How to Obfuscate Mobile SDK Logic Using Appdome SDKProtect™

Summary: This article provides a comprehensive guide on how to use Appdome’s platform to enhance the security of your mobile SDKs. Here, we’ll cover the essential steps from uploading your SDK to downloading the secured version, including how to handle potential error messages and understand the fusion sets.

What is SDK Logic?

SDK logic encompasses the core operational functions and algorithms of a Software Development Kit (SDK) that dictate how it interacts with other applications and services. This includes data processing routines, communication protocols, and security mechanisms inherent to the SDK. SDK Logic is fundamental to the performance and functionality of the SDK, enabling it to perform its intended tasks efficiently and securely.

Why It’s Important to Obfuscate SDK Logic

Obfuscating mobile SDK logic is crucial because it protects the SDK from being easily understood or manipulated by malicious actors who perform reverse engineering. By making the code more difficult to read, analyze, and understand, obfuscation helps prevent reverse engineering and tampering. This ensures that sensitive data handling routines, communication protocols, and other critical operations remain secure, thereby protecting the integrity and security of the mobile applications that rely on these SDKs. Obfuscation adds a vital layer of defense, making it significantly harder for attackers to exploit vulnerabilities within the SDK.

Prerequisites for Using Obfuscate SDK Logic with Appdome SDKProtect™

Before starting the process of securing your SDK with Appdome, ensure you have the following:

• • Appdome account (create a free Appdome account here)
  • A license for SDKProtect™
  • A valid .aar file or iOS framework- Confirm your SDK is in one of these formats, which are standard for Android and iOS development.

Uploading Your SDK to Appdome

To begin protecting your SDK with Appdome, first, upload your SDK’s source files to the platform:

• • 1. Log in to your Appdome account.
    2. Navigate to the + Start button.
       
    3. Click on ‘Upload SDK’ and select the SDK files from your machine. Make sure the files are in the correct format specified by Appdome for seamless integration.
    4. Upload Method: Choose between Appdome Console or DEV-API
    5. SDK Formats: An .aar or iOS Framework file
       

Handling Error Messages During Upload

If any issues arise during the upload, Appdome will display an error message detailing the problem. This could be due to the file being incomplete, improperly packaged, or not a valid ZIP archive. Address these errors promptly to proceed with securing your SDK.

Understanding Fusion Sets

Fusion Sets are security templates that allow you to select specific security functionalities to integrate with your SDK. Fusion Sets can include options like “Obfuscate SDK Logic”, “Encrypt SDK Strings”, and “Protect SDK Resources”, among others. By selecting appropriate fusion sets, you customize the security features to meet the specific needs of your SDK, ensuring optimal protection.

For more details on Fusion Sets, see How to Manage Fusion Set Security Templates iOS/Android.

Shielding Your SDK on Appdome

To build the Obfuscate App Logic protection using Appdome Console, follow the instructions below.

• • 1. 1. Where: Inside the Appdome Console, go to Build SDKProtect™ > SDK Threat-Shielding section.
       2. How: Toggle on SDK Threat-Shielding. The feature Obfuscate SDK Logic is enabled by default, as shown below.
          

          Figure 3: SDK Threat-Shielding option

       3. When you select SDK Threat-Shielding, you’ll notice that the Fusion Set you created now bears the icon of the protection category that contains SDK Threat-Shielding.

          

          Figure 4: Fusion Set that displays the newly added Obfuscate SDK Logic protection

          Click Build My SDK at the bottom of the Build Workflow (shown in Figure 4).

Downloading Your Secured SDK

• • 1. Go to the ‘Download’ tab on the Appdome platform
    2. Find your recent build and click on ‘Download My Built SDK’.
       This downloaded SDK is now enhanced with robust security features and is ready for integration into your client apps.
       

Certified Secure 

This certificate verifies that Appdome has secured your SDK (com.android.sdk.id) with specific security features, as identified in the certification details. Issued to your secured SDK, this certificate details the implementation of Appdome’s SDK Threat Shielding, and SDK Threat Intelligence features that you have chosen to build into your SDK.

Conclusion

Appdome offers a powerful, user-friendly platform for SDK vendors to enhance the security of their mobile SDKs. By following the steps outlined above—from meeting the prerequisites to downloading the secured version—you ensure that your SDK is not only more secure but also maintains functionality and reliability in client applications.

Related Articles:

• • • API for Building an App/SDK
    • How to Use Appdome SDKProtect to Secure Mobile SDKs
    • Get Your SDK on Appdome

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.