How to Verify SDK Assets and Libs

Last updated September 10, 2024 by Appdome

Verifying the integrity of your SDK’s assets and libraries is essential for ensuring its security and proper functioning. This guide outlines how to use Appdome’s verification feature to protect these crucial components.

What Are SDK Assets and Libraries?

In the context of software development, SDK assets and libraries are critical components of a Software Development Kit (SDK) that enable developers to integrate and use predefined functionality in their applications efficiently. Here’s a detailed explanation of each:

SDK Assets
Assets in an SDK refer to a variety of resources that are bundled with the SDK to support its functionality. These can include:

  • Media Files: Images, audio, and video files that might be used within the application.
  • Data Files: XML, JSON, or other configuration files that provide settings or data structures.
  • Fonts and Icons: Custom fonts and icon packs that are used for UI consistency across the application using the SDK.
  • Documentation: Help files, sample code, and other documents that assist developers in using the SDK effectively.

Assets are usually static, meaning they do not change at runtime, and are essential for the SDK to deliver its intended user experience and functionality.

SDK Libraries
Libraries, or libs, are collections of precompiled routines that a program can use. These are typically written in low-level languages like C or C++ and are essential for performance-critical parts of an application. In SDKs, libraries serve various purposes:

  • Core Functionality: They provide the fundamental operations and capabilities upon which the SDK is built.
  • Cross-Platform Support: Many libraries are compiled for different architectures (like Arm or x86) to ensure the SDK can operate across a variety of devices and platforms.
  • Optimization: Libraries often handle tasks that require speed and efficiency optimization, such as graphics rendering, data encryption, or network operations.

Libraries are dynamically linked with the application at runtime, though in some SDKs, they might be statically linked (compiled into the application).
Both assets and libraries are integral to the structure and functionality of an SDK, ensuring that developers have the necessary tools and functions to build applications rapidly and effectively.

How Does Appdome Verify SDK Assets and Libraries?

Appdome’s “Verify SDK Assets and Libraries” feature ensures the integrity of these components by performing runtime checks to detect any unauthorized modifications. If alterations are found, the application can trigger an alert or prevent further execution, maintaining the SDK’s integrity.

Prerequisites for Using Verify SDK Assets and Libs:

Before you can utilize Verify SDK Assets and Libs, ensure you have the following:

Step-by-Step Guide for Verifying SDK Assets and Libs

Follow these simple steps on Appdome to secure Android SDKs:

  1. Upload the Mobile SDK to Appdome.
    • Upload Method: Choose either Appdome Console or DEV-API
    • Android Formats: .aar
  2. Build the feature: Verify SDK Assets and Libs

Building Verify SDK Assets and Libs using Appdome’s DEV-API:

  1. Create and name the Fusion Set (security template) that will include the Verify SDK Assets and Libs feature.
    New Fusion Set Verify Assets & Libs
    Figure 1: Fusion Set that will contain the Verify SDK Assets and Libs feature
    Note: Naming the Fusion Set according to the selected protections is optional and serves only for illustration purposes.
  2. Follow the steps in the section Building the Verify SDK Assets and Libs feature via Appdome Console of this article to add the Verify SDK Assets and Libs feature to this Fusion Set
  3. Click the “…” symbol on the far-right corner of the Fusion Set to open the Fusion Set Detail Summary and copy the Fusion Set ID from the summary.
    Fusion set ID
    Figure 2: Fusion Set Detail Summary
    Note: Annotating the Fusion Set to identify the protections selected is optional.
  4. Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, App Center, Jenkins, Travis, Team City, or Circle CI:

Build the Verify SDK Assets and Libs feature via Appdome Console

    1. Create a Fusion Set as shown above.
    2. Where: Inside the Appdome Console, go to Build SDKProtect™ Tab > SDK Threat-Shielding section.
    3. How: Check whether SDK Threat-Shielding is active (toggled On). If necessary, enable it. By default, the Verify SDK Assets and Libs feature remains enabled.
      Toggle Verify Sdk Assets & Libs

      Figure 3: Verify SDK Assets and Libs option

    4. When you enable SDK Threat-Shielding, the Fusion Set you created now bears the icon of the protection category that contains Verify SDK Assets and Libs.
      Saved Fusion Set Verify Sdk Assets & Libs

      Figure 4: Fusion Set that displays the newly added Verify SDK Assets and Libs protection

    5. Click Build My SDK at the bottom of the Build Workflow (shown in Figure 3).
Congratulations! You have successfully added the Verify SDK Assets and Libs protection to your mobile SDK.

Certify the Verify SDK Assets and Libs feature in Android Apps.

After building the Verify SDK Assets and Libs, Appdome generates a Certified Secure™ certificate to confirm the addition and protection of the Verify SDK Assets and Libs feature in the mobile SDK. To verify this, locate the protection in the Certified Secure™ certificate.
Certificate Verify Sdk Assets & Libs

Figure 5: Certified Secure™ certificate
Each Certified Secure™ certificate gives DevOps and DevSecOps organizations a comprehensive workflow summary, an audit trail of each build, and evidence that the Verify SDK Assets and Libs feature is protecting each Android SDK.

Related Articles:

How to Encrypt Android SDK DBs

Automated SDK Protection & Appdome SDKProtect™

How to Obfuscate Mobile SDK Logic Using Appdome SDKProtect™

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

 

Appdome

Want a Demo?

SDK Security Integration

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.