Debug information in mobile apps can display information which leaves a mobile app vulnerable to attacks. Examples of the information which can be exposed are the source code file names, line numbers, variable names and symbol names to name a few. You can use Appdome to strip debug information from the logs for additional mobile app protection.
This Knowledge Base article summaries the steps needed to use Appdome to easily strip debug information from a mobile app.
We hope you find it useful and enjoy using Appdome!
Stripping Debug Information From Any Mobile App
Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily strip your app of debugging information – instantly, no code or coding required.
Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins required to secure your app with Appdome.
What is Debug Information and How Can It Be Abused?
Debug information is data stored inside the code of a mobile app which aids the developer in troubleshooting, tracking down issues, and fixing bugs more easily. As it happens, debug information can also be used by bad actors who want to learn how your app works by reverse engineering your code (or other malicious purposes like copying or stealing your intellectual property).
According to mobile development best practices, the distributed app should be built in release mode (which does not contain debug information). However, more often than not, the released mobile app does contain debug information such as source code file names, line numbers, variable names and symbol names. Rather than going back to the developer and asking them to modify the app, Appdome offers a quick and easy way to strip debug information from the Android or iOS app – instantly without code or coding.
Prerequisites for Using Appdome to Strip Debug Information
In order to use Appdome’s Strip Debug Symbols, you’ll need:
- Appdome account
- Mobile App (.ipa for iOS, or .apk for Android)
- Signing Credentials (e.g., signing certificates and provisioning profile)
How to Strip Debug Symbols From Any Mobile App on Appdome
Follow these step-by-step instructions to protect your app by stripping debug information from the logs of the app:
Upload a Mobile App to Your Account
From the “Build” Tab Select “Strip Debug Information”
Select the Build Tab. Note: a blue underline will appear showing the step is active
Beneath the Build Tab, you will find several service options. Select Security. Note: a blue highlight will appear showing the category is active.
From within the Security Tab,
- Expand ONEShield™ by Appdome
- Open TOTALCode™ Obfuscation
- Click on the toggle to enable Strip Debug Information
- You can use Strip Export Names, to strip the application’s export information. Note: this feature can not be used when the application loads its own symbols.
- Click Build My App
Congratulations! When your integration is complete, you will see the notice below. You now have a fully integrated mobile app from which the debug information has been properly removed. This gives you more mobile app protection.
After Removing Debug Information From a Mobile App on Appdome
After you have removed the debug information from a Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project. Read this Knowledge Base article to learn what to do after you successfully Build an app. It explains both optional steps and required steps.
How Do I Learn More?
To zoom out on this topic, visit Appdome for Mobile App Security on our website.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.