A mobile app is a masterpiece. It is the summation of all of your hard work, design, testing, re-testing, customer feedback and more. You have created the best app you can, and now someone can steal your secret from you. Your algorithms, business logic, and unique data.
The discipline for extracting design from a product is called Reverse-Engineering. There are two main categories of reverse engineering:
- Static: Extracting the design of the application without running it, just inspecting its contents (see the article that explains what constitutes the contents of an iOS and Android application)
- Dynamic: Extracting information about the inner workings of the application by running it in its target or controlled (emulator) environment and using various tools to inspect the data processing of an application while it runs. This is also known as debugging.
This Knowledge Base explains Appdome’s Anti-Debugging capabilities, a key component of ONEShield™ by Appdome, which gets automatically added to every app as part of the Fusion process.
We hope you find it useful and enjoy using Appdome!
About No-Code Anti-Debugging on Appdome
Appdome’s Anti-Debugging counters and stunts malicious dynamic reverse-engineering attempts on your application.
Anti-Debugging will do the following, depending on the platform:
- iOS: Connecting with a debugger will cause the debugging client (lldb) to:
- After a sufficient wait time, the debug session will terminate and the debugger with a crash.
- Attempting to attach to the process with a debugger, tracing tool or code injectors will result in the application misbehaving and eventually terminate.
- Attempting to debug the Java Virtual Machine (JVM) using JDB (or anything that utilizes the JDWP protocol) will disconnect the debugger.
These are the basic measures Appdome takes to make sure an attacker has to resort to other techniques such as tampering and static reversing. Both of which are protected by Appdome’s Anti-Tampering and Anti-Reversing. This three-pronged defense gives an all-around effective hardening for your mobile app.
Prerequisites for using Appdome’s Anti-Debugging
In order to use Appdome’s no code implementation of Anti-Debugging, you’ll need:
- Appdome account – IDEAL or Higher.
- Mobile App (.ipa for iOS, or .apk for Android)
- Signing Credentials (e.g., signing certificates and provisioning profile)
How to Add Anti-Debugging to a Mobile Application on Appdome
Follow these step-by-step instructions to add Anti-Debugging to any mobile app:
Upload a Mobile App to Your Account
Automatic Protection against debugging attempts on your app
Just fuse your app with any solution on the platform.
Anti-Debugging is added automatically to every application as part of the ONEShield™ bundle to every app fused on Appdome.
After Adding Anti-Debugging to a Mobile App on Appdome
After you have added Anti-Debugging to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Add Context™ to the Appdome-Fused App
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
Sign the Anti-Debugging protected Appdome-Fused App (Required)
In order to deploy an Appdome-Fused app, it must be signed. Signing an iOS app and Signing an Android app is easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Deploy the Appdome-Fused App to a Mobile Device
Once you have signed your Appdome-Fused app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-Fused apps, please read this knowledge base.
That is it – Enjoy Appdome’s anti-tampering protection for your app!
How Do I Learn More?
If you are interested in protecting your app, check out Appdome ONEShield, a suite of app protection features.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.