Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.
Learn how to protect mobile apps with App Integrity/Structure Scan, Anti-Tampering, Detect Debugger Code Manipulations, Prevent Running on Simulators and Emulators, Checksum Validation, Anti-Debugging, Anti-Emulator, Obfuscate Built Services, and more.
This Knowledge Base article explains how you can use Appdome’s no-code mobile RASP to harden any mobile app and protect against tampering, dynamic analysis, reverse engineering, debugging, emulators, and more.
We hope you find it helpful and enjoy using Appdome!
ONEShield™ is Appdome’s mobile RASP solution which includes Anti-Tampering, Anti-Debugging, Anti-Emulator protections, and other features – making Appdome the single most comprehensive solution for mobile app protection.
The Appdome platform adds ONEShield™ to every app our customers build on Appdome, so each app gets equipped with advanced mobile app hardening automatically! Whether you’re building Appdome Mobile Security Suite, EMM SDKs, or an Identity SDK, your app will automatically be protected with ONEShield advanced app shielding.
The app you are building on Appdome can be built with any native tool, such as Xcode for iOS or Android Studio, or any other framework, including hybrid and cross-platform frameworks such as Maui, Xamarin, Cordova, React Native, and Flutter. ONEShield™ by Appdome supports only ARM 64-bit architectures.
Anti-Debugging will do the following, depending on the platform:
Detect Debugger Code Manipulations: Appdome actively detects and blocks any code manipulations performed by debuggers and other dynamic analysis tools during the app run-time. This includes blocking hooking frameworks and attack methods that include techniques such as method hooking, function hooking, and API hooking.
Anti-Tampering – Protects against all of the following:
Checksum Validation – Checksum validation calculates a cryptographic hash (a unique fingerprint of information, binary data, and assets), and validates the hash at runtime, detecting any modifications to the app, app resources, configuration elements, and more.
App Integrity and Structure Scan – App integrity and structure scan check the app’s composition, data structure, data elements, and communication paths to validate the integrity and authenticity of the app, as well as to detect elements within the app that could be used as attack vectors (such as unknown or malicious URLs).
Appdome looks for weakening elements in the application, such as malicious URLs.
Obfuscate Built Services: Obfuscates Appdome’s code and the new customer-selected services added to the app during Fusion. In addition, the data embedded in Appdome’s code will be encrypted to prevent common “recon” attacks (like searching for strings in the code).
Note: 3rd party services will not be obfuscated. For example, the code responsible forTOTALDataTM Encryption will be obfuscated, while for VMWare Workspace ONE (AirWatch), only the adapter code that glues the SDK to the application will be obfuscated, the VMWare Workspace ONE (AirWatch) code will remain as it is.
Prevent Running on Simulators – A standard method for attackers to compromise mobile apps is to run the app on a simulator, observe the app’s behaviors and study how it functions in a running environment (a process called dynamic code analysis). Appdome detects when the app is running on a simulator and disconnects the app.
Prevent Running on Emulators – Detects if the app is running on an emulator. Emulators can be used to reverse engineer, hack your application, and sniff its communications, making it a security threat.
After selecting and clicking Build My App, in about 20 – 40 seconds, your app will be protected with ONEShield™”.
Follow these step-by-step instructions to add ONEShield™ to Any Mobile App in seconds:
Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.
After you have added ONEShield™ to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read the Knowledge Base article How to Update App Icon Branding in Secure Android & iOS Apps.
In order to deploy an Appdome-Built app, the app must be signed. Signing iOS apps and Signing Android apps on Appdome is easy. Alternatively, you can use Private Signing, download your unsigned app, and sign locally using your own signing methods.
Once you have signed your Appdome-Built app, you can deploy it using your distribution method of choice. For more information on deploying your Appdome-Built apps, please read the Knowledge Base article How to Auto Publish Secured Android & iOS Apps to app stores.
That is it – Enjoy Appdome’s ONEShield™ protection in your app!
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.