How to Verify SDK Assets and Libs
Verifying the integrity of your SDK’s assets and libraries is essential for ensuring its security and proper functioning. This guide outlines how to use Appdome’s verification feature to protect these crucial components.
What Are SDK Assets and Libraries?
In the context of software development, SDK assets and libraries are critical components of a Software Development Kit (SDK) that enable developers to integrate and use predefined functionality in their applications efficiently. Here’s a detailed explanation of each:
SDK Assets
Assets in an SDK refer to a variety of resources that are bundled with the SDK to support its functionality. These can include:
- Media Files: Images, audio, and video files that might be used within the application.
- Data Files: XML, JSON, or other configuration files that provide settings or data structures.
- Fonts and Icons: Custom fonts and icon packs that are used for UI consistency across the application using the SDK.
- Documentation: Help files, sample code, and other documents that assist developers in using the SDK effectively.
Assets are usually static, meaning they do not change at runtime, and are essential for the SDK to deliver its intended user experience and functionality.
SDK Libraries
Libraries, or libs, are collections of precompiled routines that a program can use. These are typically written in low-level languages like C or C++ and are essential for performance-critical parts of an application. In SDKs, libraries serve various purposes:
- Core Functionality: They provide the fundamental operations and capabilities upon which the SDK is built.
- Cross-Platform Support: Many libraries are compiled for different architectures (like Arm or x86) to ensure the SDK can operate across a variety of devices and platforms.
- Optimization: Libraries often handle tasks that require speed and efficiency optimization, such as graphics rendering, data encryption, or network operations.
Libraries are dynamically linked with the application at runtime, though in some SDKs, they might be statically linked (compiled into the application).
Both assets and libraries are integral to the structure and functionality of an SDK, ensuring that developers have the necessary tools and functions to build applications rapidly and effectively.
How Does Appdome Verify SDK Assets and Libraries?
Appdome’s “Verify SDK Assets and Libraries” feature ensures the integrity of these components by performing runtime checks to detect any unauthorized modifications. If alterations are found, the application can trigger an alert or prevent further execution, maintaining the SDK’s integrity.
Prerequisites for Using Verify SDK Assets and Libs:
Before you can utilize Verify SDK Assets and Libs, ensure you have the following:
- An active Appdome account, Create a free Appdome account here
- A license for Verify SDK Assets and Libs
- Your Mobile SDK (accepted formats include .aar for Android).
Step-by-Step Guide for Verifying SDK Assets and Libs
Follow these simple steps on Appdome to secure Android SDKs:
- Upload the Mobile SDK to Appdome.
- Upload Method: Choose either Appdome Console or DEV-API
- Android Formats: .aar
- Build the feature: Verify SDK Assets and Libs
Building Verify SDK Assets and Libs using Appdome’s DEV-API:
- Create and name the Fusion Set (security template) that will include the Verify SDK Assets and Libs feature.
Figure 1: Fusion Set that will contain the Verify SDK Assets and Libs feature
Note: Naming the Fusion Set according to the selected protections is optional and serves only for illustration purposes. - Follow the steps in the section Building the Verify SDK Assets and Libs feature via Appdome Console of this article to add the Verify SDK Assets and Libs feature to this Fusion Set
- Click the “…” symbol on the far-right corner of the Fusion Set to open the Fusion Set Detail Summary and copy the Fusion Set ID from the summary.
Figure 2: Fusion Set Detail Summary
Note: Annotating the Fusion Set to identify the protections selected is optional. - Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, App Center, Jenkins, Travis, Team City, or Circle CI:
- Look for sample APIs in Appdome’s GitHub Repository
- Build an API for the SDK – for instructions, see the tasks under Appdome API Reference Guide
Build the Verify SDK Assets and Libs feature via Appdome Console
-
- Create a Fusion Set as shown above.
- Where: Inside the Appdome Console, go to Build SDKProtect™ Tab > SDK Threat-Shielding section.
- How: Check whether SDK Threat-Shielding is active (toggled On). If necessary, enable it. By default, the Verify SDK Assets and Libs feature remains enabled.
Figure 3: Verify SDK Assets and Libs option
- When you enable SDK Threat-Shielding, the Fusion Set you created now bears the icon of the protection category that contains Verify SDK Assets and Libs.
Figure 4: Fusion Set that displays the newly added Verify SDK Assets and Libs protection
- Click Build My SDK at the bottom of the Build Workflow (shown in Figure 3).
Certify the Verify SDK Assets and Libs feature in Android Apps.
After building the Verify SDK Assets and Libs, Appdome generates a Certified Secure™ certificate to confirm the addition and protection of the Verify SDK Assets and Libs feature in the mobile SDK. To verify this, locate the protection in the Certified Secure™ certificate.
Figure 5: Certified Secure™ certificate
Each Certified Secure™ certificate gives DevOps and DevSecOps organizations a comprehensive workflow summary, an audit trail of each build, and evidence that the Verify SDK Assets and Libs feature is protecting each Android SDK.
Related Articles:
How to Encrypt Android SDK DBs
Automated SDK Protection & Appdome SDKProtect™
How to Obfuscate Mobile SDK Logic Using Appdome SDKProtect™
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.