“Tampering: The illegal act of touching or making changes to something when you should not” (Cambridge Dictionary).
An application is a masterpiece. It is the summation of all of your hard work, design, testing, re-testing, customer feedback and more. You have created the best app you can, and now, someone can take it, change it as they see fit, replace its colors, schemes and make it do stuff you do not subscribe to. Sounds horrible right? Many apps today are tampered with, re-packaged, re-distributed, and modified at will by malicious parties looking to either re-use your unique advantage or harvest your users’ data by providing them with fake applications that look like yours.
As you may understand, tampering in any context, and especially when it comes to mobile applications is bad news. Tampering may be used to make your application do things you never intended it to do, like prompt your user for their credit card number, or send off their private communications to an extra destination.
Tamper Prevention is the act of hardening an application against such changes.
This Knowledge Base explains Appdome’s Anti-tampering capabilities, a key component of ONEShield™ by Appdome, which gets automatically added to every app as part of the Fusion process.
We hope you find it useful and enjoy using Appdome!
About No-Code Tamper Prevention on Appdome
Tamper prevention, or how we call it at Appdome: “Anti-Tampering” is added automatically to every application as part of the fusion process. So whether you chose to integrate with Intune, TOTALDataTM Encryption or SSO with Okta, your fused app will be tamper proof. This is done by sealing your app and actively detecting modifications at run-time. This makes sure no one can re-distribute your app and steal your thunder.
Anti-Tampering will protect against the following static and dynamic modifications to the application:
- Resigning the application
- Modifying the Appdome adapter
- Modifying the application’s executable
- Moving the application’s sandbox under the name of a different package
It goes without saying that any modification that impacts the application in a bad way (deleting files) will also damage the fused application.
What will happen if the application gets tampered?
Thanks to Appdome’s anti-tampering, any tampering will result in the application misbehaving in a random fashion, shortly after which it will terminate.
The reason for this “random” misbehaving is to not give the attacker a clear clue of what exactly went wrong and to make each “crash” unique.
Prerequisites for Using Appdome’s Anti Tampering
In order to use Appdome’s no code implementation of Anti-Tampering, you’ll need:
- Appdome account – IDEAL or Higher.
- Mobile App (.ipa for iOS, or .apk for Android)
- Signing Credentials (e.g., signing certificates and provisioning profile)
How to add Anti-Tampering to any application on Appdome
Follow these step-by-step instructions to add Anti-Tampering to any mobile app.
Upload a Mobile App to Your Account
Automatic Protection against tampering attempts on your app
As mentioned earlier, Anti-Tampering gets added automatically to every application as part of the fusion process.
After Adding Anti-Tampering to a Mobile App on Appdome
After you have added Anti-Tampering to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Add Context™ to the Appdome-Fused App
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
Sign the Anti-Tampering protected Appdome-Fused App (Required)
In order to deploy an Appdome-Fused app, it must be signed. Signing an iOS app and Signing an Android app is easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Make sure however that you sign with the same credentials you provided, otherwise you will trigger anti-tampering on your own application. Anti-Tampering is blind, it does not have any “backdoors” and can not be fooled.
If you want to make sure you signed with the correct signature you can use Appdome’s App Validation.
Deploy the Appdome-Fused App to a Mobile Device
Once you have signed your Appdome-Fused app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-Fused apps, please read this knowledge base.
That is it – Enjoy Appdome’s anti-tampering protection for your app!
How Do I Learn More?
If you are interested in protecting your app, check out Appdome ONEShield, a suite of app protection features.
If you have any questions, please send them our way at email@example.com or via the chat window on the Appdome platform.