Mobile App Threat Intelligence in Swift Apps

Introduction

This Knowledge Base article reviews in detail how users can build mobile threat intelligence in Swift apps.

Appdome Security Alerts, Threat Events™, is part of the Appdome Mobile Security Suite.

We hope you find it useful and enjoy using Appdome!

Prerequisites for Building Mobile Threat Intelligence in Swift Apps

Before enabling Threat-Events, follow these steps below for Swift apps to handle the incoming security events in your application (the following example is written on Swift 5 version):

Download the code – Swift code

Add the following lines to your app which follow and receive Appdome Security Events:

let center = NotificationCenter.default

center.addObserver(forName: Notification.Name("BlockedKeyboardEvent"), object: nil, queue: nil) { (note) in
NSLog("BlockedKeyboardEvent Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let blocked = usrInf["blocked"]; // True/false
let keyboard = usrInf["keyboard"]; // keyboard package
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("BlockedClipboardEvent"), object: nil, queue: nil) { (note) in
NSLog("BlockedClipboardEvent Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let blocked = usrInf["blocked"]; // True/false
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("JailbrokenDevice"), object: nil, queue: nil) { (note) in
NSLog("JailbrokenDevice Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let internalError = usrInf["internalError"]; // jailbreak reason
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslCertificateValidationFailed"), object: nil, queue: nil) { (note) in
NSLog("SslCertificateValidationFailed Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}

center.addObserver(forName: Notification.Name("SslServerCertificatePinningFailed"), object: nil, queue: nil) { (note) in
NSLog("SslServerCertificatePinningFailed Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("UrlWhitelistFailed"), object: nil, queue: nil) { (note) in
NSLog("UrlWhitelistFailed Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let host = usrInf["host"]; // the host on which the error occurred
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("BlockedScreenCaptureEvent"), object: nil, queue: nil) { (note) in
NSLog("BlockedScreenCaptureEvent Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let context = usrInf["context"]; // capturing event type
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslIncompatibleCipher"), object: nil, queue: nil) { (note) in
NSLog("SslIncompatibleCipher Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let incompatibleCipherId = usrInf["incompatibleCipherId"]; // the incompatible cipher id
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslIncompatibleVersion"), object: nil, queue: nil) { (note) in
NSLog("SslIncompatibleVersion Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let incompatibleSslVersion = usrInf["incompatibleSslVersion"]; // the incompatible SSL/TLS version
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslInvalidCertificateChain"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidCertificateChain Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslInvalidMinRSASignature"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidMinRSASignature Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslInvalidMinECCSignature"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidMinECCSignature Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}


center.addObserver(forName: Notification.Name("SslInvalidMinDigest"), object: nil, queue: nil) { (note) in
NSLog("SslInvalidMinDigest Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let certificateSHA1 = usrInf["certificateSHA1"]; // the certificate sha1 fingerprint
let certificateCN = usrInf["certificateCN"]; // the certificate CN (common name)
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}

center.addObserver(forName: Notification.Name("SslNonSslConnection"), object: nil, queue: nil) { (note) in
NSLog("SslNonSslConnection Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let deveventDetailedErrorMessage = usrInf["deveventDetailedErrorMessage"]; // detailed error message
let host = usrInf["host"]; // the host on which the error occurred
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}

 

To receive Appdome One Shield Threat Events, add the following lines to your app:

let center = NotificationCenter.default

center.addObserver(forName: Notification.Name("AppIntegrityError"), object: nil, queue: nil) { (note) in
NSLog("AppIntegrityError Threat-event received")
guard let usrInf = note.userInfo else {
return
}

var message = "";
let defaultMessage = usrInf["defaultMessage"]; // message passed during fusion
let blocked = usrInf["blocked"]; // True/false
let reason = usrInf["reason"]; // the cause which triggered the Anti-Tampering protection
let timestamp = usrInf["timestamp"]; // UNIX timestamp when event happened
let deviceID = usrInf["deviceID"]; // unique mobile device identifier
let deviceModel = usrInf["deviceModel"]; // mobile device model
let osVersion = usrInf["osVersion"]; // The mobile device OS version
let kernelInfo = usrInf["kernelInfo"]; // Kernel information and details
let deviceManufacturer = usrInf["deviceManufacturer"]; // mobile device manufacturer
let fusedAppToken = usrInf["fusedAppToken"]; // Built App Token
let carrierPlmn = usrInf["carrierPlmn"]; // carrier identity number (PLMN code)
}

You are welcome to view the source code of our sample app – SingleDevEventObjCSample

How to Add Threat-Events™ to Any Mobile App(s) on Appdome

Follow the step-by-step instructions in this knowledge base to add Threat-Events™ to your Swift mobile App.

That is it – Enjoy Appdome with Threat-Events™ in your app!

To zoom out on this topic, visit the Mobile App Security page on our website.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Liron Dror

Have a question?

Ask an expert

EvgenyMaking your security project a success!