How to Use Appdome's Feature Strip Export Names in iOS SDKs
What are Export Names?
Export names in iOS SDKs serve as identifiers for symbols such as functions, variables, and classes, enabling these elements to be externally accessible from a module. These identifiers are crucial for facilitating seamless integration between different software components. Managed through attributes like @_cdecl for C compatibility and @objc for Objective-C and Swift, these names define the interfaces that allow external code to link with and utilize the functionalities of a library or framework.
Why Strip Export Names?
Enhancing the security of your iOS SDK involves stripping export names, which makes it challenging for attackers to identify and manipulate critical functions. This security measure obscures the internal architecture and functionalities of the SDK, thereby reducing the risk of targeted exploits and unauthorized access. For SDK vendors, this practice is crucial in protecting intellectual property and ensuring that their software components remain secure against reverse engineering efforts.
Prerequisites for Using Strip Export Names
Before you can utilize the Strip Export Names feature, ensure you have the following:
- An active Appdome account. Create a free Appdome account here
- A license for Strip Export Names
- Your Mobile SDK (accepted formats include .xcframework.zip for iOS).
Step-by-Step Guide for Using Strip Export Names
Follow these simple steps on Appdome to secure Android SDKs:
- Upload the Mobile SDK to Appdome.
- Upload Method: Choose either Appdome Console or DEV-API
- iOS Format: .xcframework.zip
- Build the feature: Strip Export Names
Building Strip Export Names using Appdome’s DEV-API:
- Create and name the Fusion Set (security template) that will include the Strip Export Names feature.
Figure 1: Fusion Set that will contain the Strip Export Names feature
Note: Naming the Fusion Set according to the selected protections is optional and serves only for illustration purposes. - Follow the steps in the section Building the Strip Export Names feature via Appdome Console of this article to add the Strip Export Names feature to this Fusion Set
- Click the “…” symbol on the far-right corner of the Fusion Set to open the Fusion Set Detail Summary and copy the Fusion Set ID from the summary.
Figure 2: Fusion Set Detail Summary
Note: Annotating the Fusion Set to identify the protections selected is optional. - Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, App Center, Jenkins, Travis, Team City, or Circle CI:
- Look for sample APIs in Appdome’s GitHub Repository
- Build an API for the SDK – for instructions, see the tasks under Appdome API Reference Guide
Build the Strip Export Names feature via Appdome Console
-
- Create a Fusion Set as shown above.
- Where: Inside the Appdome Console, go to Build SDKProtect™ Tab > SDK Threat-Shielding section.
- How: Toggle on Obfuscate SDK Logic > Strip Export Names.
- Exclude Specific Classes:
- To ensure that essential functionality and integration capabilities are maintained, Appdome provides an option to exclude certain classes from the export name-stripping process:
- Navigate to the “Strip Export Names” section.
- Locate the “Exclude Specific Classes” field.
- Enter the name of each class you need to exclude from obfuscation.
- Click the ‘+ Add’ button to confirm each entry. This ensures that these classes retain their clear export names, facilitating necessary integrations and functionalities.
- This exclusion process can be repeated for any class that requires clear visibility.
Figure 3: Strip Export Names option
- To ensure that essential functionality and integration capabilities are maintained, Appdome provides an option to exclude certain classes from the export name-stripping process:
- When you enable Strip Export Names, the Fusion Set you created now bears the icon of the protection category that contains Strip Export Names.
Figure 4: Fusion Set that displays the newly added Strip Export Names protection
- Click Build My SDK at the bottom of the Build Workflow (shown in Figure 3).
Certify the Strip Export Names feature in Android Apps.
After building the Strip Export Names, Appdome generates a Certified Secure™ certificate to confirm the addition and protection of the Strip Export Names feature in the mobile SDK. To verify this, locate the protection in the Certified Secure™ certificate.
Related Articles:
How to Encrypt Android SDK DBs
Automated SDK Protection & Appdome SDKProtect™
How to Obfuscate Mobile SDK Logic Using Appdome SDKProtect™
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
