Threat-Events in Android & iOS Apps Explained
Using ‘Threat-Events in Android & iOS apps,’ developers can integrate mobile app threat intelligence with Appdome-built apps to enhance security. This Knowledge Base article reviews in detail how users can leverage Threat-Events to respond or enforce actions after Appdome detects a security event in a mobile app.
About Appdome Mobile App Threat-Events
Appdome Threat-Events use industry-standard notification methods to pass events from the Appdome layer back to the application so that the application can take further action whenever Appdome detects malicious events against an Appdome-protected app.
When Appdome detects a security event, the event can be handled in one of the following ways:
In-App Detection
Appdome detects the attack or threat and passes the event in a standard format to the app for processing (your app chooses how and when to enforce).
In-App Defense
When Appdome detects a security violation performed on the app, it will pass the event from the Appdome layer to the app. Appdome’s security engine will handle the event. The default behavior is for the app to exit after displaying a compromise notification to the end user (compromise notifications are customizable).
Enforce Connection Only (for Secure Communication/MitM Attack Prevention and Secure Certificate Pinning only):
When Appdome detects a security event, it passes the event from the Appdome layer to the app and blocks the connection that triggered the event.
By design, when the mobile application registers to receive Appdome Threat Events, Appdome will send an initial event. If Appdome detects a security event during the app launch/run, the initial event will hold the triggered security event details. If no security event is triggered, the initial event will only indicate a successful registration to Appdome Threat-Events (the event fields will hold no data).
Threat-Event Failsafe Enforcement
When the Failsafe Enforcement toggle is enabled, the selected In-App Detection Threat Event undergoes a hardening process. Appdome not only sends threat data to the app but also implements delayed enforcement against the identified threat. This mode grants the protected app the ability to manage the user experience (UX) when informing the end user about the threat while delegating the actual enforcement to Appdome.
For more details, please see How to Implement Failsafe Enforcement with In-App Detection.
About Appdome Threat-Event Score
Appdome Threat-Event Score is used for advanced threat handling and response. With Threat-Event Score, you can configure each Threat-Event with a unique score in order to value the importance of a particular threat or prioritize how threats are handled after Appdome detects a threat.
Risk scoring allows users to evaluate threats based on multiple selected Threats at a given time. By assigning a risk weight to each Threat Event, you can prioritize its importance in the total risk assessment.
Appdome divides Threats into two groups: consistent and volatile. Consistent events affect the total score for the entire session of the app, while volatile events only affect the total score for a short period. Consistent events include root detection and tampering with the app. All other events are considered volatile.
When activating the Threat-Event Score toggle on Appdome, you can set a numerical value (between 1-1000) that you can set for each applicable Threat-Event for any Android or iOS app. This additional scoring attribute is passed as part of an Appdome Threat Event. Threat-Event Score attributes are persistent (i.e., fixed) in each mobile app build. To update a Threat Score to reflect a new risk profile for the app or a given threat, you can re-build the app with a new Threat-Event Score on Appdome.
The Threat-Event Score can be set or adjusted according to a user-defined risk model. Threat-Event Scores can be assigned to multiple threats, allowing you to set a threshold for when a security action or workflow will be taken. With Threat-Event Score, developers are enabled to customize the enforcement model and tailor the user experience according to the relative or absolute importance, criticality, or severity level of each threat.
How to Implement Appdome Mobile App Threat-Events in Android and iOS Apps
Follow these step-by-step instructions to implement Appdome Threat Events in any iOS or Android app. Two examples are provided below. For each Appdome security protection that includes Threat Events, follow the instructions in the knowledge-based article, which provides code samples.
Note: For instructions about implementing threat events in Java code, see the Knowledge Base article Implementing Threat Events in Code.
Prerequisites for using Appdome Mobile App Threat-Events
- Appdome account – Appdome DEV or Higher.
- Threat-Events license
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
Step-by-Step Guide to Enabling Threat-Events
After uploading your app to Appdome, select the ‘Security’ tab. Expand the OS Integrity category (optional).
- Click on the toggle to enable Jailbreak Prevention/ Root Prevention, check the Threat Events checkbox, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Detect Unknown Sources (Android), select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Detect Developer Options, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Detect Banned Devices (Android), select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
Expand the Secured Communication category (optional)
- Click on the toggle to enable Android/iOS MiTM Prevention, select the Threat Events check box, and choose the notification mode (In-App Detection, In-App Defense, or Notify on Network Enforcement).
- Click on the toggle to enable Secure Certificate Pinning, select the Threat Events check box, and choose the notification mode (In-App Detection, In-App Defense, or Enforce Connection Only).
- Click on the toggle to enable Enforce Cipher Suites, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Enforce TLS Version, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Enforce Certificate Roles, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Enforce Strong RSA Signature, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Enforce Strong ECC Signature, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable Enforce SHA256 Digest, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
- Click on the toggle to enable URL Whitelisting, select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
Expand the Mobile Privacy category (optional)
- Click on the toggle to enable Copy/Paste Prevention, select the Threat Events check box, and choose the notification mode (In-App Defense).
- Click on the toggle to enable Prevent App Screen Sharing (iOS), select the Threat Events check box, and choose the notification mode (In-App Detection or In-App Defense).
How to Add Threat-Event Score to an Android or iOS App
With Threat-Event turned ON for any applicable feature, turn ON Threat-Event Score and set the Threat-Score to the requested value (1-1000) for each attack or threat.
After you have finished making your selections, Click Build My App.
The technology behind Build My App has two significant elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks, and methods in each app and match the app to the relevant code-sets needed to add Threat-Events to the mobile app in seconds.
Congratulations! You now have a mobile app Built with Threat-Events™.
No Coding Dependency
How to Sign & Publish Secured Mobile Apps Built on Appdome
After successfully securing your app by using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
- Signing Secure iOS and Android apps
- Customizing, Configuring & Branding Secure Mobile Apps
- Deploying/Publishing Secure mobile apps to Public or Private app stores
Alternatively, see this quick reference guide, Releasing Secured Android & iOS Apps, built on Appdome.
Related Articles
- Threat-Events™, In-App Threat Intelligence in Native iOS Apps
- Threat-Events™, In-App Threat Intelligence in Kotlin Apps
- Threat-Events™, In-App Threat Intelligence in React Native Apps
- Threat-Events™, In-App Threat Intelligence in Swift Apps
- Threat-Events™, In-App Threat Intelligence in Native Android Apps
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
