The soft belly of any application are the strings and resources that can be easily understood from the application without using specialized tools, for examples phrases, URLs, tokens, passwords etc. Unlink the java strings and the assets folder which are encrypted by Appdome Strings and Resources encryption, the string resources, usually under strings.xml file, can’t be encrypted on the device as the OS needs it.
To provide our customers overall security protection of their Android app, Appdome’s XMLEncryptTMservice encrypts the sensitive strings stored in the localizable locations in Android. Now you can easily enhance the security of your app against malicious attempts to read the app’s content.
This Knowledge Base article summarizes the steps needed to encrypt the sensitive strings.xml values using XMLEncryptTM by Appdome.
We hope you find it useful and enjoy using Appdome!
About XMLEncryptTM on Appdome
In Android apps, the strings.xml is often used by the OS (f.e. to show the application display name and to hold the localizable String resources). Additionally, it is common for mobile app developers to store all the app strings including sensitive data and values inside this XML. Since the strings.xml file can’t be encrypted as a whole, Appdome’s XMLEncryptTM provides the perfect solution. Appdome’s XMLEncryptTM service iterates over the strings.xml and encrypts all the sensitive strings that are not used in the app manifest or by the OS.
As seen in the screenshot below the XMLEncryptTM service replaces the sensitive strings with XXXX. Strings from the android support library and other google public libraries will not be encrypted.
Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs, and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily integrate strings, resources, and in-App preferences encryption to any mobile app – instantly, no code or coding required.
Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. The Appdome technology adds strings and resources encryption alongside relevant standards, frameworks and more to the app automatically, with no manual development work at all.
Prerequisites for Using XMLEncryptTM
In order to use Appdome’s no code implementation of XMLEncryptTM, you’ll need:
- Appdome account – IDEAL level account.
- Appdome-DEV access
- Mobile App (.ipa for iOS, or .apk for Android)
- Signing Credentials (e.g., signing certificates and provisioning profile)
How to Add XMLEncryptTM Encryption to Any Mobile App on Appdome
Follow these step-by-step instructions to add XMLEncryptTM to any mobile app:
Upload a Mobile App to Your Account
From the Build tab, add XMLEncryptTM to the App
- Click the Build tab.
- In the top menu, select Security.
- Expand TOTALDataTM Encryption.
- Switch on XMLEncryptTM.
- (optional) switch on Native String Decryption to decrypt strings which are being accessed from native code frameworks such as Xamarin.
- Click Build My App.
After Adding XMLEncryptTM Encryption to a Mobile App
After you have added XMLEncryptTM encryption to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Add Context™ to the Appdome Built App
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
Sign the Appdome Built App (Required)
In order to deploy an Appdome Built app, it must be signed. Signing an iOS app and Signing an Android app is easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Deploy the App to a Mobile Device
Once you have signed your app, you can download it to deploy it using your distribution method of choice. For more information on deploying your apps, please read this knowledge base.
That is it – Enjoy Appdome’s XMLEncrypt solution in your app!
How Do I Learn More?
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.