Appdome Mobile Security Suite

Appdome’s Mobile Security Suite is a comprehensive mobile security solution that delivers best practice mobile security functionality to any app on demand, with no coding. Appdome’s Mobile App Security Suite includes five categories of security and mobile app protections, covering every major mobile security category.

This Knowledge Base article provides a comprehensive overview of Appdome’s Mobile App Security Suite.

Mobile App Security Made Easy

Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement mobile app security. Appdome’s Mobile App Security Suite can be added to any iOS or Android app in seconds, with no code or coding.

On Appdome, users merely upload and Android (.apk or .aab) or iOS (.ipa) app, select the new features, SDKs or APIs needed in the apps, and click “Build My App.” There is no development or coding dependencies, no wrappers and no limitation on the development environment used to build the app. Appdome’s technology adds the new features to the mobile app as if the new features were natively coded to the app. Appdome is compatible with all Android and iOS mobile apps, including apps built natively and in non-native development environments like React Native, Cordova, and Xamarin.

Generally speaking, using Appdome requires public data only. For example, Appdome users upload mobile app binaries only (not source code) and implement mobile service vendor SDKs and APIs (all of which are publicly available). Even so, Appdome uses several safeguards to ensure that mobile apps are not malicious, user and project data are safe and access is controlled. Our goal is to protect our users and protect the use of Appdome to facilitate the broad adoption of our service.

The Complete List of Appdome Mobile App Security Suite

Below is a comprehensive listing of all categories, features, and options available in the Appdome Mobile App Security Suite.

ONEShield by Appdome

  • Anti-Debugging – Protects the app from app debugging attempts.
  • Anti-Tampering – Protects the app from all tampering attempts.
  • Prevent Running on Simulators and Emulators – Protects the app by restricting execution to physical mobile devices only.  Mobile simulators are a software application used on a computer as a virtual machine of a mobile device.
  • Detect Debugger Code Manipulations – Attempt to actively detect code manipulations performed by debuggers at run-time.
  • Checksum Validation – Performs a checksum validation on the app to verify app integrity.
  • App Integrity/Structure Scan   – Performs a structure scan of the app to verify app integrity.
  • Anti Reversing – Encrypts key logical elements and resources within your application such as methods, strings, and assets.
  • Obfuscate Built Services – Every application contains (embedded in its code) various string constants such as URLs, tokens, names of files and so forth. These are a lucrative target for attackers as it gives them a very firm foot-hold on what a specific piece of code is responsible for, not to mention that some strings are valuable information in the own right (such as authentication tokens).
    Appdome located those strings and additional resources during the build and encrypts them.  This ensures that they can only be accessed by the application itself. Naturally, if the application has been tampered with, Appdome will not allow access to those strings, thereby foiling attack attempts.

OneShield

 TOTALCode™Obfuscation:

Obfuscate the entire mobile app

TOTALDataTM Encryption

  • Data at Rest Encryption – Protects the data the application creates on the device.  It will also create a secure data container that will prevent other applications from accessing the app’s encrypted data and prevent the same application on a different device to open this encrypted data as well.
    • Smart Media Sharing – With this option enabled, Android MediaPlayer can access encrypted media files, regardless of how the application accesses its files.
    • Exclude Media Files -With this option enabled, media files can be shared to leverage external media apps and browsers
    • Exclude Web Files – With this option enabled, local web file caching is enabled and will not be encrypted for web-intense apps.
  • Encrypt In-App Preferences – Encrypt all configuration files under /shared-prefs in Android and specific keys under NSUserDefaults in iOS.
  • Encrypt Stings and Resources – Encrypts all CFStrings in iOS apps and all Java strings and the assets folder in Android.
  • Smart offline handoff – With this option enabled, Apps developers that require authentication can enable non-authenticated access to some of the files that the app generates.
  • In addition, Appdome offers encryption controls for different app needs:
    • Smart Offline Handoff – With this option enabled, Appdome will decrypt the app’s data only after authentication with a remote server. Additionally, the developer can specify a folder for offline file access, and specify restriction for offline access to that folder.
    • Enable Restore From Backup – With this option enabled, the encryption key will be independent of device data, so migrating or restoring the device will not affect access to encrypted data.
    • In-App Generated Seed – With this option enabled, the app will seed the TotalData-Encryption-Key via event. Until the key is seeded, no files will be encrypted.
  • FIPS 140-2 Cryptographic Modules – Uses FIPS140-2 certified cryptographic modules when encrypting data.
  • APPCode Packer – This encrypts all mobile app’s compiled Java code and decrypts it during the run time while the app is used.  APPCode Packer is compatible with mobile apps built with any development environment including Xamarin, Cordova, native Android apps, React Native, Ionic, and more app environments.

add AES-256 encryption to mobile apps on Appdome

OS Integrity

  • Root or Jailbreak Prevention  – This prevents users from running your Appdome built app on devices that have been jailbroken (iOS) or rooted (Android).
  • Detect SELinux Enforcement – Prevents users from running your Appdome built app on devices with no SELinux enforcement.
  • Detect Unknown Sources – Prevents users from running your built app when they’ve enabled “allow app install from unknown sources” native OS setting is enabled on the device.
  • Detect Developer Options – Prevents apps with “developer options” OS setting on their devices they will not be able to run your app.
  • Detect Banned Devices – detects if the app is running on untrusted or banned devices.
  • Require Security Services – Require additional security services to be installed and activated.
  • Appdome-Dev Events – Let’s you change the default behavior when security events are detected. When In-App Event handling is enabled (ie: the toggle switch is ON), the event is handled by a mechanism within your app. When In-App Event Handling is OFF, the Appdome Security engine handles the event (usually resulting in the app Exiting after displaying a notification to the end-user).

OS-integrity

Secure Communication

  • Trusted Session – validates the authenticity of trusted communication sessions initiated by the app.  It actively validates the session state machine, certificates, and integrity.
    • MiTM Prevention  – Detects and prevents MITM attacks on the application by preventing connections to unknown, untrusted, or malicious proxies or other intermediary devices.
    • Malicious Proxy Detection – detects and prevents MITM attacks on the application by preventing connections to unknown, untrusted, malicious proxies, or other intermediary devices.
    • Prohibit Stale Sessions – detects and prohibits reused sessions and reclaimed SessionIDs.
    • Trust World Wide Public CAs – In-app list of worldwide trusted CAs, independent from any CAs manually added to the device (you can add CAs to this list with Trusted CA Pinning).
    • FIPS 140-2 Cryptographic Modules – implement FIPS 140-2 Compliant Cryptographic Modules in the communication.

    • Appdome also offers additional controls to manages the mobile app’s communication sessions:
      • Trusted CA Pinning – Pin trusted CA certificates to the app, that will be added to the session validation.
        • Trust Listed CAs Only – When this option is enabled, all non-secured communication without the trusted CAs listed by the user in the above toggle will block by Appdome’s Trusted Session feature.
      • Enforce Cipher Suites – Limit allows cipher suites to a pre-defined list.
      • Enforce TLS Version – Limit communication to TLS version 1.2.
      • Enforce Strong RSA Signature – enforces leaf and intermediary certificates received from the server to be signed with a Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits.
      • Enforce Strong ECC Signature – enforces leaf and intermediary certificates received from the server to be signed with an Elliptic-Curve Cryptography (ECC) key with a size of at least 256 bits.
      • Enforce SHA256 Digest – enforce server certificate signatures to use at least a SHA256 certificate hashing algorithm.
      • Enforce Certificate Roles – Protect against MitM attacks using certificates signed by unauthorized leaf certificates.
      • IP Address Visibility – Make real IP addresses visible to the built app.
      • Permit DNS over TCP –  allow DNS connections requests over TCP (rather than UDP) to pass undisrupted.
      • Static Client Pinning – Pin a static client certificate to authenticate connections.
  • URL Whitelisting – Ensures that the built app can only connect to a trusted set of destinations or hosts, that you must specify in the URL List setting.
  • Appdome-Dev Events – Let’s you change the default behavior when security events are detected. When In-App Event handling is enabled (ie: the toggle switch is ON), the event is handled by a mechanism within your app. When In-App Event Handling is OFF, the Appdome Security engine handles the event (usually resulting in the app Exiting after displaying a notification to the end-user).

Mobile Privacy

  • Copy/Paste Protection – Prevents application data from being copied and pasted outside of the application.
  • Prevent App Screen Sharing – Prevents screenshots of the Built app and disables screen sharing when presenting or mirroring from a PC.
  • Blur Application Screen – When enabled, this blurs the application preview screen whenever minimized, protecting selective data from being visible outside the app.
  • Keylogging Preventions – Disallow all non-OS official keyboards or allow a specific set of keyboards to be used with the application.

Appdome’s App Security Suite is perfect for mobile developers to help them release secure apps from the first use.  Building apps on Appdome don’t impact your app functionality or add time to your development cycle.  It’s fast, easy, and non-intrusive.

How Do I Learn More?

To learn more about how you can add security to any mobile app, visit the Appdome Mobile Security page on our website or request a demo at any time.

Please view our video on Fusing app(s) with security end-to-end here.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.  

Paul Levasseur

Have a question?

Ask an expert

YotamMaking your security project a success!