Threat-Events in Android & iOS Apps Explained

Last updated December 5, 2023 by Appdome

Developers can use mobile app threat intelligence with Appdome-built apps. After configuring the app, it can receive all security alerts when they occur with iOS and Android apps.

This Knowledge Base article reviews in detail how users can use Threat-Events to respond or enforce actions after Appdome detects a security event in a mobile app.

About Appdome Mobile App Threat-Events

Appdome Threat-Events use industry-standard notification methods to pass events from the Appdome layer back to the application so that the application can take further action whenever Appdome detects malicious events against an Appdome-protected app.

When a security event is detected by Appdome, the event can be handled in one of the following ways:

  • In-App Detection – Appdome detects the attack or threat and passes the event in a standard format to the app for processing (your app chooses how and when to enforce).
  • In-App Defense – When a security event is detected by Appdome,it will pass the event from the Appdome layer to the app. Appdome’s security engine will handle the event, the default behavior is for the app to exit after displaying a compromise notification to the end user (compromise notifications are customizable).
  • Enforce Connection Only (for Secure Communication/MitM Attack Prevention and Secure Certificate Pinning only) When a security event is detected by Appdome, it will pass the event from the Appdome layer to the app and will block the connection that triggered the event.

By design, when the mobile application registers to receive Appdome Threat-Events, Appdome will send an initial event. If a security event is detected by Appdome during the app launch/run, the initial event will hold the triggered security event details. If no security event is triggered, the initial event will only indicate a successful registration to Appdome Threat-Events (the event fields will hold no data).

Threat-Event Failsafe Enforcement

When the Failsafe Enforcement toggle is enabled, the selected In-App Detection Threat-Event undergoes a hardening process. Appdome not only sends threat data to the app but also implements delayed enforcement against the identified threat. This mode grants the protected app the ability to manage the user experience (UX) when informing the end user about the threat, while delegating the actual enforcement to Appdome.

By leveraging the Failsafe Enforcement functionality, mobile app developers unlock enhanced User Experience options, offering added layers of notification sophistication through features such as the App Compromise Notification and versatile Short Message Options.
Note: The Short Message Options is available for Android apps only.

To control the timing of Appdome’s enforcement, the protected app sends a Threat-Event to Appdome using the event name “EnforceThreatEvent” at any point within the defined Fail-Safe window, the duration for which is defined in milliseconds.

The enforcement action will occur at the earliest of two scenarios: (1) the protected app has sent the “EnforceThreatEvent” to Appdome, or (2) Appdome did not receive a response from the protected app within the Fail-Safe window.

 

Root Detection Failsafe Enforcement[toggle]

About Appdome Threat-Event Score

Appdome Threat-Event Score is used for advanced threat handling and response. With Threat-Event Score, you can configure each Threat-Event with a unique score in order to value the importance of a particular threat and/or prioritize how threats are handled after Appdome detects a threat.

Risk scoring allows users to get a threat evaluation based on multiple selected Threat Events at a given time. By assigning a risk weight to each Threat-Event, you can prioritize the importance of each event in the total risk assessment.

Appdome divides the Threats into two groups: consistent and volatile. Whereas consistent events affect the total score for the entire session of the app, volatile events only affect the total score for a short period of time. Consistent events include root detection and tampering with the app. All other events are considered volatile.

When activating the Threat-Event Score toggle on Appdome, you can set a numerical value (between 1-1000) that you can set for each applicable Threat-Event for any Android or iOS app. This additional scoring attribute is passed as part of an Appdome Threat-Event. Threat-Event Score attributes are persistent (i.e., fixed) in each mobile app build. To update a Threat-Score to reflect a new risk profile for the app or a given threat, you can re-build the app with a new Threat-Event Score on Appdome.

The Threat-Event Score can be set or adjusted according to a user-defined risk model. Threat-Event Scores can be assigned to multiple threats, allowing you to set a threshold for when a security action or workflow will be taken. With Threat-Event Score, developers are enabled to customize the enforcement model and tailor the user experience according to the relative or absolute importance, criticality, or severity level of each threat.

How to Implement Appdome Mobile App Threat-Events in Android and iOS Apps

Follow these step-by-step instructions to implement Appdome Threat-Events in any iOS or Android app. Two examples are provided below. Follow the instructions on the knowledge-based article for each Appdome security protection that includes Threat-Events, which includes code samples.

Note: For instructions about implementing threat events in Java code, see the Knowledge Base article Implementing Threat Events in Code.

Prerequisites to using Appdome Mobile App Threat-Events

After uploading your app to Appdome, select the ‘Security’ tab. Expand the OS Integrity category (optional).

  1. Click on the toggle to enable Jailbreak Prevention/ Root Prevention, check the Threat Events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
  2. Click on the toggle to enable Detect Unknown Sources (Android), select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
  3. Click on the toggle to enable Detect Developer Options, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
  4. Click on the toggle to enable Detect Banned Devices (Android), select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).Root Detection

Expand the Secured Communication category (optional)

  1. Click on the toggle to enable Android/iOS MiTM Prevention, select the Threat Events check box, and choose the notification mode (In-App Detection, In-App Defense or Notify on Network Enforcement).
  2. Click on the toggle to enable Secure Certificate Pinning, select the Threat Events check box, and choose the notification mode (In-App Detection, In-App Defense or Enforce Connection Only).
  3. Click on the toggle to enable Enforce Cipher Suites, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
  4. Click on the toggle to enable Enforce TLS Version, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
  5. Click on the toggle to enable Enforce Certificate Roles, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
  6. Click on the toggle to enable Enforce Strong RSA Signature, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
  7. Click on the toggle to enable Enforce Strong ECC Signature, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
  8. Click on the toggle to enable Enforce SHA256 Digest, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
  9. Click on the toggle to enable URL Whitelisting, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).

Android Mitm Prevention

Expand the Mobile Privacy category (optional)

  1. Click on the toggle to enable Copy/Paste Prevention, select the Threat Events check box, and choose the notification mode  (In-App Defense).
  2. Click on the toggle to enable Prevent App Screen Sharing (iOS), select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).

 

Mobile Privacy

How to Add Threat-Event Score to an Android or iOS App

With Threat-Event turned ON for any applicable feature, turn ON Threat-Event Score and set the Threat-Score to the requested value (1-1000) for each attack or threat.

Mobile

After you have finished making your selections, Click Build My App

success

The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add Threat-Events to the mobile app in seconds.

Congratulations! You now have a mobile app Built with Threat-Events™.

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps by using Appdome.  There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome

After successfully securing your app by using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include

Alternatively, see this quick reference guide Releasing Secured Android & iOS Apps built on Appdome.

Related Articles

How to Learn More

If you want to learn how to troubleshoot common issues with the implementation of threat events, check out the KB article Implementing  Threat Events – Best Practices.

If you want to use Threat-Events to respond to threats detected by Appdome ONEShield, check out this KB article on ONEShield Threat Events.

To zoom out on this topic, visit the Mobile App Security page on our website.

Check out the full menu of features in the Appdome Mobile Security Suite.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Or request a demo at any time.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

 

Appdome

Want a Demo?

Threat-Events™ UX/UI Control

AlanWe're here to help
We'll get back to you in 24 hours to schedule your demo.