Trusted Session & IP Address Visibility to prevent MiTM attacks

Learn how to prevent man-in-the-middle attacks (MiTM) using Appdome. This Knowledge Base article explains how to implement the Appdome Trusted Session feature to prevent mobile Man-in-the-middle attacks. The article also explains how Appdome’s “IP Address Visibility” setting works when you implement Appdome Trusted Session.

What is Appdome?

Appdome is a mobile integration platform as a service (iPaaS) that enables anybody to add a wide variety of features, SDKs, and APIs to Android and iOS applications. Using a simple ‘click to add’ user interface, Appdome enables anyone to easily implement mobile app security in any iOS or Android app – instantly, no code or coding required.

Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement Trusted Session to prevent MitM attacks.  Trusted Session can be added to any iOS or Android app in seconds, with no code or coding.

Prevent Man-In-The-Middle Attacks With Trusted Session

You can implement Appdome Trusted Session to prevent man-in-the-middle attacks and other forms of session hijacking.  Appdome also protects any app from malicious proxies, modified or untrusted Certificates, and Stale Session renewal.

Appdome Trusted Session validates the authenticity of communication sessions initiated by the app or the server. This includes actively validating TLS/SSL certificates, CAs, session state to prevent any unauthorized modifications.

When implemented in a mobile app, Appdome Trusted Session technology prevents hackers from gaining control over the session before the TLS handshake completes.   When the application starts the SSL Handshake with the server, Appdome’s Trusted Session technology inspects the traffic for anything that looks suspicious. When triggered, the Trusted Session will automatically notify the user of the compromise and drop the connection.

Appdome Trusted Session feature

When you build your app with Appdome Trusted Session enabled, you can also enable one or more “Session Control” options, including “IP Address Visibility”.   

IP Address Visibility

When an application establishes a connection, some components might alter the IPs that the application sees. Building your application with IP Address Visibility ensures that the IP addresses Appdome reports to your application are real IP addresses of the destinations. This is important when you are auditing the IP addresses your application uses.

Prerequisites for using “IP Address Visibility” feature in Appdome Trusted Session

How to Add Trusted Session and IP Address Visibility to Any Mobile App  

Follow these step-by-step instructions to enable Appdome Trusted Session and IP Address Visibility to a mobile app.

Upload a Mobile Application to Your Account

Please follow these steps to add a mobile application to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

From the “Build” tab, go to the Security menu

  • Click  Secure Communications to expand the bundle.
  • Click on the toggle to enable Trusted Session.
  • Expand the sub-bundle Session Control.
    • (optional) Use IP Address Visibility to ensure that all IP addresses that the application uses to make connections are the real IP addresses of the destination (as explained above)
  • Click Build My App

prevent man-in-the-middle-attacks with trusted session (IP Address Visibility)

 

The technology behind Build My App has two major elements – (1) a microservices architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the application to the relevant code-sets needed to add the requested service to the mobile application in seconds.

Congratulations! When your integration is complete, you will see the notice below. You now have a mobile app fully integrated with Trusted Session.
Appdome Fusion Success Notification

What to do After I Build My App?

That is it – You now have a new app built with Appdome’s Trusted Session and IP Address Visibility.

After you have added Secure Communication to any mobile application on Appdome, there are a few additional steps needed to complete your project.

How Do I Learn More?

Check out the Appdome Trusted Session KB for more detail on Trusted Session and other optional features available.

To zoom out on this topic, visit Appdome for Mobile App Security on our website or request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Alan Bavosa

Have a question?

Ask an expert

ScottMaking your security project a success!