Appdome MobileBOT™ Defense Empowers Mobile Brands to Equalize Web Application Firewall Performance and Stop Bots Attacks Better

New adaptive defense model allows network security teams to adjust detection and defense rules to get the most out of existing web application firewalls.

Redwood City, Calif. –(April 24, 2024) – Appdome, the mobile app economy’s one-stop shop for mobile app defense, today announced three new enhancements to its MobileBOT™ Defense solution to empower mobile brands to get more value and control from their existing web application firewall (WAF) infrastructures by adjusting the evaluation, detection, and defense policy to suit each WAF product and installation.

Cybercriminals have shifted their focus to mobile bot attacks, including weaponizing mobile apps, modified mobile apps, malware controlled mobile apps, fake mobile apps, as well as the common bot tactics like bot farms and scripts to perform brute force account takeovers, DDoS attacks and API abuse. WAF vendors have responded by providing customers with anti-bot SDKs. However, anti-bot SDKs impose too much work and too many limits on mobile app developers with too heavy a performance penalty on mobile apps in production. In addition, using these anti-bot SDKs also require costly changes to WAF infrastructures. Appdome MobileBOT™ Defense provides the only way to avoid these complex challenges, making it easy for customers to deliver mobile anti-bot defense on top of any installed WAF.

The Appdome MobileBOT™ Defense solution is fully portable across all new and old, on-premise and cloud WAFs. The new enhancements to MobileBOT™ Defense provide adaptive evaluation, detection and defense rules that can ease and balance the compute burden on existing WAFs and infrastructures, enabling mobile brands to proactively identify and thwart bot attacks, all while reducing the strain on traditional WAFs, including those WAFs reaching their end-of-service horizons. The new Appdome enhancements allow enterprises, network security teams and mobile brands to extend the useful life of WAFs and deliver more ROI from their existing WAF investments.

“Mobile brands need to stop bot attacks, but they also need to get the most out of their WAF infrastructures and avoid costly or unplanned WAF upgrades,” said Tom Tovar, CEO and co-creator of Appdome. “Any mobile brand will likely have multiple WAFs, each with different performance characteristics. Our goal is to allow the brand to tailor the bot defense profile to meet the performance characteristics of each WAF.”

The new innovations in Appdome MobileBOT™ Defense include:

Appdome DEVICETrust™: DEVICETrust is an innovative way to set the evaluation mode for connection requests and screen bot traffic and attacks. With it, mobile brands have the power to set the trust level for each threat vector and, depending on the trust setting, determine where, when and how bot detection and defense is performed. This allows for customizable trust models based on the class and type of WAF used in the bot defense infrastructure. With the new trust model mobile brands can select and prioritize the security checks that are most important to their mobile app security project goals with the click of a button.

Three modes of DEVICETrust are available with Appdome MobileBOT™ Defense:

  • Adaptive Trust – uses the Appdome Bot Defense Framework™ intelligence to dynamically adjust the evaluation model based on the responsiveness of each WAF connected to MobileBOT defense.
  • Runtime-Trust – allows connection requests to proceed while threat assessment and checks are in process.
  • Zero-Trust – holds connection requests until threat assessment and checks are complete.

Appdome Bot Source and BotID:  Bot Source and BotID give mobile brands the ability to achieve continuous risk assessments by adding any data, such as business logic, to specific users and sessions in a mobile app, giving the WAF more granular rules and automated enforcement at the point of the attack, including on connection, at login, transaction, password reset, or other key application workflows.

Appdome Client Rate Limiting: Client rate limiting leverages the compute and processing power of the mobile device used in the attack, performing rate-limiting enforcement within the mobile app. Configurable limits on how frequently a user can perform an action, such as attempting to log in, within a defined timeframe. This approach is better than only relying solely on server-side rate limiting which can be susceptible to brute force and DDoS attacks.

“We’re working hard to ensure that our customers get the most out of their WAF infrastructure,” said Chris Roeckl, Appdome chief product officer. “WAFs are high performance, very capable, platforms. The antibot SDKs provided by WAF vendors are not. We’re trying to bridge the gap and give mobile brands something they can use to stop bots quickly, easily and efficiently.”

About Appdome MobileBOT™ Defense
Appdome MobileBOT™ Defense is the industry’s only comprehensive and fully portable anti-bot defense solution built-from-the-ground-up for mobile apps. It offers mobile brands multi-layered bot detection, intelligence, and defense all in one solution, easily protecting the mobile channel from 300+ attack vectors including fake apps, weaponized apps, malware-controlled apps, bot attacks, credential stuffing, DDoS and account takeovers (ATOs). It requires no SDK, no coding, and no added servers to deploy, and is fully compatible with all coding languages and frameworks used in mobile app development. Appdome MobileBOT™ Defense is also the only product to work seamlessly with any WAF used in a mobile brand’s network. With Appdome, mobile brands are more efficiently and effectively protected from bot-driven malicious attacks, fraud, IP theft, performance drains and compliance issues at lower cost and complexity than legacy approaches.  For more information about Appdome MobileBOT™ Defense, see our Knowledge Articles at

About Appdome
The Appdome mission is to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides the mobile industry’s only Unified Mobile App Defense platform, powered by a patented mobile coding engine, Threat-Events™ Threat-Aware UX/UI Control, and ThreatScope™ Mobile XDR. Using Appdome, mobile brands eliminate complexity, ship faster and save money by delivering 300+ Certified Secure™ mobile app security, anti-malware, anti-fraud, mobile anti-bot, anti-cheat, geo compliance, MiTM attack prevention, code obfuscation, social engineering and other protections in Android and iOS apps with ease, inside the mobile DevOps and CI/CD pipeline. Leading financial, healthcare, government and m-commerce brands use Appdome to protect Android and iOS apps, mobile customers and mobile businesses globally. Appdome holds several patents including U.S. Patents 9,934,017 B2, 10,310,870 B2, 10,606,582 B2, 11,243,748 B2 and 11,294,663 B2. Additional patents pending.


Have a question?

ask an expert

GilWe're here to help
We'll get back to you in 24 hours to schedule your demo.

Search Appdome Solutions

Blog Top 3 Ways Screen Overlay Attacks Are Used for Mobile Fraud

How Attackers Use Overlay Attacks to Commit Mobile Fraud

A Screen Overlay Attack (sometimes also called Clickjacking) is an attack method whereby bad actors and fraudsters uses multiple transparent or opaque layers to trick a user into clicking on a button…