How to implement Appdome's ONEShield Threat Events

Introduction

Appdome users can consume and obtain analytic information regarding Appdome detected security-related events on their mobile app.
This knowledge base article reviews in detail how users can configure Appdome’s ONEShield Threat Events for the apps they Build on Appdome.

About Appdome’s ONEShield Threat Events

Appdome’s ONEShield Threat-Events framework provides mobile app developers with the ability to consume and process security-related events sent by the Appdome events layer to the mobile app.
Security-related events include information such as the type of event detected, the security posture of the app and the environment, as well as information specific to the event type.

When an ONEShield Threat event is detected by Appdome, the event can be handled by your app or handled by Appdome’s security engine:

  • In-App Detection – When a security event is detected by Appdome, Appdome will pass the event between the Appdome layer to the app. The event will be handled by your app.
  • In-App Defense – When a security event is detected by Appdome, Appdome will pass the event between the Appdome layer to the app. The event will be handled by Appdome’s security engine: a compromise notification will be shown to the user and Appdome will close the app.

 

By design, when the mobile application registers to receive Appdome Threat-Events, Appdome will send an initial event. If a threat event was detected by Appdome during the app launch/run, the initial event will hold the triggered security event details. In case that no threat event was triggered, the initial event will only indicate a successful registration to Appdome’s Threat-Events (the events fields will hold no data).

 

Appdome’s Security Threat events

Appdome users can configure additional Security Threat Alerts with Appdome built apps. Appdome Security Threat Alerts is part of the Appdome Mobile Security Suite. Review this Knowledge Base article for more details on how users can configure Security Threat Alerts for the apps they Build on Appdome.

 

Appdome’s ONEShield Threat-Events Configuration On Android Apps

On Android mobile devices, ONEShield Threat Events are usually implemented using Broadcasts and BroacastRecievers. This broadcast mechanism is the simplest most convenient way to consume events in an Android app and is available throughout all major programming languages and development frameworks.

Appdome automatically secures the data between the app and the appdome events layer by adding custom permission to the application manifest with a protection level type signature. This custom permission is unique to each app built on appdome. In addition, Appdome enforces ONEShield Threat-Events calls to sendBroadcast and registerReceiver to include these permissions. Developers do not need to implement a security handshake in the app.

When a user implements Appdome’s ONEShield Threat-Events, Appdome secures his app in one of the following methods:

  1. (Recommended) If the user follows the examples and instructions according to our Knowledgebase articles (see links below) and implements the regular broadcasts, Appdome will add the unique custom permission.
  2. If the user implements his internal permissions and calls versions of sendBroadcast and registerReciever calls with permission, Appdome service will detect it and will not modify the permission.
  3. If the user chooses to implement Google’s LocalBroacastManager, Appdome service will detect it and will not modify the permission.

 

How to implement Appdome’s ONEShield Threat-Events on your Mobile App

Follow the instructions on the knowledge-based article below that match your application framework:

Prerequisites

 

Appdome ONEShield Threat-Events Structure

Each Appdome ONEShield Threat-Event is a set of key/value dictionary. Both key and value are strings: Java Strings for Android App, and NSString for iOS Apps.

An event for Appdome’s Anti-Tampering Prevention

  • reason – The cause which triggered the threat event
  • timestamp – The UNIX epoch timestamp of the event
  • defaultMessage – The message that would be shown to the user in enforcement mode
  • deviceID – Unique mobile device identifier
  • deviceModel –  Mobile device model
  • osVersion – The mobile device OS version
  • kernelInfo – Kernel information and details
  • deviceManufacturer – mobile device manufacturer
  • fusedAppToken – Built App Token
  • carrierPlmn – Carrier identity number (PLMN code)
  • deviceBrand – Mobile device brand (for Android devices)
  • deviceBoard – The board the mobile device is based upon (for Android devices)
  • buildHost – Build server of the ROM (for Android devices)
  • buildUser – The user who ran the build of the ROM (for Android devices)
  • sdkVersion – For Android devices, the Android SDK version.

 

How to Implement Appdome ONEShield Threat-Events to Any Mobile App(s) on Appdome

Follow these step-by-step instructions to implement Appdome ONEShield Threat-Events to Any Mobile App:

Upload a Mobile App to Your Account

Please follow these steps to add mobile apps to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

From the Build tab, select Security

Expand the ONEShield category.
Under the Anti-Tampering category, checked the Threat Events checkbox, and choose the notification mode (In-App Detection or In-App Defense)

Click Build My App

 

The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add ONEShield Threat-Events to the mobile app in seconds.

Congratulations! You now have a mobile app Built with ONEShield Threat-Events™.

After Implementing Appdome ONEShield Threat-Events™ to your Mobile App 

After you have added ONEShield Threat-Events™ to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.

Add Context™ to the Appdome Built App

Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.

Sign the ONEShield Threat-Events™ Enabled Appdome Built App (Required)

In order to deploy an Appdome Built app, it must be signed. Signing an iOS app and Signing an Android is easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app, and sign locally using your own signing methods.

Deploy the Appdome App to a Mobile Device

Once you have signed your Appdome Built app, you can download it to deploy it using your distribution method of choice. For more information on deploying your Appdome Built apps, please read this knowledge base.

That is it – Enjoy Appdome with ONEShield Threat-Events™ in your app!

To zoom out on this topic, visit the Mobile App Security page on our website.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Liron Dror

Have a question?

Ask an expert

EnrikaMaking your security project a success!