Using Certified Secure™ Android & iOS Apps Build Certification in DevOps CI/CD

Last updated June 23, 2024 by Appdome

Learn how to use Appdome’s automated mobile app security certification service, Certified Secure™. It includes how it works and how to access and download the Certified Secure certificate as part of DevSecOps and Android and iOS release processes.

What is Appdome Certified Secure™?

Certified Secure™ is Appdome’s automated mobile app security certification service designed to help organizations build security and fraud detection features into mobile apps as part of the SDLC (Software Development Life Cycle), CI/CD, and DevSecOps processes. Certified Secure generates an instantly available, easily accessible, and understandable certification covering all security features built into Android and iOS apps by Appdome, either via the Appdome product, via Appdome’s DEV APIs, or as part of a customer’s SDLC, CI/CD and build process. Certified Secure allows organizations to validate and audit exactly which security and fraud detection features were implemented in Android and iOS applications, trace which app(s) have been secured, determine which user created the secured build, and more. Specifically, Certified Secure is designed to allow customers to:

  • Internally validate security, fraud detection, and internal and industry compliance objectives, build by build.
  • Speed release processes by using the Certified Secure™ certificate in the app release processes (i.e., verify security in apps before publication to public app stores as part of ‘go/no-go’ app release meetings.).
  • Verify that Android and iOS apps, app product lines, and app builds include universal standards of security and fraud detection, release by release.
  • Reduce or eliminate release blockers discovered by app scanning, code scanning, pen testing, and other services.

Appdome’s Certified Secure™ eliminates the guesswork in security releases. It provides instant verification of security readiness to release teams, eliminating a dependency on app scanning, pen tests, or other vulnerability assessments at the end of the process (when it is typically too late to act on the results).

Prerequisites For Using Certify Secure Android and iOS Apps

In order to download a Certified Secure certificate, you’ll need to protect your app using Appdome

What’s in the Certified Secure™ Mobile App Security Certification?

Each Certified Secure certificate is designed to provide documented evidence of each secured build created on Appdome. The sections below illustrate each component of the Certified Secure Certificate and provide details of what’s included in each certificate.

Appdome Certified Secure

  1. Quick View Protection Summary
  2. App-Specific Security Attestation-Certification
  3. Complete Build History
  4. Security Template in Use
  5. Android & iOS Security Details
  6. Advanced Enforcement Options
  7. Context/App-specific Configuration
  8. App-Signing Details

Certified Secure certificates are generated each time an Appdome user creates a secure version of an Android or iOS mobile app on Appdome. The certificate can be accessed directly from the user’s account on the Appdome platform or via the confirmation email sent to the user after each secure build is created on Appdome. Each certificate is specific to the app, version, build, and user.

Certified Secure™ Android and iOS App Details

Each Certified Secure™ certification includes a description of the mobile application secured on Appdome, including:

App Name And Icon

  • App Icon
  • App Name
  • App Version
  • App Dev Build No
  • App Bundle ID
  • OS

Quick View Protection Summary

Each Certified Secure™ certification includes a description of the Appdome Mobile App Security and Anti-Fraud features added to the Android and iOS app via Appdome, as follows:

Appdome Feature Shields

  • ONEShield™
  • TOTALCode™ Obfuscation
  • TOTALData™ Encryption
  • OS Integrity
  • Mobile Privacy
  • Secure Communication
  • Mobile Malware Prevention
  • Mobile Privacy Prevention
  • Mobile Fraud Detection

This provides app-release and security teams quick verification that the target application meets the mobile app security and anti-fraud objectives before each release.

App-Specific Security Certification

Each Certified Secure™ certification includes an attestation and certification that the mobile app is protected by the Mobile App Security and Anti-Fraud features added to the Android and iOS app via Appdome, as follows:

Certification

  • App and App Version
  • Build Number
  • OS
  • Team Name – if relevant
  • Date of build
  • Who performed the build
  • Build ID
  • Appdome Version, including whether Freeze Fusion Set is enabled

This provides Appdome’s guarantee that the target build meets the mobile app security and anti-fraud objectives as of the date of the certification.

Complete Build History

Each Certified Secure™ certification includes the complete build history of the protected Android and iOS app on Appdome, as follows:
App Added Details

  • Who uploaded the app
  • Date and Time
  • Team ID (if applicable)
  • App ID
  • Bundle ID
  • Version Number
  • Dev Build Number
  • Team License type
  • Original App Size

Compliance and certification teams can instantly verify who built the security and ensure segregation of duties.

Security Template in Use

Each Certified Secure™ certification includes the specific mobile app security and anti-fraud feature template, called a Fusion Set™, used to protect the Android and iOS app, as follows:

App Secured

  • Appdome API or GUI
  • Name of Fusion Set
  • Fusion Set ID
  • Last modified by
  • OS Platform (Appdome OS support policy)
  • Security Size Impact (increase in App size from security features implemented in the app)

Dev and release teams can manage security templates by release, by app(s), or by platform and trace security for apps back to specific templates placed in use at any point in the lifecycle of the app.

Android & iOS Security Plugin/Parameter Details

Each Certified Secure™ certification includes a complete list of security plugins and parameters chosen by the Appdome user and built into the application by the Appdome platform.

Plugins and parameters are the specific code sets that Appdome has added to implement the security features selected by Appdome customers.

Features

Context Data

Each Certified Secure™ certification includes details and descriptions of any branding and other configurations added to secured Android and iOS apps via Appdome, as follows:

Context Info

  • Who added Context
  • With which Fusion Set
  • Date and Time Context was added
  • Parameters
  • App icon
  • Favicon
  • App name
  • Version
  • Bundle ID

App-Signing Information

Each Certified Secure™ certification includes details and descriptions of any branding and other configurations added to secured Android and iOS apps via Appdome, as follows:

Sign Details

  • Sign Type (how the app was signed)
  • Who Signed the app
  • Fusion Set
  • Date and Time the app was signed
  • General data about the signature
  • Certificate SHA-256 Checksum
  • Final App SHA-256 Checksum

Advanced Enforcement Options

Threat.scoring.certified.secure 650x103

  • Details of Appdome Threat-Events that are in use
  • Threat Event Scoring Value

How to Download the Certified Secure Certificate For Any Mobile App on Appdome

Please follow the steps in this knowledge-based article on how to build apps with your desired features and successfully implement security features in your Android and iOS mobile apps.

Once you have successfully protected your app using Appdome, you can download Appdome’s Certified Secure™ certificate in one of the following ways:

Download the certificate from the platform notification email

After each successful build on the platform, you will receive a notification to the email of your Appdome account.
You can download the Appdome certificate by clicking on the download link. Then, you will be redirected to Appdome’s platform and the certificate will be downloaded automatically.

Email

Download the certificate from the App Workflow Summary Screen

  1. Navigate to the deploy tab.
  2. Click on the marked Workflow Summary” button.
  3. Click on the certified secure shield icon.

App Workflow Summary

 

Alternatively, you can click the “Download My Built App” button to receive a PDF version of the Certified Secure Certificate.

Build Completed

 

You can download the previous build certificate by opening the build history and clicking on the download icon next to the chosen build.

App History

 

You can also download the Certified Secure certificate using Appdome’s REST-APIs

Related Articles:

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform, or feel free to request a demo at any time.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

 

 

Appdome

Want a Demo?

Certified Secure™ DevSecOps Certification

GilWe're here to help
We'll get back to you in 24 hours to schedule your demo.