How to use Threat-EKG with Appdome's Mobile EDR
What is Threat-EKG?
Threat-EKG™ offers real-time monitoring and protection for applications on wearable and mobile devices, ensuring secure communications even without a traditional network connection. By utilizing threat events, Threat-EKG™ provides regular updates on the device’s health status to support secure operations.
How Does Threat-EKG Protect Mobile Enterprise Apps & Wearable Devices
Threat-EKG™ establishes a comprehensive security framework for both wearable and mobile devices, ensuring their communication with mobile apps and servers remains secure by enforcing mobile threat detection and defense data across the entire enterprise infrastructure, including the mobile app, server, IAM, UEM, or WAF.
Here’s how it functions:
Payload Generation: Threat-EKG sends payloads containing critical information about the wearable or mobile device’s status, including risk session status, safe session status, payload timestamp, nonce, Appdome Signed Payload, Appdome ThreatID™, and Appdome AppID™.
Secure Transmission: These payloads are transmitted securely across various mediums, ensuring secure communication between wearables and mobile devices, even in the absence of traditional network connections.
Threat Events: Threat-EKG facilitates communication to the server through Threat-Events sent from Appdome to the mobile app, updating the mobile or wearable device health status and alerting the mobile app to potential threats.
For further information on Threat Events, please refer to the knowledge base article: Threat-Events™, In-App Threat Intelligence in Mobile Apps
Data Encryption: In secure sessions, Threat-EKG encrypts the payloads, ensuring that sensitive information, such as the app’s health data, cannot be intercepted by attackers. This protects both the wearable and the connected mobile app from unauthorized access.
Prerequisites for Using Threat-EKG:
To use Appdome’s mobile app security build system to Enforce Threat-EKG, you’ll need:
- Appdome account (create a free Appdome account here)
- A license for Threat-EKG
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
- Signing Credentials (see Signing Secure Android apps and Signing Secure iOS apps)
Overview of Appdome Mobile Endpoint Detection & Response Features
In addition, Threat-EKG includes an optional Mobile Device & Connection Risk assessment for several different threat types.
All Mobile Device & Connection Risk features include the option to set DEVICETrust™ levels.
To learn more about DEVICETrust™, please refer to this knowledge base article:
How to use DEVICETrust™ with MobileBOT™ Defense
Standard Device & Connection Risk
MiTM Attack – Validate the authenticity of trusted communication sessions initiated with the app.
Root – Detect Root and include a signal in the Threat-EKG™payload.
Magisk – Detect Magisk and include a signal in the Threat-EKG™ payload.
Frida Toolkits – Detect Frida Toolkits and include a signal in the Threat-EKG™ payload.
Emulators – Detect Emulators and include a signal in the Threat-EKG™ payload.
Simulators – Detect Simulators and include a signal in the Threat-EKG™ payload.
Advanced On-Device Bot Detection
Auto Clicker – Detects automated click bots, non-human patterns, and out-of-context sources and includes a signal in the Threat-EKG™ payload.
Virtualization – Detects if the app is running in a virtualized environment and signals the Threat-EKG™ payload.
Custom Frida – Detects non-official Frida builds that modify identifiers to try to avoid detection and include a signal in the Threat-EKG™ payload.
Shell Code – Prevent shellcode from executing inside the app by including a signal in the Threat-EKG™ payload.
Anti Swizzling – Detects malicious method swizzling and includes a signal in the Threat-EKG™ payload.
Note: The Anti-Swizzling feature is only available for iOS apps.
Dual Space – Detects if your app is running in a second space and includes a signal in the Threat-EKG™ payload.
Memory Editing – Detects advanced debugging techniques that leverage memory tracing and include a signal in the Threat-EKG™ payload.
Android Players – Detects the use of App Players running in your app, such as Nox and Memu, and includes a signal in Threat-EKG™ payload.
In this way, Threat EKG provides comprehensive protection for wearable devices and ensures the integrity of their communication with mobile apps and servers.
Related Articles:
- How to use MobileBOT Source™ with Mobile Bot Defense
- How to Use Session Headers in Mobile Bot Defense
- How to Use Payload Timestamps In Mobile Bot Defense
- How to use Appdome Mobile EDR
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.