat-Events™, In-App Threat Intelligence in Native iOS Apps
- Threat-Events™, In-App Threat Intelligence in Kotlin Apps
- Threat-Events™, In-App Threat Intelligence in React Native Apps
- Threat-Events™, In-App Threat Intelligence in Swift Apps
- Threat-Events™, In-App Threat Intelligence in Native Android Apps
How to Learn More
If you want to learn how to troubleshoot common issues with the implementation of threat events, check out the KB article Implementing Threat Events – Best Practices.
If you want to use Threat-Events to respond to threats detected by Appdome ONEShield, check out this KB article on ONEShield Threat Events.
To zoom out on this topic, visit the Mobile App Security page on our website.
Check out the full menu of features in the Appdome Mobile Security Suite.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.
Or request a demo at any time.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.