New service targets SDKs that are central to the mobile app economy, including payment gateways, biometric identification, advertising, and more
San Francisco, Calif. –(June 4, 2024) – Appdome, the mobile app economy’s one-stop shop for mobile app defense, today released a new mobile SDK protection and mobile threat streaming service, called Appdome SDKProtect™. Appdome SDKProtect is designed to end third-party, mobile supply chain risk and democratize mobile threat intelligence and telemetry data among mobile SDK developers. The new service enables mobile SDK developers to quickly and easily create protected and threat-aware versions of their mobile SDKs, reducing fraud and ensuring compliance.
Mobile SDKs play a critical role in the mobile app economy, enabling Android & iOS developers to integrate essential functions into their applications, such as payment and banking services, digital identity verification, analytics, advertising, and more. The widespread use of mobile SDKs also makes them a prime target for malicious actors seeking to exploit SDKs to create supply chain risks inside mobile apps or compromise mobile app security to perform identity fraud, account takeovers, SDK spoofing, data breaches or other attacks.
“Mobile brands have become SDK providers themselves, and there’s more need than ever to leverage real-time attack and threat data inside mobile services,” said Tom Tovar, co-creator and CEO of Appdome. “We want to protect mobile SDKs and empower mobile SDK vendors to use our industry leading in-app intelligence framework to enrich critical mobile services to improve fraud detection, identity verification, and transaction integrity, and ensure regulatory compliance in mobile applications, globally.”
The new Appdome SDKProtect service provides mobile SDK vendors and developers with multiple options for mobile SDK protection. Appdome SDKProtect strengthens the security posture of third-party software development kits (SDKs) used in mobile app development against static and dynamic attacks, reverse engineering, IP loss and exploits. The service also makes Appdome platform’s rich mobile attack and intelligence data intelligence framework available to SDK providers to enhance the value of their SDK-based mobile services.
“Mobile SDKs are critical components of the mobile app supply chain, and if left unprotected, can result in significant and reverberating impacts across the mobile app ecosystem,” said Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC. “ SDKProtect from Appdome provides an automated method for SDK makers to secure and protect their SDKs, as well as provide them with threat intelligence to detect and respond quickly to real-world attacks.”
Appdome SDKProtect™ offers several levels of mobile SDK protection:
- Threat-Shielding: Used to protect mobile SDK against reverse engineering and tampering by obfuscating and encrypting SDK data, strings, resources and preferences.
- Mobile Risk Evaluation: Comprehensive coverage of SDK attacks, such as facial recognition bypass, root and Jailbreak detection, emulator detection, hooking frameworks, debuggers, Android debug bridge and more.
- Threat Intelligence: Takes the power of Threat-Shielding and Mobile Risk Evalation and combines it with two visibility and control options.
- Threat-Streaming, which takes Threat Intelligence to the next level by providing real-time telemetry data that can be streamed to the SDK maker’s back-end to create specific outcomes when attacks happen.
- Threat-Monitoring, which combines the protections with real-time attack monitoring and enterprise-grade intelligence via Appdome ThreatScope™ Mobile XDR.
The mobile Threat Intelligence packages leverage the power of Appdome Threat-Events™ in-app attack intelligence framework. The framework that empowers mobile developers with real-time event data and control for mobile SDKs.
“Keeping the mobile app economy safe requires this step,” said Chris Roeckl, Chief Product Officer of Appdome. “Protecting mobile SDKs from reverse engineering is table stakes. Leveraging comprehensive, real-time attack and threat data in mobile services and making mobile SDKs threat-aware is the quantum leap forward the industry has needed for a long time.”
Using the Appdome SDKProtect service is easy. Mobile SDK developers present the Appdome platform with a version of the mobile SDK (in Android .aar or .jar and iOS framework files), choose the level of protection to apply to the SDK and initiate the build command. Once selected, the Appdome platform builds the chosen protections into the mobile SDK. In just minutes, the protected mobile SDK is available for download and distribution by the mobile SDK developer to its customers.
Appdome SDKProtect is fully compatible with all mobile platforms, frameworks, and development languages. It seamlessly integrates with existing app development workflows and tools, requiring no changes to the SDK source code or development environment.
To learn more about Appdome SDKProtect, please visit https://www.appdome.com/sdkprotect/.
About Appdome
The Appdome mission is to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides the mobile industry’s only Unified Mobile App Defense platform, powered by a patented mobile coding engine, Threat-Events™ Threat-Aware UX/UI Control and ThreatScope™ Mobile XDR. Using Appdome, mobile brands eliminate complexity, ship faster and save money by delivering 300+ Certified Secure™ mobile app security, anti-malware, anti-fraud, anti-social engineering, mobile anti-bot, anti-cheat, geo compliance, MiTM attack prevention, code obfuscation, social engineering and other protections in Android and iOS apps with ease, inside the mobile DevOps and CI/CD pipeline. Leading financial, healthcare, government and m-commerce brands use Appdome to protect Android and iOS apps, mobile customers, and mobile businesses globally. Appdome holds several patents including U.S. Patents 9,934,017 B2, 10,310,870 B2, 10,606,582 B2, 11,243,748 B2 and 11,294,663 B2. Additional patents pending.