How to Use Appdome SDKProtect to Secure Mobile iOS SDKs
Introduction to Appdome SDKProtect for iOS
Appdome SDKProtect™ enables mobile SDK developers to quickly and easily create protected and threat-aware versions of their mobile SDKs, reducing fraud and ensuring compliance. SDKProtect™ is precisely engineered to secure mobile SDKs against a wide variety of threats. This article provides a step-by-step guide for SDK mobile developers and SDK vendors on how to use SDKProtect™ to secure their iOS SDKs, focusing on the xcframework.zip format.
Prerequisites
Before starting the process of securing your SDK with Appdome, ensure you have the following:
- An Appdome account (create a free Appdome account here)
- A license for SDKProtect™
- A valid iOS xcframework.zip file
- Add input threat event permissions to your xcframework. For more details, see: How to use SDK Input Threat Events for iOS XCFrameworks
Key Features of SDKProtect
SDK Threat Shielding encrypts, obfuscates, and safeguards SDK components, fortifying them against cyber threats for enhanced security.
- Obfuscate SDK Logic – Obfuscated SDK classes and methods from reverse engineering.
- Obfuscate Objective-C – Obfuscate Objective-C class and method names in the SDK binary.
- Obfuscate Swift Metadata – Scrambles class hierarchies, method details, and type structure in SDK Swift Metadata.
- Strip Export Names – Removes the index that associates symbol names with addresses.
- Verify SDK Integrity – Ensures that the SDK assets and libraries have not been tampered with or altered.
- Obfuscate SDKProtect™ – Obfuscates the SDK logic to make it harder for attackers to reverse-engineer the SDK.
- Encrypt SDK DBs – Protects the data created by the SDK on the device by establishing a secure data container. This prevents the application from accessing the SDK’s encrypted data.
- Encrypt SDK Preferences: Encrypts the SDK preferences/settings to prevent unauthorized access.
- Prevent Logging Attack—This feature prevents log function calls in an iOS device, protecting sensitive data from leaking to malicious actors.
- Protect Info.plist – Encrypts specific keys within the Info.plist files.
- SDK MiTM Defense: Protects the data created by the SDK on the device by establishing a secure data container. This prevents the application from accessing the SDK’s encrypted data.
- Secure Certificate Pinning: Secure Certificate Pinning securely stores the certificate(s) of known trusted servers in the SDK and validates the authenticity of the certificate before the connection is established.
SDK Threat Intelligence
Threat Intelligence combines the power of Threat-Shielding and Mobile Risk Evaluation with the following visibility and control options.
-
- Threat-Monitoring – Identifies and reports any risk anomalies found in the SDK and transmits the data to ThreatScope™ for enhanced security oversight.
- Threat-Streaming – Provides regular updates on the SDK’s health status during runtime and alerts to any possible threats to ensure operational safety.
- Jailbreak Detection: Detects users attempting to run your application on a jailbroken device.
- Simulator Detection: Detects if the SDK is running on a simulator.
- Detect Debugging: Identifies if the SDK is being debugged.
- Detect App is Debuggable: Detects when a debugger is attached to the SDK or the SDK is marked as Debuggable.
- Detect Hooking Frameworks: Identifies if any hooking frameworks are being used to manipulate the SDK.
- Anti-Swizzling: Detects and prevents malicious method swizzling.
- Detect FaceID Bypass: Detects when an attacker tries to bypass FaceID or facial recognition using deep fake methods.
Workflow for Securing iOS SDKs with SDKProtect
- Upload an SDK file
- Drag and drop a
xcframework.zipfile or browse to upload the SDK.
- Drag and drop a
- Create and name the Fusion Set (security template) that will contain the SDK Threat-Shielding feature as shown below:
- Building the SDK Threat-Shielding & SDK Threat Intelligence feature via Appdome Console
To build the SDK Threat-Shielding & SDK Threat Intelligence protection using Appdome Console, follow the instructions below.- How: Toggle (turn ON) SDK Threat-Shielding, as shown below
- How: Toggle (turn ON) SDK MiTM Defense, as shown below
- How: Toggle (turn ON) Threat Monitoring and Threat Streaming, as shown below
- Select which features you want to turn on, such as Jailbreak Detection, Simulator Detection, Detect Debugging, Detect Hooking Frameworks, and Detect FaceID Bypass.
- Click on Build My SDK to initiate the build process.
- Sign On Appdome (Recommended)
- P12 File: Mandatory for signing.
- Password: Mandatory for signing.
- Click Sign My SDK
- Private Signing
- Select the option Private Signing from the drop-down menu.
For more details on how to privately sign your SDK, see How to Sign an xcframework.zip iOS SDK on Appdome.
- Select the option Private Signing from the drop-down menu.
- Download SDK
- After building and signing, click on “Download” to retrieve the signed SDK.
- After building and signing, click on “Download” to retrieve the signed SDK.
About Appdome Mobile SDK Threat-Events
Appdome Threat-Events use industry-standard notification methods to pass events from the Appdome layer back to the SDK so that the SDK can take further action whenever Appdome detects malicious events against an Appdome-protected SDK.
When Appdome detects a security event, the event can be handled in one of the following ways:
In-App Detection
Appdome detects the attack or threat and passes the event in a standard format to the SDK for processing (your SDK chooses how and when to enforce it).
In-App Defense
When a security violation such as debugging, hooking, or swizzling is detected within the Appdome-protected SDK during app runtime, Appdome sends the event data directly to the SDK. This enables Appdome to apply predefined security protocols, which might include terminating the app session to prevent further exposure.
Enforce Connection Only (for SDK MiTM Defense only):
When Appdome detects a security event, it passes the event from the Appdome layer to the SDK and blocks the connection that triggered the event.
Block Debugging (for iOS only)
When the Block Debugging threat event is triggered, Appdome blocks the unauthorized debugging attempt and sends an event notification to the SDK interface.
Note: If you wish to use Threat Events with the above SDK features, please make sure that your SDK includes the correct implementation.
Example
For more details on SDK Threat Events, see How to use SDK Input Threat Events for iOS XCFrameworks
Certified Secure
This certificate verifies that Appdome has secured your SDK (com.iOS.sdk.id) with specific security features, as identified in the certification details. Issued to your secured SDK, this certificate details the implementation of Appdome’s SDK Threat Shielding and SDK Threat Intelligence features that you have chosen to build into your SDK.
Appdome offers a powerful, user-friendly platform for SDK vendors to enhance the security of their mobile SDKs. By following the steps outlined above—from meeting the prerequisites to downloading the secured version—you ensure that your SDK is not only more secure but also maintains functionality and reliability in client applications.
Related Articles:
- How to Obfuscate SDK Logic using Appdome SDKProtect™
- Automated SDK Protection – Appdome SDKProtect™
- How to Use Appdome SDKProtect to Secure Mobile SDKs
- How to use SDK Input Threat Events for iOS XCFrameworks
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
