How to Use Appdome's Feature Strip Export Names in iOS SDKs

Last updated September 10, 2024 by Appdome

What are Export Names?

Export names in iOS SDKs serve as identifiers for symbols such as functions, variables, and classes, enabling these elements to be externally accessible from a module. These identifiers are crucial for facilitating seamless integration between different software components. Managed through attributes like @_cdecl for C compatibility and @objc for Objective-C and Swift, these names define the interfaces that allow external code to link with and utilize the functionalities of a library or framework.

Why Strip Export Names?

Enhancing the security of your iOS SDK involves stripping export names, which makes it challenging for attackers to identify and manipulate critical functions. This security measure obscures the internal architecture and functionalities of the SDK, thereby reducing the risk of targeted exploits and unauthorized access. For SDK vendors, this practice is crucial in protecting intellectual property and ensuring that their software components remain secure against reverse engineering efforts.

Prerequisites for Using Strip Export Names

Before you can utilize the Strip Export Names feature, ensure you have the following:

Step-by-Step Guide for Using Strip Export Names

Follow these simple steps on Appdome to secure Android SDKs:

  1. Upload the Mobile SDK to Appdome.
    • Upload Method: Choose either Appdome Console or DEV-API
    • iOS Format: .xcframework.zip
  2. Build the feature: Strip Export Names

Building Strip Export Names using Appdome’s DEV-API:

  1. Create and name the Fusion Set (security template) that will include the Strip Export Names feature.
    New Fusion Set Strip Export Names
    Figure 1: Fusion Set that will contain the Strip Export Names feature
    Note: Naming the Fusion Set according to the selected protections is optional and serves only for illustration purposes.
  2. Follow the steps in the section Building the Strip Export Names feature via Appdome Console of this article to add the Strip Export Names feature to this Fusion Set
  3. Click the “…” symbol on the far-right corner of the Fusion Set to open the Fusion Set Detail Summary and copy the Fusion Set ID from the summary.
    Fsid
    Figure 2: Fusion Set Detail Summary
    Note: Annotating the Fusion Set to identify the protections selected is optional.
  4. Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, App Center, Jenkins, Travis, Team City, or Circle CI:

Build the Strip Export Names feature via Appdome Console

    1. Create a Fusion Set as shown above.
    2. Where: Inside the Appdome Console, go to Build SDKProtect™ Tab > SDK Threat-Shielding section.
    3. How: Toggle on Obfuscate SDK Logic > Strip Export Names.
    4. Exclude Specific Classes:
      • To ensure that essential functionality and integration capabilities are maintained, Appdome provides an option to exclude certain classes from the export name-stripping process:
        • Navigate to the “Strip Export Names” section.
        • Locate the “Exclude Specific Classes” field.
        • Enter the name of each class you need to exclude from obfuscation.
        • Click the ‘+ Add’ button to confirm each entry. This ensures that these classes retain their clear export names, facilitating necessary integrations and functionalities.
        • This exclusion process can be repeated for any class that requires clear visibility.

      Toggle Strip Export Names

      Figure 3: Strip Export Names option

    5. When you enable Strip Export Names, the Fusion Set you created now bears the icon of the protection category that contains Strip Export Names.
      Saved Fusion Set Verify Sdk Assets & Libs

      Figure 4: Fusion Set that displays the newly added Strip Export Names protection

    6. Click Build My SDK at the bottom of the Build Workflow (shown in Figure 3).
Congratulations! You have successfully added the Strip Export Names protection to your mobile SDK.

Certify the Strip Export Names feature in Android Apps.

After building the Strip Export Names, Appdome generates a Certified Secure™ certificate to confirm the addition and protection of the Strip Export Names feature in the mobile SDK. To verify this, locate the protection in the Certified Secure™ certificate.
Certificate Strip Export Names

Related Articles:

How to Encrypt Android SDK DBs

Automated SDK Protection & Appdome SDKProtect™

How to Obfuscate Mobile SDK Logic Using Appdome SDKProtect™

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

 

Appdome

Want a Demo?

SDK Security Integration

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.