Learn how to prevent mobile data exploits with data-at-rest encryption in Android & iOS apps in minutes, without coding. Appdome makes it easy for developers to protect mobile user data fast.
Mobile TOTALDataTM Encryption is used to protect data stored within a mobile app.
This Knowledge Base article describes Appdome’s mobile TOTALDataTM Encryption suite and explains how to add it to any mobile app. With TOTALData™ Encryption, Appdome protects all three states of mobile app data: data at rest, data in transit and data in use.
We hope you find this knowledge base useful and enjoy using Appdome!
There are three states in which data exists in mobile apps:
Appdome is a no-code mobile security and development platform that enables anyone to add a wide variety of features, SDKs, and APIs to Android and iOS apps – instantly, without coding. Using a simple ‘click to add’ user interface, Appdome allows developers or non-developers to easily implement mobile security in any mobile app – instantly, no code or coding required. Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there is no requirement to implement encryption libraries or intercept all writing of files to the sandbox.
Appdome offers TOTALDataTM Encryption as part of the Appdome Mobile Security Suite. Data at rest (DAR) and Data in use (in-memory) encryption can be enabled in TOTALData Encryption.
With Appdome Data at Rest encryption, all data generated by the app is encrypted at runtime using industry-standard AES 256 cryptographic protocols. You can also choose to encrypt data in use/in memory, where all data temporarily stored in application memory is encrypted before it is sent/saved. With Appdome, encryption is accomplished dynamically, without any dependencies on the data structure, databases or file structures.
Appdome uses AES-CTR 256 bit encryption, which is faster when accessing partial files (i.e. when reading a buffer from a file or mapping a part of a file into memory). This is much more efficient than the AES-CBC encryption used by most Third-party SDKs and encryption libraries (which forces encryption/decryption of the entire file even when it only needs to read a small block within it).
Appdome’s mobile TOTALDataTM Encryption implementation does not impact app behavior. This results in a consistent and easy to implement experience, as opposed to a DIY approach which would require the mobile developer to choose encryption components from a wide variety of libraries, cipher strengths, and key stores (and then need to integrate them together).
Like all integrations on Appdome, customers can integrate just data at rest or data in use encryption, or they can combine this feature with any or all other features from Appdome’s Mobile Security Suite. They can even combine Appdome Mobile Security with multiple 3rd party SDKs and APIs, forming countless numbers of service combinations and integrations into any mobile app. On Appdome, there’s never any coding and all integrations are completed in under a minute.
Appdome also provides options for customers to exclude certain files or folders from being encrypted. There is an option to automatically exclude all media files from being encrypted. And there is another option to name specific files that you wish to be excluded from encryption. For more information about TOTALDataTM Encryption check out our blog and our troubleshooting article.
Appdome dynamically generates symmetric data encryption keys at runtime. Keys are generated by Appdome by using industry-standard AES mechanisms. Keys are never stored on the device and are derived at run-time. In addition, Appdome can factor in additional contextual information such as bundle ID, device ID, checksums, user input (passwords, tokens), and application state conditions (eg: the existence of a debugger) into the key derivation mechanism. See the diagram below.
For advanced users, appdome also provides an option for customers to control parts of the key management process via an external key management system (KMS). With this option, additional external factors may be introduced for key derivation.
Like all features in the Appdome Mobile Security Suite, customers can implement this feature standalone, or combined with other mobile security features or 3rd party SDK/APIs – all of which can be integrated into any mobile app in minutes with no coding.
Follow these step-by-step instructions prevent mobile data exploits and add data-at-rest encryption to Any Mobile App.
Congratulations! You now have a mobile app that will prevent mobile data exploits with data-at-rest encryption
The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add MicroVPN to the mobile app in seconds.
After you have added data-at-rest encryption to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
In order to deploy an Appdome-built app, it must be signed. Signing an iOS app and Signing an Android app is easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Once you have signed your Appdome-built app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-built apps, please read this knowledge base.
That is it – Enjoy Appdome’s data-at-rest encryption protection for your app!
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.