How to Implement Failsafe Enforcement with In-App Detection
What is Failsafe Enforcement?
Failsafe Enforcement allows mobile apps to handle detected threats with precision and flexibility. When you enable this feature, it enhances the selected In-App Detection Threat Event by delaying the enforcement action, giving your app control over how and when the user is notified. This approach ensures that the app can provide a smooth user experience while still addressing security threats effectively.
By leveraging the Failsafe Enforcement functionality, mobile app developers unlock enhanced user experience options, offering added layers of notification sophistication through features such as the App Compromise Notification and versatile Short Message Options.
Note: The Short Message Options are available for Android apps only.
How Does In-App Detection with Failsafe Protect Mobile Apps
Failsafe Enforcement consists of three components:
A Failsafe Window: The failsafe window countdown starts the moment the threat event is sent from Appdome to the protected app. The failsafe enforcement window can be set between 1 and 10 milliseconds.
The enforcement action will occur at the earliest of two scenarios: (1) the protected app has sent the “EnforceThreatEvent” to Appdome, or (2) Appdome did not receive a response from the protected app within the Fail-Safe window.
Notify on Failsafe Enforcement: If Appdome does not receive a response within the failsafe window, it displays a pop-up message to the end user, and the app closes when the window expires.
Notify on App Triggered Enforcement: Your app controls the timing of the enforcement by sending the “EnforceThreatEvent” command to Appdome within the defined window. Once Appdome receives the command, it promptly exits the app. However, if Appdome doesn’t receive the command, the app will close when the failsafe window expires.
Prerequisites for using Appdome Failsafe Enforcement
To use Failsafe Enforcement, you need:
- An Appdome account – Appdome DEV or Higher.
- A Threat-Events license
- A license for In-App Detection with Failsafe
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
Step-by-Step Guide to Implement Failsafe Enforcement
Follow these steps to implement Failsafe Enforcement in your iOS or Android app.
Note: While this guide uses Root Detection as an example, you can enable Failsafe Enforcement for any feature that includes Threat Events.
-
-
Upload Your App to Appdome
-
Upload Method: Appdome Console or DEV-API
-
Android Formats: .apk or .aab
-
Root Detection Compatible With Java, JS, C++, C#, Kotlin, Flutter, React Native, Unity, Xamarin, Cordova, and other Android apps
-
-
Build the Root Detection Feature Using Appdome’s DEV-API:
- Create and name the Fusion Set (security template) that will contain the Root Detection feature as shown below:
Figure 1: Fusion Set that will contain the Root Detection feature
Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).
- To add the Root Detection feature to this Fusion Set, follow the steps in the section “Building the Root Detection feature via Appdome Console” of this article.
- Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set, as shown in Figure 1 above, and get the Fusion Set ID from the Fusion Set Detail Summary (as shown below):
Figure 2: Fusion Set Detail Summary
Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory).
- Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, App Center, Jenkins, Travis, Team City, Circle CI, or other systems:
- Build an API for the app – for instructions, see the tasks under Appdome API Reference Guide
- Look for sample APIs in Appdome’s GitHub Repository
- Create and name the Fusion Set (security template) that will contain the Root Detection feature as shown below:
-
Build the Root Detection Feature via Appdome Console
- To build the Root Detection protection using Appdome Console, follow the instructions below.
- Where: Inside the Appdome Console, go to Build > Security Tab > OS Integrity section.
- How: Toggle on Root Detection, as shown below.
- Click on the Threat Events checkbox
- Select In-App Detection w/FailSafe from the drop-down menu
- Optional: Turn on Notify on Failsafe Enforcement
- Optional: Turn on Notify on App Triggered Enforcement
- Threat-Events™ ON > In-App Detection w/Failsafe
Once this setting is enabled, Appdome will begin enforcing specific detections, but only after a fixed timeframe specified by the app developer.
Figure 3: Detect rooting option
Note: The App Compromise Notification contains an easy-to-follow default remediation path for the mobile app end user. You can customize this message as required to achieve brand-specific support, workflow, or other messaging. - After you select Root Detection, you’ll notice that the Fusion Set you created now bears the icon of the protection category that contains Root Detection.
Figure 4: Fusion Set that displays the newly added Root Detection protection - Click Build My App at the bottom of the Build Workflow (shown in Figure 3).
-
Congratulations! The Root Detection is now added to your mobile app
Certify the Root Detection feature in Android Apps.
After you build Root Detection, Appdome generates a Certified Secure™ certificate. This certificate guarantees that the Root Detection protection has been added and is actively protecting the app. To verify the protection, locate it in the Certified Secure™ certificate.
Figure 5: Certified Secure™ certificate
Each Certified Secure™ certificate provides DevOps and DevSecOps organizations with the entire workflow summary, audit trail of each build, and proof of protection that Root Detection has been added to each Android app. Certified Secure provides instant and in-line DevSecOps compliance certification that Root Detection and other mobile app security features are in each build of the mobile app.
Related Articles
- Threat-Events in Android & iOS Apps Explained
- Threat-Events™, In-App Threat Intelligence in Native iOS Apps
- Threat-Events™, In-App Threat Intelligence in Kotlin Apps
- Threat-Events™, In-App Threat Intelligence in React Native Apps
- Threat-Events™, In-App Threat Intelligence in Swift Apps
- Threat-Events™, In-App Threat Intelligence in Native Android Apps
How to Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.