How to Use Appdome ThreatID™ In Mobile Bot Defense Using AI

What Is Appdome ThreatID?

Threat IDs are unique numerical codes that correspond to specific mobile security threats detected by Appdome’s Mobile Bot defense. Each detected threat, such as rooting, tampering, or unauthorized access, is assigned a distinct Threat ID. These IDs are shared with security gateways like Web Application Firewalls (WAFs) to communicate the nature of the threat in real time. By using these codes, security systems can take immediate action—blocking, logging, or permitting requests—without requiring in-depth analysis.

Threat IDs streamline the response to complex attack vectors by providing clarity and precision in threat identification and mitigation. Ultimately, this prevents attacks that could lead to data breaches, fraud, and unauthorized access.

How Appdome Protects Mobile Apps With Threat IDs?

Appdome generates Threat IDs by monitoring the mobile environment and identifying potential security risks, such as rooted devices, emulator usage, or network anomalies. Each detected threat is assigned a specific ID, which is communicated to connected security systems like WAFs. This enables real-time actions such as session termination, request blocking, or threat logging.

Threat IDs can also be analyzed in Appdome’s Resolution Center, where security teams can gain deeper insights into threat patterns and develop targeted countermeasures. By automating this process, Appdome ensures robust, responsive, and detailed threat protection across mobile apps.

Prerequisites to Using Appdome ThreatID™:

To use Appdome’s ThreatID™ , you’ll need:

• Appdome account (create a free Appdome account here)
• A license for Mobile Bot Defense
• Mobile App (.ipa for iOS, or .apk or .aab for Android)
• Signing Credentials (see Signing Secure Android apps and Signing Secure iOS apps)

Note: The “Appdome ThreatID” is integrated within the “Session Headers” feature. For your convenience, there’s no need to construct separate fusion sets—simply build one comprehensive set for “Session Headers” to include the Appdome ThreatID™ functionality.

How to use Appdome ThreatID™

On Appdome, follow these 3 simple steps to create self-defending Mobile Apps that create Appdome ThreatID™ without an SDK or gateway:

1. Upload the Mobile App to Appdome
   • Upload an app to Appdome’s Mobile App Security Build System
   • Upload Method: Appdome Console or DEV-API
   • Mobile App Formats: .ipa For iOS device or .apk or .aab
   • Appdome ThreatID™: Obj-C, Java, JS, C#, C++, Swift, Kotlin, Flutter, React Native, Unity, Maui, Xamarin, and more
2.  Build the feature: Session Headers
   • Build Session Headers using Appdome’s DEV-API:
   • Create and name the Fusion Set (security template) that will contain the Session Headers feature as shown below:
     
     Figure 1: Fusion Set that will contain the Session Headers feature
     Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).
   • Follow the steps in Section, Building the Session Headers feature via Appdome Console, to add the Appdome ThreatID feature to this Fusion Set.
   • Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set, as shown in Figure 1 above, and get the Fusion Set ID from the Fusion Set Detail Summary (as shown below)
     
     Figure 2: Fusion Set Detail Summary
     
     Note: Annotating the Fusion Set to identify the protection(s) selected is optional (not mandatory).
     
   • Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit, such as Bitrise, App Center, Jenkins, Travis, Team City, Circle CI, or other systems.
   • Build an API for the app – for instructions, see the tasks under Appdome API Reference Guide
   • Look for sample APIs in Appdome’s GitHub Repository.

Building the Session Headers feature via Appdome Console

1. To build the Session Headers protection using Appdome Console, follow the instructions below:
2. Where: Inside the Appdome Console, go to Build > Anti Bot Tab > MobileBOT™ Defense section
3. How: Toggle (turn ON) Session Headers, as shown below.
   
   Figure 3: Validate Session Headers
   When you select Session Headers, you’ll notice that the Fusion Set you created now bears the icon of the protection category that contains Session Headers
   Figure 4: Fusion Set that displays the newly added Session Headers protection
4. Click Build My App at the bottom of the Build Workflow (shown in Figure 3).
5. Certify the Session Headers feature in Mobile Apps.

After building Session Headers, Appdome generates a Certified Secure™ certificate to guarantee that the Session Headers protection has been added and is protecting the app. To verify that the Session Headers protection has been added to the mobile app, locate the protection in the Certified Secure™ certificate as shown below:

Figure 5: Certified Secure™ certificate

Each Certified Secure™ certificate provides DevOps and DevSecOps organizations with the entire workflow summary, audit trail of each build, and proof of protection that Session Headers have been added to each Mobile app. Certified Secure provides instant and in-line DevSecOps compliance certification that Session Headers and other mobile app security features are in each build of the mobile app.
Using Appdome, there are no development or coding prerequisites to build secured Mobile Apps using Session Headers. There is no SDK and no library to code or implement in the app and no gateway to deploy in your network. All protections are built into each app and the resulting app is self-defending and self-protecting.

Releasing and Publishing Mobile Apps with Session Headers

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:

• Customizing, Configuring & Branding Secure Mobile Apps
• Deploying/Publishing Secure mobile apps to Public or Private app stores
• Releasing Secured Android & iOS Apps built on Appdome.