Unveils 30 Groundbreaking Deep Fake Detection Plugins to Strengthen ATO Protection in Android & iOS Apps

Redwood City, CA – Feb. 18, 2025 – Appdome, the leader in protecting mobile businesses, today announced it is extending its Account Takeover Protection suite with 30 new dynamic defense plugins for Deep Fake Detection in Android & iOS apps. The new plugins are designed to guarantee the integrity of Apple Face ID, Google Face Recognition, and 3rd party face and voice recognition services against AI-generated and other deepfake attacks. Like all Appdome defenses, each of the 30 new dynamic defense plugins for Deep Fake Detection is available by choice using the Appdome platform without the need to integrate code, perform manual coding, implement SDKs, or deploy servers. 

“The mobile economy depends on the integrity of facial recognition, FaceID and other biometric authentication methods as they are more and more used to reduce friction,” said Eric Newcomer, CTO and Principal Analyst, Intellyx. “However, attackers are constantly finding new ways to bypass biometric authentication. Appdome is taking on the challenge of AI-Generated Deepfake Attacks head on and providing mobile businesses the granular detection and control defenses to stop these attacks inside the mobile app, preventing them from passing attack data to other systems. This is a great way to combat ATOs and ODF quickly and efficiently.” 

The mobile economy trusts Face ID and facial recognition for authentication, Know Your Customer (KYC) compliance, and to combat on-device fraud (ODF). Mobile brands rely on facial recognition, including liveness checks, to streamline authentication while also building and maintaining trust with their users. Brands tell users that facial recognition will ensure that only the authorized account holder can access their apps, accounts, and services. However, the number and sophistication of attacks targeting every aspect of facial recognition and biometric authentication have exploded in the last nine months, driven by the rise of AI-generated deepfakes, virtual cameras, image substitution, buffer attacks, voice cloning, and other methods. Deepfake attacks easily generate hyper-realistic and adversarial replications or manipulations that can fool facial and voice verification systems. Sometimes attackers use virtual cameras to inject pre-recorded or live video streams into the facial recognition process. Other times, image buffer attacks manipulate face data processing in real time to bypass liveness detection processes. The speed of evolution, ease of use, and ubiquity of deepfake attacks make deepfake detection one of the top anti-fraud and anti-ATO objectives for brands and enterprises in 2025. 

“Everyone, from mobile app developers to enterprises to Face ID and Facial Recognition vendors, are struggling with the technical challenges of detecting AI-generated Deepfakes and Face ID Bypass techniques,” said Tom Tovar, CEO of Appdome. “While no one can stop the creation of deepfakes, we’ve succeeded in stopping their use inside mobile applications and we’re making our innovations available to mobile app developers and face recognition vendors alike.” 

Despite the growing sophistication of Face ID and facial recognition services for mobile applications, Face ID bypass techniques, which manipulate biometric authentication processes, use virtual cameras, and use AI-generated synthetic images or streams to mimic legitimate users, have started to outpace biometric authentication methods. Additionally, malicious actors are developing tools and techniques to exploit vulnerabilities in device hardware, face recognition software, and face recognition APIs to compromise the integrity of biometric authentication. These challenges highlight the need for enhanced security measures around the biometric authentication workflows, to safeguard Face ID and facial recognition against deepfake attacks.

Appdome’s Deep Fake Detection plugins sit on top of OS-native or third-party Face ID, facial recognition, and voice recognition methods, including face verification SDKs. This approach ensures that any facial recognition process is secure from deepfake attacks and provides enhanced integrity and security for authentication workflows, regardless of the provider. Specific attack vectors that Appdome’s Deep Fake Detection protects against include: 

• Face ID Bypass: Detects attempts to bypass Native Android and iOS biometric, facial recognition authentication systems on mobile devices, including FaceID and Biometric API calls, hardware abstraction layers, and more. 

• Deep Fake Apps: Detects deepfake and face swap apps that can be used to spoof facial recognition services used by Android and iOS applications, including in combination with virtual camera and video injection tools.

• Deepfake Video Detection: Detects synthetic identity attacks, video injection, frame and image buffer attacks, Direct Memory Access (DMA) attacks, monitors face embeddings, and more.

• Appdome Liveness Detection: Applies primary or secondary liveness check to ensure a real face is used during the facial recognition process, applying AI models to verify 3D depth, skin texture, lighting, eye reflectiveness, the strength of liveness image, and more. 

• Voice Cloning: Detects synthetic voice spoofing and voice cloning apps when in use with the protected application, perfect for applications that rely on “my voice is my password” authentication workflows. 

Brands and businesses can expect each Appdome defense to detect a Deep Fake attack as well as its variants. Appdome dynamic defense plugins use real-time behavioral analysis to detect the behaviors and methods that the multitude of FaceID bypass and AI-based Deep-Fake and Voice Cloning Tools use to exploit authentication checks in Android & iOS apps. As a learning system, it constantly evolves to ensure continuous defense against Deep Fakes and related threats. 

“It’s amazing how fast facial recognition, FaceID and other biometric authentication methods were undermined by AI-generated deepfakes in the mobile economy,” said Chris Roeckl, Chief Product Officer at Appdome. “Appdome is the only solution on the market that places sentries and defenses deep in the execution framework of the mobile application to prevent the deepfake delivery model and well as the use of deepfakes in the applications themselves.” 

Like all Appdome mobile app defenses, the new deep Fake Detection plugins combine the power of choice-driven defense in depth, and no-code, no SDK delivery with innovative on-device detection, defense, and intelligence options to satisfy any implementation objective. All Android & iOS Deep Fake Detection Plugins are available with Appdome’s Threat-Events™ Intelligence and Control Framework and ThreatScope™ Mobile XDR service. Threat-Events allows mobile brands and facial recognition SDK and API providers to gather data on each attack and use the data to control the application or user experience when deepfake attacks happen. Mobile brands and facial recognition SDK and API providers can use Threat-Events to gather deeper threat intelligence and create unique workflows and user messages leveraging the power of their brand voice when threats are present. Mobile brands can track and monitor Deepfake attacks via Appdome’s ThreatScope™, either before or after the deployment of the anti-Deep Fake features. 

Learn more about Appdome’s Deep Fake Detection. 

About Appdome 

Appdome’s mission is to protect every mobile business and user in the world from scams, fraud, bots, and hackers. Mobile businesses, mobile apps, mobile platforms, operating systems, and threats constantly change. Appdome’s patented AI-Native XTM Platform is designed to instantly accommodate these changes by automating every aspect of mobile application and business defense – from design to build, certification, monitoring, response, support, and resolution. Appdome uses AI to deliver a growing list of 10,000s of dynamic defense plugins created to address 400+ mobile app security, anti-fraud, bot defense, anti-malware, geo compliance, social engineering, deep-fake, and other attack vectors on demand. Mobile applications that are built using Appdome are Certified Secure™ at build time, eliminating the need for coding, SDKs, server attestation, work, and complexity in the cyber defense lifecycle. Appdome also uses AI inside its ThreatScope™ Mobile XDR, to continuously calculate a Mobile Risk Index™ for businesses and applications as well as rank and preempt attacks in real-time. In Appdome’s Threat Resolution Center™, Appdome uses GenAI to provide customer support and care teams a quick and easy way to provide end-user threat resolution and remediation. All of Appdome’s in-app and bot defenses can be used with Appdome’s Threat-Events™ intelligence framework. This framework gathers threat and attack metadata, and is used to inform the application, application SDKs, and backend network components when threats are present or to create customized threat responses inside Android & iOS apps. As a platform, Appdome also functions as a continuous compliance center, tracking all builds, changes, teams, users, defense configurations, events, and more for quick and easy audit of the mobile defense lifecycle. Appdome holds several patents including U.S. Patents 9,934,017 B2, 10,310,870 B2, 10,606,582 B2, 11,243,748 B2 and 11,294,663 B2. Additional patents pending.