ONEShield™ No-Code Mobile RASP Explained

This Knowledge Base article explains how you can use Appdome’s no-code mobile RASP to harden any mobile app and protect against tampering, dynamic analysis, reverse engineering, debugging, emulators, and more.

We hope you find it helpful and enjoy using Appdome!

About ONEShield Mobile App Shielding/App Hardening

ONEShield™ is Appdome’s mobile RASP solution which includes Anti-Tampering, Anti-Debugging, Anti-Emulator protections, and other features – making Appdome the single most comprehensive solution for mobile app protection.

The Appdome platform adds ONEShield™ to every app our customers build on Appdome, so each app gets equipped with advanced mobile app hardening automatically! Whether you’re building Appdome Mobile Security Suite, EMM SDKs, or an Identity SDK, your app will automatically be protected with ONEShield advanced app shielding.

The app you are building on Appdome can be built with any native tool, such as Xcode for iOS or Android Studio, or any other framework, including hybrid and cross-platform frameworks such as Maui, Xamarin, Cordova, React Native, and Flutter. ONEShield™ by Appdome supports only ARM 64-bit architectures.

ONEShield™ includes all of the following app hardening features:

Anti-Debugging

Anti-Debugging will do the following, depending on the platform:

• iOS:
  • Connecting a debugger will cause the debugging client (lldb) to halt.
  • After a sufficient wait time, the debug session will terminate and the debugger will crash.
• Android:
  • Attempting to attach to the process with a debugger, tracing tool, or code injectors will result in the app misbehaving in random and unpredictable ways. The app will eventually terminate.
  • Attempting to debug the Java Virtual Machine (JVM) using JDB (or anything that utilizes the JDWP protocol) will disconnect the debugger automatically.

Detect Debugger Code Manipulations: Appdome actively detects and blocks any code manipulations performed by debuggers and other dynamic analysis tools during the app run-time. This includes blocking hooking frameworks and attack methods that include techniques such as method hooking, function hooking, and API hooking.

Anti-Tampering

Anti-Tampering – Protects against all of the following:

• Resigning the application
• Attempting to Modify the Appdome adapter
• Modifying the application’s executable
  • iOS: Main executable (see the structure of an iOS application)
  • Android: DEX files (see the structure of an Android application)
• Repackaging the app

Checksum Validation – Checksum validation calculates a cryptographic hash (a unique fingerprint of information, binary data, and assets), and validates the hash at runtime, detecting any modifications to the app, app resources, configuration elements, and more.

App Integrity and Structure Scan – App integrity and structure scan check the app’s composition, data structure, data elements, and communication paths to validate the integrity and authenticity of the app, as well as to detect elements within the app that could be used as attack vectors (such as unknown or malicious URLs).
Appdome looks for weakening elements in the application, such as malicious URLs.

Anti-Emulator

• In iOS apps, the Anti-Emulator feature obfuscates selector references in the primary executable (which prevents cross-reference searches).
• In Android apps, the Anti-Emulator feature obfuscates all plaintext strings in DEX files.

Obfuscate Built Services: Obfuscates Appdome’s code and the new customer-selected services added to the app during Fusion. In addition, the data embedded in Appdome’s code will be encrypted to prevent common “recon” attacks (like searching for strings in the code).

Note: 3rd party services will not be obfuscated. For example, the code responsible forTOTALData^TM Encryption will be obfuscated, while for VMWare Workspace ONE (AirWatch), only the adapter code that glues the SDK to the application will be obfuscated, the VMWare Workspace ONE (AirWatch) code will remain as it is.

Prevent Running on Simulators – A standard method for attackers to compromise mobile apps is to run the app on a simulator, observe the app’s behaviors and study how it functions in a running environment (a process called dynamic code analysis). Appdome detects when the app is running on a simulator and disconnects the app.

Prevent Running on Emulators – Detects if the app is running on an emulator. Emulators can be used to reverse engineer, hack your application, and sniff its communications, making it a security threat.

After selecting and clicking Build My App, in about 20 – 40 seconds, your app will be protected with ONEShield™”.

 

Follow these step-by-step instructions to add ONEShield™ to Any Mobile App in seconds:

Upload a Mobile App to Your Account

Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

1. Click the Build tab.
2. In the top menu, select any category (eg: Security, Management, Access, Identity, Mobile Threat, etc).
3. (optional) switch on the feature and add any configuration or input requirements (if needed).
4. Click Build My App.

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Related Articles

• How to Automatically Validate Android and iOS App Logic & File Structure in CI/CD
• How to Prevent Running on Simulators in Android & IOS Apps
• How to Prevent Static App Patching in Android Apps
• How to Prevent Android Apps from Running on Emulators