Accelerate Protected Mobile Apps with Baseline Profiles

Last updated November 18, 2024 by Appdome

Discover how to effectively enhance Android app performance by customizing your app with Baseline Profile through Appdome’s Data-Driven DevSecOps™ build system, either via our platform or API.

What is the Baseline Profile Optimization Feature?

Appdome’s integration with Baseline Profile enables Android developers to enhance application performance through Ahead-of-Time (AOT) compilation by optimizing specified code paths. The Baseline Profile consists of a .txt file that lists methods and their respective “hotness” levels, determined by various flags. Developers create this file using Android Studio, which then compiles it into a .prof file—an index of methods within the application’s DEX files. Additionally, a .profm file is used to make it compatible with different versions of the Android Runtime (ART).

When Appdome protections are applied, the original DEX files are modified, rendering the existing .prof file inaccurate as it no longer corresponds to the methods listed in the .txt file. Appdome addresses this by regenerating the .prof file according to the protected APK, ensuring that performance enhancements remain effective after security measures are implemented.

How Does Appdome Protect Mobile Apps with Baseline Profile Optimization?

Appdome provides the option to upload profile.txt files via the –baseline_profile switch. Once uploaded, Appdome regenerates the baseline.prof file to align with the protected app, replacing the original .prof file. This process ensures that the performance optimizations are preserved even after security protections are applied.

The feature is implemented through Appdome’s API to facilitate seamless integration and customization within CI/CD pipelines, ensuring that Baseline Profile management is dynamic and aligned with each new build from Android Studio. This approach is operational from a customer’s standpoint as it allows setting up the profile programmatically rather than through the UI, which is crucial since the file changes with every build.

Prerequisites for Using App Customization with Baseline Profile:

To use Appdome’s mobile app security build system to Customize an App with a Baseline Profile, you’ll need the following:

Steps to Integrate Baseline Profile:

  1. Designate the mobile app to be protected.
    1.1 Upload a mobile app via the Appdome Mobile Defense platform GUI or via Appdome’s DEV-API or CI/CD Plugins.
    1.2 Android Formats: .apk or .aab / iOS Formats: .ipa
    1.3 Accelerate Protected App with Baseline Profiles is compatible with Java, JS, C++, C#, Kotlin, Flutter, React Native, Unity, Xamarin, Cordova, and other Android apps.

  2. Select the defense: Accelerate Protected App with Baseline Profiles.
    2.1. Create and name the Fusion Set (security template) that will contain the Accelerate Protected App with Baseline Profiles feature as shown below:
    Create New Fusion Set (security Template) For The Oneshield Feature Accelerate Protected App With Baseline Profiles

    Figure 1: Fusion Set that will contain the Prevent Logging Attacks feature
    Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).

    2.1.1 When you select the {Feature Name}, you’ll notice that the Fusion Set you created in step 2.1.1 now bears the icon of the protection category that contains {Feature Name}.
    Saved security template with the baseline profile feature added

    Figure 2: Fusion Set that displays the newly added Accelerate Protected App with Baseline Profiles protection.
    Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory).
    2.1.2 Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set. Copy the Fusion Set ID from the Fusion Set Detail Summary (as shown below):Copy Fs Id

    2.2 Add the Accelerate Protected App with Baseline Profiles
    2.2.1 Navigate to the Build > ONEShield™ tab section in the Appdome Console.
    2.2.2 The checkmark feature Accelerate Protected App with Baseline Profiles is enabled by default, as shown below.
    2.2.3 Upload your Baseline Profile file.

    Toggle Accelerate Protected App With Baseline Profiles

    Figure 3: Selecting {Feature Name}
    Note: The Appdome platform displays the Mobile Operating System supported by each defense in real-time. For more details, see our OS Support Policy KB.

  3. Initiate the build command either by clicking Build My App or via your CI/CD.

Via Appdome API 

  1. Setup your API call
    • Prepare to make a POST request to the appropriate Appdome API endpoint.
    • Refer to the image provided for the correct parameter setup:
      API Parameter Setup
  2. Configure the API Parameters:
    • app_id: The unique identifier for your app obtained from the upload response.
    • fusion_set_id: The Fusion Set ID you copied earlier.
    • action: Set this to “fuse” to initiate the integration process.
    • Baseline_profile: Attach the profiles.zip file containing your Baseline Profile.
  3. Send the API Request
    • Appdome’s system will process the Baseline Profile along with your specified Fusion Set and apply the necessary configurations to your app.
  4. Verify the Integration

For detailed guidance on how to upload and integrate your Baseline Profile via Appdome’s API, please refer to the Appdome API documentation.

Congratulations!  Your Baseline Profile has now been added to the mobile app.

After successfully integrating the Baseline Profile, your Android app will benefit from optimized performance through the enhanced specific code paths. This integration not only improves app performance but also maintains the efficacy of security measures provided by Appdome.

This streamlined process simplifies the integration of performance optimization features without the need for manual adjustments in the Fusion Set, allowing for greater flexibility and efficiency in your CI/CD pipeline.

Related Articles:

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

Appdome

Want a Demo?

Mobile RASP Security

AlanWe're here to help
We'll get back to you in 24 hours to schedule your demo.