How to Secure Android Apps in Fastlane
Introduction
This comprehensive guide is designed to help Appdome users integrate Appdome’s APIs with Fastlane in their CI/CD pipelines. By adhering to these steps, developers can enhance their development workflows to deploy secure and efficient mobile applications for both Android and iOS platforms.
Prerequisites
To ensure a smooth integration and setup, please make sure you have the following ready:
- An Appdome SRM account
- Appdome API token
- Fusion-Set ID
- Fastlane: Ensure Fastlane is installed on your system. For detailed installation instructions, refer to the Android Fastlane setup guide.
- Git
- Project Directory: Your project directory must already be set up with Fastlane.
Step-by-Step Instructions
1. Installing and Setting Up Fastlane
- Ensure Fastlane is installed and properly initialized within your project directory by following the setup guide.
- Ensure that
fastlane inithas been executed in your project directory.
2. Configure Fastlane for Appdome Integration
- build_app lane: Build your app and pass the path of the built app to the non_protected_app_path
- Adjust your projects
Fastfileto include configurations for Appdome’s APIs, focusing on automating security enhancements.
3. Creating Custom Lanes:
- Secure_with_appdome lane: Establishes a pathway to fetch and implement Bash API scripts from Appdome’s GitHub repository, securing your app using Appdome’s REST API.
build_secure_deploylane: This lane controls the build, secure, and deployment process. It specifies the path to the built app and calls thesecure_with_appdomelane with the necessary parameters.
Detailed Lane Configurations
build_secure_deploy lane: This lane orchestrates the build, secure, and deployment process, handling the non-protected app path and securing the app using Appdome’s API.
# build_secure_deploy lane:
desc "Main lane to control the build, secure, and deployment process"
lane :build_secure_deploy do
PATH_TO_BUILT_APP=BUILD_APP_LANE()
non_protected_app_path = PATH_TO_BUILT_APP
secured_app_path = secure_with_appdome(
appdome_api_token: "YOUR_APPDOME_TOKEN",
android_fs_id: "FUSION_SET_ID",
team_id: "TEAM_ID",
non_protected_app_path: non_protected_app_path, #PATH TO THE NON PROTECTED APP
keystore_file: "PATH_TO_KEYSTORE",
keystore_pass: "KEYSTORE_PASS",
keystore_alias: "KEYSTORE_ALIAS",
keystore_key_pass: "KEYSTORE_KEY_PASS",
output: "secured_app.apk")
UI.message("Secured located at #{secured_app_path}")
#Protected app deploy
#android_deploy(secured_app_path: secured_app_path)
endsecure_with_appdome lane: Utilizes the ‘appdome-API-bash’ wrapper, allowing Fastlane to execute a bash script that integrates (“fuses”) the app with Appdome’s security features.
This lane secures the app with Appdome, clones the necessary scripts from GitHub, processes the app file, and executes the Appdome API script with the provided parameters.
#APPDOME LANE
desc "Lane for secure the app with appdome"
lane :secure_with_appdome do |params|
repo_dir = './appdome_files'
# Remove the directory if it exists
if File.directory?(repo_dir)
sh "rm -rf #{repo_dir}"
end
sh "git clone https://github.com/Appdome/appdome-api-bash.git ./appdome_files"
non_protected_app_path = params[:non_protected_app_path]
api_token = params[:appdome_api_token] || ENV['APPDOME_API_TOKEN']
android_fs_id = params[:android_fs_id] || ENV['FUSION_SET_ID_ANDROID']
team_id = params[:team_id]
keystore = params[:keystore_file] || ENV['KEYSTORE_FILE']
keystore_pass = params[:keystore_pass] || ENV['KEYSTORE_PASSWORD']
keystore_alias = params[:keystore_alias] || ENV['KEYSTORE_ALIAS']
keystore_key_pass = params[:keystore_key_pass] || ENV['KEYSTORE_KEY_PASSWORD']
output = params[:output]
if File.exist?(non_protected_app_path)
file_name = File.basename(non_protected_app_path)
destination_path = File.join(Dir.pwd, file_name)
FileUtils.cp(non_protected_app_path, destination_path)
end
# Check if the 'KEYSTORE_FILE' environment variable is set
if ENV['KEYSTORE_FILE']
# Ensure the 'appdome_files' directory exists
FileUtils.mkdir_p('appdome_files')
# Fetch the environment variable, assuming it is the Base64 encoded content of the keystore
keystore_encoded = ENV['KEYSTORE_FILE'] # This line gets the actual environment variable content
# Decode the Base64 string
keystore_decoded = Base64.decode64(keystore_encoded)
# Write the decoded data to a file in binary mode to preserve exact bytes
File.open('./appdome_files/keystore.keystore', 'wb') do |f|
f.write(keystore_decoded)
end
# Update the keystore variable to the new path
keystore = "#{Dir.pwd}/appdome_files/keystore.keystore"
else
# Copy the keystore to the new location
FileUtils.cp(keystore, 'appdome_files/keystore.keystore') # Corrected the destination path
# Update the keystore variable to the new path
keystore = "#{Dir.pwd}/appdome_files/keystore.keystore"
end
UI.message("Output file name: #{output}")
command = "./appdome_api.sh"
args = [
"--api_key #{api_token}",
"--fusion_set_id #{android_fs_id}",
"--team_id #{team_id}",
"--app #{destination_path}",
"--sign_on_appdome",
"--keystore #{keystore}",
"--keystore_pass #{keystore_pass}",
"--keystore_alias #{keystore_alias}",
"--key_pass #{keystore_key_pass}",
"--output appdome_outputs/#{output}",
"--certificate_output appdome_outputs/CertificateSecure.pdf"
].join(' ')
# Run your script through the shell
Dir.chdir("#{repo_dir}") do
sh("#{command} #{args}")
end
secured_app_path = "#{Dir.pwd}/appdome_files/appdome_outputs/#{output}"
UI.message("App secured successfully with Appdome!")
UI.message("Secured located at #{secured_app_path}")
secured_app_path #Retun the path of protected app
end
Now you have an Appdome-protected app built with Fastlane. Make sure to return to the #android_deploy step.
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Related Articles:
- How to use Appdome’s Validate-2Secure Plugin for Jenkins
- How to use Appdome Build-2Secure in TeamCity
- How to Secure Android & iOS Apps in Jenkins CI/CD pipelines
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
