How Appdome SiteTrust Prevents Unauthorized Access to Your PWA
Appdome SiteTrust is a Secure PWA feature that protects non-public resources by restricting access/navigation to the home domain only, preventing unauthorized access to the mobile app’s backend and sensitive systems. When enabled, your SecurePWA app will only be able to access trusted domains and sites.
About Appdome SecurePWA
Appdome SecurePWA is a no-code mobile development tool that enables anyone to build secure Android and iOS progressive web apps (PWAs) that run as native or cross-platform Android and iOS apps on any mobile device – instantly, with no code or coding. The only requirement needed to create a Secure PWA is the URL of any existing website, web app, or cloud app. Developers or non-developers use Appdome’s simple ‘click to create’ user interface to build a progressive web application from any responsive website and add a wide variety of mobile security, SDKs, and APIs to their newly created Android and iOS apps in minutes – also with no code or coding.
The end result is a brand new iOS, Android or cross-platform app built entirely from scratch in seconds. Once the new app is created, customers instantly secure the app by selecting their choice of Appdome Mobile App Security features to build-in the required security model directly into the app – all within the same no-code workflow.
Appdome offers SecurePWA as part of Appdome-DEV. SecurePWA dramatically accelerates enterprise mobile strategies. Organizations build true mobile apps from websites in minutes and offer users easy and persistent mobile app access to digital resources, offline use and more, all with the confidence of the enterprise security model chosen by the organization.
- Protects non-public resources by restricting access/navigation to home domain only.
- When enabled, the app will only be able to access trusted domains and sites.
- To enable access to protected resources, see the AUTHENTICATION section for advanced authentication services
- Secure Download: Securely download, store and share files with other apps.
- Secure Upload: Securely upload content to the web service.
- Local Notifications: Present alerts and notifications sent by the web service natively.
- Authentication Domain: Enable the app to authenticate to additional domains (for secure access to protected resources. You can also specify a URL to serve as the entry point to your authentication flow. This can be an IP address, a company portal or an authentication cloud service.
- Biometric Authentication: Adds in-app secure authentication on a per app basis, using native OS controls for the relevant OS (fingerprint, FaceID, TouchID for Android and iOS). When Biometric Authentication is enabled, encryption keys access will require a successful application unlock
- EnterpriseSSO: secure shared authentication state among protected apps
- SharedSignIn: Saved and cached credentials are automatically encrypted and stored securely in a non-shared storage area.
- SecuredCredentials: Saved and cached credentials can be securely shared between protected apps.
- In-App Navigation: Natively navigate between web services and content.
- Use Nav Button: (optional) Place an Action button to enable users to access advanced app functionality.
- Customize Color: (optional) Select your choice color for the background color of your action button
ADVANCED CONFIGURATION OPTION
- Changing a Mobile App’s User-Agent Header without code in an app on Appdome (contact Appdome support for this option).
Prerequisites for Using Appdome’s SecurePWA
- Appdome account
- Appdome-DEV access
- A website address that is accessible from a mobile browser
- Signing Credentials (e.g., signing certificates and provisioning profile)
How to Convert Any Website Into a Secure Progressive Web App (PWA)
Follow these step-by-step instructions to convert any website into a PWA.
- From the Add App tab, Select Create SecurePWA™
- Enter the website address (please validate that the website address is correct and reachable).
- Choose your App Name
- Choose the App platform: iOS, Android or both
- For the iOS platform – upload the Provisioning Profile.
- (optional) Add an icon (if you want to replace the default generated icon)
- (optional) Favicon Settings: add a favicon and adjust its size and position
- (optional) Dev settings – configure the app version and version code
- SiteTrust – (included by default) protects non-public resources by restricting access/navigation to the home domain only.
Congratulations! You now have converted your website to a progressive web app. You can find your PWA in your Appdome account (left navigation menu) with all the other app binaries that you’ve previously added to your account.
After Building Your PWA
After you have converted your website to a PWA, you need to move your PWA through the Appdome workflow. Just like with any other app that you build and secure using Appdome, click on the newly created PWA in your account, then select the services and security features you wish to implement in your PWA. Then click Build My App.
The minimum set of services required to secure your PWA is ONEShield by Appdome. (Appdome’s no-code App shielding/hardening solution). ONEShield prevents tampering, malicious reverse engineering, debugging and any other unauthorized changes to your new PWA. After building ONEShield into your app, you will now have a Secure PWA.
After you finish building your SecurePWA on Appdome, there are a few additional steps needed to complete your project, including signing your app.
Check out this KB on Completing My Appdome Project – final steps