Mobile apps need network connectivity to communicate with the outside world, including the servers and services needed for the app to function properly. Unfortunately, the public (not secured) networks pose the risk of data loss, data theft, identity theft, and more. Organizations often require mobile apps and mobile app users to use secure network connectivity and Man-in-the-middle prevention methods to safeguard mobile app data and use.
Man-in-the-middle (MiTM) prevention is critical to protecting mobile app users and use. Likewise, adding MicroVPN to an app allows a mobile app to securely connect to any standard SSL, VPN or Proxy corporate gateway. Together, adding MiTM and MicroVPN to a mobile app achieves a layered, multi-pronged defense for secure mobile app use.
This Knowledge Base explains how you can use Appdome to add MiTM prevention and MicroVPN to Android and iOS apps, instantly, without coding. Appdome’s proprietary MiTM prevention, called Trusted Session Inspection can be combined with Appdome MicroVPN in any mobile app to protect mobile data ‘in transit’, and ensure that all mobile sessions, connections, and certificates are valid and trusted at all times.
About MiTM Prevention and MicroVPN on Appdome
Appdome is a mobile integration platform as a service (iPaaS). Appdome allows users to add a wide variety of features, SDKs, and APIs to Android and iOS applications. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily add new services like MiTM Prevention and MicroVPN to any mobile application – instantly, no code or coding required.
Using Appdome, there are no development or coding prerequisites. For example, there is no SDK, library, or plug-ins to implement. Likewise, there are no required infrastructure changes and no dependency on having standard or proprietary VPN protocols, or protections inside the mobile app prior to using Appdome. Users merely upload a mobile app, select the relevant access and security features, and click “Build My App.” The Appdome technology automatically adds MiTM Prevention, MicroVPN and relevant standards, protocols and more to the mobile app.
Trusted Session Inspection is part of the Appdome Mobile Security Suite on the Appdome platform. It protects against Man-in-the-Middle (MiTM) attacks and other forms of session hijacking. Appdome MicroVPN is part of the Mobile Access category. It is a secure mobile access feature, unique to Appdome, which enables a mobile app to connect directly to any enterprise SSL, VPN or Proxy gateway in a flexible, efficient, and secure manner. Combining Appdome’s MicroVPN and Trusted Session Inspection ensures connections from a mobile app to a server are protected from MITM and session hijacking attacks. It also ensures that the protocols used for communication are hardened and secure. When the Built app initiates an SSL Handshake with the server, using Trusted Session Inspection with MicroVPN, outgoing traffic will be processed to ensure the connection to the server is secure.
Appdome’s MicroVPN does not require all web service endpoints to be published via a gateway or code change to apps to repoint to the newly published addresses of services. Appdome’s MicroVPN can use any SSL gateway, including Microsoft App Proxy, Netscaler and more in two main modes: a transparent mode which does not require resources to be publicly published and reverse proxy mode which is intended for publicly resolvable resources. Modes can also be set on a per-resource basis, providing full granular control over the access and connectively model.
How to Add MiTM Prevention and MicroVPN on Appdome
Follow these step-by-step instructions to add MiTM Prevention and MicroVPN to mobile applications on Appdome:
Upload a Mobile Application to Your Account
Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.
From the “Build” Tab, add MiTM Prevention (Trusted Session Inspection)
Select the Build Tab. Note: a blue underline will appear showing the step is active..
- From within the Build tab, select Security category.
- Click to open Secure Communication.
- Enable or toggle “ON” Trusted Session Inspection
For more detailed information about Trusted Session Inspection, check out this Knowledge Base article.
From the “Build” Tab, add MicroVPN
- Click on the Build tab, then select Access
- Click Add Profile on Mobile Access and MicroVPN Profiles
- Enable MicroVPN by Appdome
For more information about MicroVPN, check this MicroVPN Knowledge Base article.
After you make your selections, click “Build My App.” Appdome’s technology will automatically add your selections to the mobile app – no code or coding required.
MiTM Prevention and MicroVPN – Exclusive Inspection (no Proxy configured)
When enabling MiTM Prevention and MicroVPN together without enabling BlindMicroVPN, both features will operate in Exclusive Inspection mode. This feature requires that you have configured Inclusive Routing under MicroVPN by Appdome.
Here’s how Exclusive inspection works. Upon initiation of a connection, MicroVPN validates if the connection is made to a server configured under Inclusive Routing. If yes, it routes the connection through Appdome MicroVPN and will exhibit the following Appdome MicroVPN behavior.
If the connection is made to a server, not through the Inclusive Routing list, the connection will route through Trusted Session Inspection to validate its SSL Handshake integrity. Read this KB article for more details on this feature.
MiTM Prevention and MicroVPN – Blind MicroVPN (Proxy configured)
When enabling both MiTM Prevention and MicroVPN with a Proxy Server configured, both features operate together on every connection. Specifically, when the client initiates the connection, Trusted Session Inspection validates the SSL Connection to the destination server, while MicroVPN validates the SSL Connection to the configured Proxy Server, This ensures both ends of the connection are secure. Here’s how to configure a Proxy Server in MicroVPN).
MiTM Prevention and MicroVPN – No Proxy Configured Attack Vectors
MiTM Prevention and MicroVPN – Proxy Configured Attack Vectors
Local Man-In-The-Middle attacks
A local Man-In-The-Middle attack occurs when the attacker hijacks a connection anywhere between the device and the proxy server. This most commonly occurs in the mobile device’s LAN environment – where traffic from the device routes to the Proxy Server, the attacker injects his own certificate instead of the one returned from the Proxy Server. In this situation, MicroVPN will validate the Proxy Server certificate and close the connection.
Remote (or server-side) Man-In-The-Middle
The Remote Man-In-The-Middle occurs when the attacker intercepts the connection anywhere between the proxy and the destination server. This most commonly occurs on a LAN segment of each server. The attacker sends a request from a proxy to a server, injecting his own certificate instead of the one returned from the Remote Server. When this occurs, Trusted Session Inspection validates the certificate returned from the Remote Server and acts accordingly as configured (See Trusted Session Inspection).
Trusted Session Inspection helps mobile developers release secure apps from the first use. Fusion does not impact your app functionality or add time to your development cycle. It’s fast, easy, and non-intrusive.
Want to Learn More?
Check out the blog on Trusted Session Inspection or request a demo at any time.
To zoom out on this topic, visit the Appdome Mobile Security page on our website.