How to use Conditional Evaluation in Android & iOS Apps
This article provides an overview of the Conditional Evaluation feature, detailing its function, benefits, and how to integrate it into your app.
What is Conditional Evaluation?
Conditional Evaluation is a feature that allows Appdome’s security mechanisms—both tests and validations—to be initiated only after receiving explicit approval from the application. This approach ensures that security measures are in sync with the app’s user consent process, thereby enhancing user trust and meeting privacy standards.
Why Use Conditional Evaluation?
-
- User Privacy: This policy respects user privacy by not initiating any security tests or validations until after user consent has been obtained.
- Regulatory Compliance: Helps ensure compliance with global privacy laws that require user consent before data processing or security checks.
- Enhanced Trust: Builds user trust by transparently aligning security measures with user consent, demonstrating a commitment to privacy.
Prerequisites for using Appdome Conditional Evaluation
-
-
- Appdome account – Appdome DEV or Higher.
- Threat-Events license
- A license for Conditional Evaluation
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
- Signing Credentials (e.g., signing certificates and provisioning profile) – see Signing Secure Android apps and Signing Secure iOS apps.
- Threat events and/or threat scores have been turned on for specific protection. You are using the correct identifiers for the Threat-Events for each protection.
- The “onConsentFinished” implementation has been added to your app prior to upload.
-
Using Input Threat-Events™ for Conditional Evaluation in Mobile Apps
Before enabling the Conditional Evaluation feature, ensure your app has been uploaded to the Appdome platform with the necessary input threat event, as shown in the following code example. This is crucial for the feature to function correctly.
Note: Input Threat Events are unavailable for multi-platform frameworks such as React Native, Flutter, and Cordova. If you are using these coding languages, it is recommended that you build a bridge class that acts as an intermediary between the framework and the mobile native API.
For more details on how to build bridging classes for Flutter and Cordova, please refer to the following documentation: Flutter and Cordova Plugin Development Guide.
Java
// Define placeholders for key and value
String key = "<KEY_PLACEHOLDER>";
String value = "<VALUE_PLACEHOLDER>";
// Create a new intent with the action "ConditionalEvaluationEvent"
Intent intent = new Intent("ConditionalEvaluationEvent");
// Create a bundle to hold the data
Bundle bundle = new Bundle();
// Add the key-value pair to the bundle
bundle.putString(key, value);
// Attach the bundle to the intent
intent.putExtras(bundle);
// Get the application's context
Context context = getApplicationContext();
// Set the package name for the intent
intent.setPackage(context.getPackageName());
// Send the broadcast with the intent
context.sendBroadcast(intent);
Kotlin
val key = "KEY_PLACEHOLDER>"
val value = "<VALUE_PLACEHOLDER>"
val intent = Intent("ConditionalEvaluationEvent")
val bundle = Bundle()
bundle.putString(key, value)
intent.putExtras(bundle)
val context = applicationContext
intent.`package` = context.packageName
// Sending information back to Appdome
context.sendBroadcast(intent)
Xamarin/MAUI Android – CSharp
string key = "<KEY_PLACEHOLDER>";
string value = "<VALUE_PLACEHOLDER>";
// Create a new intent with the action "ConditionalEvaluationEvent"
Intent intent = new Intent("ConditionalEvaluationEvent");
// Create a bundle to hold the data
Bundle bundle = new Bundle();
// Add the key-value pair to the bundle
bundle.PutString(key, value);
// Attach the bundle to the intent
intent.PutExtras(bundle);
// Set the package name for the intent
intent.SetPackage(ApplicationContext.PackageName);
// Send the broadcast with the intent
ApplicationContext.SendBroadcast(intent);
Objective-C
NSString *key = @;
KEY_PLACEHOLDER > ";
NSString *value = @"";
NSDictionary *userInfo = @{key : value};
// Sending information back to Appdome
[[NSNotificationCenter defaultCenter]
postNotificationName:@"ConditionalEvaluationEvent"
object:nil
userInfo:userInfo];Swift
let key = "<KEY_PLACEHOLDER>"
let value = "<VALUE_PLACEHOLDER>"
let userInfo = [key: value]
// Sending information back to Appdome
NotificationCenter.default.post(
name
: Notification.Name("ConditionalEvaluationEvent"), object
: nil, userInfo
: userInfo)Xamarin/MAUI iOS -CSharp
String key = "<KEY_PLACEHOLDER>";
String value = "<VALUE_PLACEHOLDER>";
// Create a dictionary to hold the data
NSDictionary userInfo = new NSDictionary(key, value);
// Post a notification with the data
NSNotificationCenter.DefaultCenter.PostNotificationName("ConditionalEvaluationEvent", null, userInfo);How to Enable Conditional Evaluation
The figure below shows where you can find the Conditional Evaluation feature for each of the runtime mobile app security, anti-fraud, anti-malware, mobile antibot, and other protections available on Appdome.
Note: We have used Prevent App Screen Sharing as an example; you can enable Conditional Evaluation for any feature that includes Threat Events.
- Upload the Mobile App to Appdome’s Mobile App Security Build System
- Upload Method: Appdome Console or DEV-API
- Mobile App Formats: .ipa for an iOS device or .apk or .aab for Android
- Prevent App Screen Sharing is compatible with Obj-C, Java, JS, C#, C++, Swift, Kotlin, Maui, Xamarin, and more.
Build Prevent App Screen Sharing using Appdome’s DEV-API:
-
- Create and name the Fusion Set (security template) that will contain the Prevent App Screen Sharing feature as shown below:
Figure 1: Fusion Set that will contain the Prevent App Screen Sharing feature
Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required). -
To add the Prevent App Screen Sharing feature to this Fusion Set, follow the steps in the ‘Building the Prevent App Screen Sharing feature via Appdome Console’ section.
- Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set, as shown in Figure 1 above, and get the Fusion Set ID from the Fusion Set Detail Summary (as shown below)
Figure 2: Fusion Set Detail Summary
Note: Annotating the Fusion Set to identify the protection(s) selected is optional (not mandatory).
- Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit such as Bitrise, App Center, Jenkins, Travis, Team City, Circle CI, or other systems
- Build an API for the app – for instructions, see the tasks under Appdome API Reference Guide
- Look for sample APIs in Appdome’s GitHub Repository
- Create and name the Fusion Set (security template) that will contain the Prevent App Screen Sharing feature as shown below:
Building the Prevent App Screen Sharing feature via Appdome Console
To add the Conditional Enforcement using Appdome Console, follow the instructions below:
- Create and name the Fusion Set (security template) that will contain the Prevent App Screen Sharing feature as shown above:
- Where: Inside the Appdome Console, go to Build > Security Tab > Mobile Privacy section
- How: Toggle (turn ON) Prevent App Screen Sharing > Conditional Evaluation, as shown below.
- Figure 3: Validate Prevent App Screen Sharing
- When you select Prevent App Screen Sharing, you’ll notice that the Fusion Set you created now bears the icon of the protection category that contains Prevent App Screen Sharing.
Figure 4: Fusion Set that displays the newly added Prevent App Screen Sharing protection - Click Build My App at the bottom of the Build Workflow (shown in Figure 3).
Certify the Copy/Paste Prevention feature in Mobile Apps.
After building Prevent App Screen Sharing, Appdome generates a Certified Secure™ certificate to guarantee that the Prevent App Screen Sharing protection has been added and is protecting the app.
To verify that Conditional Evaluation protection has been added to the mobile app, locate the protection in the Certified Secure™ certificate as shown below:
Figure 5: Certified Secure™ certificate
Each Certified Secure™ certificate provides DevOps and DevSecOps organizations with the entire workflow summary, audit trail of each build, and proof of protection have been added to each Mobile app. Certified Secure provides instant and in-line DevSecOps compliance certification that Prevent App Screen Sharing and other mobile app security features in each mobile app build.
Related Articles
- Threat-Events in Android & iOS Apps Explained
- How to use Conditional Enforcement in Mobile Apps
- Threat-Events™, In-App Threat Intelligence in Native iOS Apps
- Threat-Events™, In-App Threat Intelligence in Kotlin Apps
- Threat-Events™, In-App Threat Intelligence in React Native Apps
- Threat-Events™, In-App Threat Intelligence in Swift Apps
- Threat-Events™, In-App Threat Intelligence in Native Android Apps
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
