Appdome SDKProtect reduces third-party mobile supply chain risk

Appdome released a new mobile SDK protection and mobile threat streaming service, called Appdome SDKProtect.

Appdome SDKProtect is designed to end third-party, mobile supply chain risk and democratize mobile threat intelligence and telemetry data among mobile SDK developers. The new service enables mobile SDK developers to quickly and easily create protected and threat-aware versions of their mobile SDKs, reducing fraud and ensuring compliance.

Mobile SDKs play a critical role in the mobile app economy, enabling Android & iOS developers to integrate essential functions into their applications, such as payment and banking services, digital identity verification, analytics, advertising, and more.

The widespread use of mobile SDKs also makes them a prime target for malicious actors seeking to exploit SDKs to create supply chain risks inside mobile apps or compromise mobile app security to perform identity fraud, account takeovers, SDK spoofing, data breaches or other attacks.

“Mobile brands have become SDK providers themselves, and there’s more need than ever to leverage real-time attack and threat data inside mobile services,” said Tom Tovar, CEO of Appdome. “We want to protect mobile SDKs and empower mobile SDK vendors to use our in-app intelligence framework to enrich critical mobile services to improve fraud detection, identity verification, and transaction integrity, and ensure regulatory compliance in mobile applications, globally.”

The new Appdome SDKProtect service provides mobile SDK vendors and developers with multiple options for mobile SDK protection. Appdome SDKProtect strengthens the security posture of third-party software development kits (SDKs) used in mobile app development against static and dynamic attacks, reverse engineering, IP loss and exploits.

The service also makes Appdome platform’s rich mobile attack and intelligence data intelligence framework available to SDK providers to enhance the value of their SDK-based mobile services.

“Mobile SDKs are critical components of the mobile app supply chain, and if left unprotected, can result in significant and reverberating impacts across the mobile app ecosystem,” said Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC. “SDKProtect from Appdome provides an automated method for SDK makers to secure and protect their SDKs, as well as provide them with threat intelligence to detect and respond quickly to real-world attacks.”

Appdome SDKProtect offers several levels of mobile SDK protection:

Threat-Shielding: Used to protect mobile SDK against reverse engineering and tampering by obfuscating and encrypting SDK data, strings, resources and preferences.

Mobile Risk Evaluation: Comprehensive coverage of SDK attacks, such as facial recognition bypass, root and Jailbreak detection, emulator detection, hooking frameworks, debuggers, Android debug bridge and more.

Threat Intelligence: Takes the power of Threat-Shielding and Mobile Risk Evaluation and combines it with two visibility and control options.

• Threat-Streaming, which takes Threat Intelligence to the next level by providing real-time telemetry data that can be streamed to the SDK maker’s back-end to create specific outcomes when attacks happen.
• Threat-Monitoring, which combines the protections with real-time attack monitoring and enterprise-grade intelligence via Appdome ThreatScope Mobile XDR.

The mobile Threat Intelligence packages leverage the power of Appdome Threat-Events in-app attack intelligence framework. The framework that empowers mobile developers with real-time event data and control for mobile SDKs.

“Keeping the mobile app economy safe requires this step,” said Chris Roeckl, CPO of Appdome. “Protecting mobile SDKs from reverse engineering is table stakes. Leveraging comprehensive, real-time attack and threat data in mobile services and making mobile SDKs threat-aware is the quantum leap forward the industry has needed for a long time.”

Using the Appdome SDKProtect service is easy. Mobile SDK developers present the Appdome platform with a version of the mobile SDK (in Android .aar or .jar and iOS framework files), choose the level of protection to apply to the SDK and initiate the build command.

Once selected, the Appdome platform builds the chosen protections into the mobile SDK. In just minutes, the protected mobile SDK is available for download and distribution by the mobile SDK developer to its customers.

Appdome SDKProtect is fully compatible with all mobile platforms, frameworks, and development languages. It seamlessly integrates with existing app development workflows and tools, requiring no changes to the SDK source code or development environment.