Using Certified Secure™ Android & iOS Apps Build Certification in DevOps CI/CD
Last updated June 23, 2024 by Appdome
Learn how to use Appdome’s automated mobile app security certification service, Certified Secure™. It includes how it works and how to access and download the Certified Secure certificate as part of DevSecOps and Android and iOS release processes.
What is Appdome Certified Secure™?
Certified Secure™ is Appdome’s automated mobile app security certification service designed to help organizations build security and fraud detection features into mobile apps as part of the SDLC (Software Development Life Cycle), CI/CD, and DevSecOps processes. Certified Secure generates an instantly available, easily accessible, and understandable certification covering all security features built into Android and iOS apps by Appdome, either via the Appdome product, via Appdome’s DEV APIs, or as part of a customer’s SDLC, CI/CD and build process. Certified Secure allows organizations to validate and audit exactly which security and fraud detection features were implemented in Android and iOS applications, trace which app(s) have been secured, determine which user created the secured build, and more. Specifically, Certified Secure is designed to allow customers to:
Internally validate security, fraud detection, and internal and industry compliance objectives, build by build.
Speed release processes by using the Certified Secure™ certificate in the app release processes (i.e., verify security in apps before publication to public app stores as part of ‘go/no-go’ app release meetings.).
Verify that Android and iOS apps, app product lines, and app builds include universal standards of security and fraud detection, release by release.
Reduce or eliminate release blockers discovered by app scanning, code scanning, pen testing, and other services.
Appdome’s Certified Secure™ eliminates the guesswork in security releases. It provides instant verification of security readiness to release teams, eliminating a dependency on app scanning, pen tests, or other vulnerability assessments at the end of the process (when it is typically too late to act on the results).
Prerequisites For Using Certify Secure Android and iOS Apps
In order to download a Certified Secure certificate, you’ll need to protect your app using Appdome
What’s in the Certified Secure™ Mobile App Security Certification?
Each Certified Secure certificate is designed to provide documented evidence of each secured build created on Appdome. The sections below illustrate each component of the Certified Secure Certificate and provide details of what’s included in each certificate.
Quick View Protection Summary
App-Specific Security Attestation-Certification
Complete Build History
Security Template in Use
Android & iOS Security Details
Advanced Enforcement Options
Context/App-specific Configuration
App-Signing Details
Certified Secure certificates are generated each time an Appdome user creates a secure version of an Android or iOS mobile app on Appdome. The certificate can be accessed directly from the user’s account on the Appdome platform or via the confirmation email sent to the user after each secure build is created on Appdome. Each certificate is specific to the app, version, build, and user.
Certified Secure™ Android and iOS App Details
Each Certified Secure™ certification includes a description of the mobile application secured on Appdome, including:
App Icon
App Name
App Version
App Dev Build No
App Bundle ID
OS
Quick View Protection Summary
Each Certified Secure™ certification includes a description of the Appdome Mobile App Security and Anti-Fraud features added to the Android and iOS app via Appdome, as follows:
ONEShield™
TOTALCode™ Obfuscation
TOTALData™ Encryption
OS Integrity
Mobile Privacy
Secure Communication
Mobile Malware Prevention
Mobile Privacy Prevention
Mobile Fraud Detection
This provides app-release and security teams quick verification that the target application meets the mobile app security and anti-fraud objectives before each release.
App-Specific Security Certification
Each Certified Secure™ certification includes an attestation and certification that the mobile app is protected by the Mobile App Security and Anti-Fraud features added to the Android and iOS app via Appdome, as follows:
This provides Appdome’s guarantee that the target build meets the mobile app security and anti-fraud objectives as of the date of the certification.
Complete Build History
Each Certified Secure™ certification includes the complete build history of the protected Android and iOS app on Appdome, as follows:
Who uploaded the app
Date and Time
Team ID (if applicable)
App ID
Bundle ID
Version Number
Dev Build Number
Team License type
Original App Size
Compliance and certification teams can instantly verify who built the security and ensure segregation of duties.
Security Template in Use
Each Certified Secure™ certification includes the specific mobile app security and anti-fraud feature template, called a Fusion Set™, used to protect the Android and iOS app, as follows:
Security Size Impact (increase in App size from security features implemented in the app)
Dev and release teams can manage security templates by release, by app(s), or by platform and trace security for apps back to specific templates placed in use at any point in the lifecycle of the app.
Android & iOS Security Plugin/Parameter Details
Each Certified Secure™ certification includes a complete list of security plugins and parameters chosen by the Appdome user and built into the application by the Appdome platform.
Plugins and parameters are the specific code sets that Appdome has added to implement the security features selected by Appdome customers.
Context Data
Each Certified Secure™ certification includes details and descriptions of any branding and other configurations added to secured Android and iOS apps via Appdome, as follows:
Who added Context
With which Fusion Set
Date and Time Context was added
Parameters
App icon
Favicon
App name
Version
Bundle ID
App-Signing Information
Each Certified Secure™ certification includes details and descriptions of any branding and other configurations added to secured Android and iOS apps via Appdome, as follows:
Sign Type (how the app was signed)
Who Signed the app
Fusion Set
Date and Time the app was signed
General data about the signature
Certificate SHA-256 Checksum
Final App SHA-256 Checksum
Advanced Enforcement Options
Details of Appdome Threat-Events that are in use
Threat Event Scoring Value
How to Download the Certified Secure Certificate For Any Mobile App on Appdome
Please follow the steps in this knowledge-based article on how to build apps with your desired features and successfully implement security features in your Android and iOS mobile apps.
Once you have successfully protected your app using Appdome, you can download Appdome’s Certified Secure™ certificate in one of the following ways:
Download the certificate from the platform notification email
After each successful build on the platform, you will receive a notification to the email of your Appdome account.
You can download the Appdome certificate by clicking on the download link. Then, you will be redirected to Appdome’s platform and the certificate will be downloaded automatically.
Download the certificate from the App Workflow Summary Screen
Navigate to the deploy tab.
Click on the marked Workflow Summary” button.
Click on the certified secure shield icon.
Alternatively, you can click the “Download My Built App” button to receive a PDF version of the Certified Secure Certificate.
You can download the previous build certificate by opening the build history and clicking on the download icon next to the chosen build.
You can also download the Certified Secure certificate using Appdome’s REST-APIs
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform, or feel free to request a demo at any time.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.
Want a Demo?
Certified Secure™ DevSecOps Certification
GilWe're here to help
We'll get back to you in 24 hours to schedule your demo.