How to Prevent Fake iOS Apps using Signature Validation

Fraudsters and other cyber-criminals often use various methods and techniques to create fake apps by copying or cloning existing popular apps and then repackaging, re-signing, and re-distributing those apps on alternative, malicious or non-approved app stores. it is fairly easy for malicious actors to publish fake, malicious or pirated apps on app stores other than Apple’s App Store.u00a0 They only need to download a target app (such as your app) on a Jailbroken mobile device, modify the app, and then repackage, re-sign, and re-distribute the fake or pirated mobile app to any app store they want.

For additional information, see Top Reasons Cyber-criminals Publish Mobile Apps on Alternative App Stores.

Optimize File Size via the Favor App’s Size Option

Obfuscation reduces the efficiency of compression algorithms, so obfuscating all the code in the app may increase its file size significantly. Excluding publicly available elements for obfuscation decreases the size of the built app.

Understanding Appdome Version Numbering

Starting from the December 2022 release, Appdome version number is now presented by default to the user with the revision number. This means that the version number includes four…

Smart Offline Handoff

Mobile TOTALData Encryption is used for protecting data stored within a mobile app. Smart Offlineu00a0Handling is an extension to Appdome TOTALData Encryption, which allows developers of apps that require authentication to enable access to some of the files that the app generates.
With Appdome TOTALDataTM Encryption, all data stored inside the mobile app (including media files) is encrypted at run-time by using industry-standard AES-256 cryptographic protocols. When the Appdome Smart Offline Handoff option is enabled, Appdome decrypts the appu2019s data only after the user successfully authenticates.
Additionally, the developer can specify a folder for offline file access, along with the required conditions that must be met in order to permit offline access to the data (for example the required conditions may include a time expiration, or require additional authentication, such as a pincode or biometric authentication). To enable this feature you need to toggle on the Require Local Authentication feature.
Another way to enhance the security in this feature, is to enable Store in Protected Memory toggle. This enables storing the encryption key used for the offline folder in an encrypted memory segment, thereby preventing attackers from seeing the key when dumping the application’s memory.

Kotlin Obfuscation

Kotlin is a cross-platform programming language, which is designed to fully interoperate with Java. For several years Kotlin has been approved by Google as a preferred language for Android app developers.

Since 2017, Kotlin has been included in Android Studio as an alternative to the standard Java compiler.

Blocking Suspicious Accessibility Services

Android Accessibility Servicesu00a0 enable Android apps to assist individuals with disabilities in overcoming their challenges when using their smartphones. An example of such services is a screen reading utility. Such a utility (app) makes texts accessible to the blind or visually impaired by providing talking feedback in response to user manipulations and gestures such as swiping, dragging, or using an external keyboard.

When users download these apps, they need to enable Accessibility Permissions in order to take advantage of these benefits.

Detecting Deep Proxy

This Knowledge Base article provides information about the detection and prevention of deep proxy attempts.
What is Deep Proxy?
Unlike malicious proxies, which involves connections from untrusted sources, deep Proxy…

Uploading a Mobile App to Appdome

The very first step of working with Appdome is to upload a mobile app.

To upload a mobile app to Appdome:

Click Add App on the left.

The dialog box that opens…