How to Use Appdome Threat Events in Android and iOS apps
Developers can use mobile app threat intelligence with Appdome built apps! After you configured the app, it can receive all security alerts when they occur with iOS and Android apps.
This Knowledge Base article reviews in detail how users can use Threat Events to respond or enforce actions after Appdome detects a security event in a mobile app.
About Appdome Mobile App Threat Events
Threat-Events use industry-standard notification methods to pass events between the Appdome layer to the app, informing the app any time a malicious event occurs against or in respect of the Appdome protected app.
When a security event is detected by Appdome, the event can be handled by your app or handled by Appdome’s security engine:
In-App Detection – When a security event is detected by Appdome, Appdome will pass the event between the Appdome layer to the app. The event will be handled by your app.
In-App Defense – When a security event is detected by Appdome, Appdome will pass the event between the Appdome layer to the app. The event will be handled by Appdome’s security engine: a compromise notification will be shown to the user and Appdome will alter the behavior of an app depends on the threat event that occurred. For example, closing the app, disabling functionality in the app, scoring the threat, etc.
Enforce Connection Only (only for Secure Communication/MitM Attack Prevention and Secure Certificate Pinning) When a security event is detected by Appdome, Appdome will pass the event between the Appdome layer to the app. The event will be handled by Appdome’s security engine: a compromise notification will be shown to the user and Appdome will block the connection which triggered the event.
By design, when the mobile application registers to receive Appdome Threat-Events, Appdome will send an initial event. If a security event was detected by Appdome during the app launch/run, the initial event will hold the triggered security event details. In case that no security event was triggered, the initial event will only indicate a successful registration to Appdome’s Threat-Events (the events fields will hold no data).
How to Implement Appdome Threat-Events
On Android mobile devices, security events are usually implemented using Broadcasts and BroacastRecievers, which are broadcasted freely to all the applications on the device by default. This mechanism is the simplest Android communication system to implement.
Appdome secures the data that is transferred via Appdome’s Threat-Events on Android, by adding custom permission to the application manifest with protection level “signature”. This custom permission is unique to each system/app. In addition, Appdome modifies all calls to sendBroadcast and registerReciever on the binary level to be sent with that permission.
When a user implements Appdome’s Threat-Events, Appdome secures his app in one of the following methods:
(Recommended) If the user follows the examples and instructions according to our Knowledgebase articles (see links below) and implements the regular broadcasts, Appdome will add the unique custom permission.
If the user implements his internal permissions and calls versions of sendBroadcast and registerReciever calls with permission, Appdome service will detect it and will not modify the permission.
If the user chooses to implement Google’s LocalBroacastManager, Appdome service will detect it and will not modify the permission.
Using Appdome Mobile App Threat Intelligence in Specific Frameworks
Follow the instructions on the knowledge-based article below that match your application framework:
defaultMessage – The message the user entered on Appdome platform, under the selected Appdome security event option (unless modified by the user, Appdome will use the default message).
deviceID – unique mobile device identifier
deviceModel – mobile device model
Host – the host on which the error occurred.
osVersion – The mobile device OS version
kernelInfo – Kernel information and details
deviceManufacturer – mobile device manufacturer
fusedAppToken – Built App Token
carrierPlmn – carrier identity number (PLMN code)
deviceBrand – mobile device brand (for Android devices)
deviceBoard – the board the mobile device is based upon (for Android devices)
buildHost – build server of the ROM (for Android devices)
buildUser – the user who ran the build of the ROM (for Android devices)
sdkVersion – For Android devices, the Android SDK version.
Click on the toggle to enable Jailbreak Prevention / Root Prevention, checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Click on the toggle to enable Detect Unknown Sources (Android), checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Click on the toggle to enable Detect Developer Options, checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Click on the toggle to enable Detect Banned Devices(android), checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Click on the toggle to enable Require Security Services(android), checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Expand the Secured Communication category (optional)
Click on the toggle to enable Trusted Session, checked the Threat events checkbox, and choose the notification mode (In-App Detection, In-App Defense or Notify on Network Enforcement).
Click on the toggle to enable SecureAPI™, checked the Threat events checkbox, and choose the notification mode (In-App Detection, In-App Defense or Enforce Connection Only).
Click on the toggle to enable Enforce Cipher Suites, checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Click on the toggle to enable Enforce TLS Version, checked the Threat events checkbox, and choose the notification mode (In-Appn Detection or In-App Defense).
Click on the toggle to enable Enforce Certificate Roles, checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Click on the toggle to enable Enforce Strong RSA Signature, checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Click on the toggle to enable Enforce Strong ECC Signature, checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Click on the toggle to enable Enforce SHA256 Digest, checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Click on the toggle to enable URL Whitelisting, checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Expand the Mobile Privacy category (optional)
Click on the toggle to enable Copy/Paste Prevention, checked the Threat events checkbox, and choose the notification mode (In-App Defense).
Click on the toggle to enable Prevent App Screen Sharing (iOS), checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Click on the toggle to enable Keylogging Prevention, checked the Threat events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
Click Build My App
The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add Threat-Events to the mobile app in seconds.
Congratulations! You now have a mobile app Built with Threat-Events™.
No Coding Dependency
Using Appdome, there are no development or coding prerequisites to build secured apps with Jailbreak prevention. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.
How to Sign & Publish Secured Mobile Apps Built on Appdome
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.