Appdome launches SDKProtect to combat mobile app security risks
Appdome has announced the launch of a new mobile SDK protection and mobile threat streaming service, branded as Appdome SDKProtect. This development targets reducing third-party mobile supply chain risks by enabling mobile SDK developers to create protected and threat-aware SDK versions effortlessly. The service is anticipated to curtail fraud and ensure compliance within the mobile app economy.
Mobile SDKs are integral to mobile app development, providing essential functionalities like payment gateways, biometric identification, and advertising. However, their extensive use also makes them susceptible to various security threats, creating potential supply chain risks that could compromise mobile app security, leading to identity fraud, account takeovers, SDK spoofing, and data breaches.
Tom Tovar, co-creator and CEO of Appdome, emphasized the rising necessity for real-time attack and threat data within mobile services. "We aim to protect mobile SDKs and empower vendors to use our industry-leading in-app intelligence framework to enhance fraud detection, identity verification, and transaction integrity, and ensure global regulatory compliance in mobile applications," said Tovar.
Appdome SDKProtect equips SDK vendors and developers with multiple protection options, fortifying third-party SDKs against static and dynamic attacks, reverse engineering, and intellectual property loss. It also allows SDK providers access to Appdome's extensive mobile attack and intelligence data framework, thereby enhancing the value of their SDK-based mobile services.
Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security, endorsed the automated SDK protection provided by Appdome SDKProtect. Norton remarked, "SDKProtect offers an efficient method for SDK makers to secure their SDKs and provides critical threat intelligence to detect and respond promptly to real-world attacks."
Appdome SDKProtect divides its protection offerings into several levels:
Threat-Shielding: This feature protects mobile SDKs by obfuscating and encrypting SDK data, resources, and preferences, shielding them against reverse engineering and tampering.
Mobile Risk Evaluation: This provides comprehensive coverage of SDK attacks, identifying threats such as facial recognition bypass, root and jailbreak detection, emulator detection, hooking frameworks, debuggers, and the Android debug bridge.
Threat Intelligence: Combining Threat-Shielding and Mobile Risk Evaluation, this feature offers two options—Threat-Streaming and Threat-Monitoring. Threat-Streaming provides real-time telemetry data streamed to the SDK makers' back-end, facilitating specific responses to attacks. Threat-Monitoring amalgamates protections with real-time attack monitoring and enterprise-grade intelligence via Appdome ThreatScope Mobile XDR.
Chris Roeckl, Chief Product Officer at Appdome, lauded the necessity of such services. "Protecting mobile SDKs from reverse engineering is essential. However, leveraging comprehensive, real-time attack and threat data within mobile services and making mobile SDKs threat-aware is a significant advancement the industry has long needed."
The implementation process for Appdome SDKProtect is designed to be user-friendly. Developers present the Appdome platform with an SDK version in Android (.aar or .jar) or iOS framework files, select the desired protection level, and initiate the build command. The platform then incorporates the selected protections into the mobile SDK, making it ready for download and distribution within minutes.
Appdome SDKProtect is compatible with all mobile platforms, frameworks, and development languages, integrating with existing app development workflows and tools without necessitating changes to the SDK source code or development environment.