Learn how to prevent man-in-the-middle attacks (MiTM) using Appdome. This Knowledge Base article explains how to implement the Appdome Trusted Session feature to prevent mobile Man-in-the-middle attacks. The article also explains how Appdome’s “Permit DNS over TCP” setting works when you implement Appdome Trusted Session.
Appdome is a mobile integration platform as a service (iPaaS) that enables anybody to add a wide variety of features, SDKs, and APIs to Android and iOS applications. Using a simple ‘click to add’ user interface, Appdome enables anyone to easily implement mobile app security in any iOS or Android app – instantly, no code or coding required.
Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement Trusted Session to prevent MitM attacks. Trusted Session can be added to any iOS or Android app in seconds, with no code or coding.
You can implement Appdome Trusted Session to prevent man-in-the-middle attacks and other forms of session hijacking. Appdome also protects any app from malicious proxies, modified or untrusted Certificates, and Stale Session renewal.
Appdome Trusted Session validates the authenticity of communication sessions initiated by the app or the server. This includes actively validating TLS/SSL certificates, CAs, session state to prevent any unauthorized modifications.
When implemented in a mobile app, Appdome Trusted Session technology prevents hackers from gaining control over the session before the TLS handshake completes. When the application starts the SSL Handshake with the server, Appdome’s Trusted Session technology inspects the traffic for anything that looks suspicious. When triggered, the Trusted Session will automatically notify the user of the compromise and drop the connection.
The message displayed to the user can be customized.
When you build your app with Trusted Session, you can enable any number of additional Session Controls, as seen below.
When you build your app with Appdome Trusted Session enabled, you can also enable one or more “Session Control” options, including “Permit DNS over TCP”. Building your application with Permit DNS over TCP allows DNS requests over TCP to pass undisrupted.
Follow these step-by-step instructions to enable Appdome Trusted Session and Permit DNS over TCP to a mobile app.
The technology behind Build My App has two major elements – (1) a micro-service architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the application to the relevant code-sets needed to add the requested service to the mobile application in seconds.
Congratulations! When your integration is complete, you will see the notice below. You now have a mobile app fully integrated with Trusted Session.
That is it – You now have a new app built with Appdome’s Trusted Session and “Permit DNS over TCP”.
After you have added Secure Communication to any mobile application on Appdome, there are a few additional steps needed to complete your project.
Please view the article here on How to Complete My Mobile Integration Project After I Build My App.
Check out the Appdome Trusted Session KB for more detail on Trusted Session and other optional features available.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.