Appdome launches SDKProtect to secure mobile development
Appdome has unveiled its newest service aimed at protecting mobile Software Development Kits (SDKs) from security threats. The service, named Appdome SDKProtect, promises to bolster the safety of SDKs that are integral to numerous administrative functions in mobile applications, such as payment processing, biometric identification, and advertising.
The reliance on SDKs is substantial within the mobile development community. According to the Open Web Application Security Project (OWASP) Mobile Application Security Verification Standard (MASVS), the average mobile app utilises around 30 SDKs, with a significant portion—90%—of its code sourced from third parties. This hefty dependency on external code, while providing numerous benefits in terms of functionality and development speed, also results in pronounced safety and security vulnerabilities.
Appdome SDKProtect seeks to address these concerns proactively. The new service enables mobile SDK developers to create more secure versions of their SDKs quickly and efficiently, thereby reducing opportunities for fraud and improving regulatory compliance. Chief Product Officer Chris Roeckl emphasised the critical need for enhanced SDK protection solutions, citing the various types of attacks that mobile SDKs are susceptible to, such as bypassing facial recognition, root and jailbreak detection evasion, and other sophisticated exploits.
"With mobile SDKs playing such a pivotal role in the mobile app economy, and given their widespread use, they have become prime targets for malicious actors," said Tom Tovar, co-creator and CEO of Appdome. "Our goal with Appdome SDKProtect is to shield these SDKs from potential threats and empower SDK vendors to incorporate our advanced, in-app intelligence framework to improve several security facets globally."
The service provides multiple options for SDK protection, enhancing their defence against both static and dynamic attacks. It helps prevent reverse engineering, Intellectual Property (IP) loss, and other vulnerabilities. Moreover, the service incorporates Appdome's rich mobile attack and intelligence data framework, allowing SDK providers to augment their services with enriched data insights and security measures.
The features of Appdome SDKProtect include Threat-Shielding, which obfuscates and encrypts SDK data to protect against tampering; and Mobile Risk Evaluation, which offers comprehensive protection against various SDK attacks like emulator detection, debug detection, and more. It also encompasses Threat Intelligence, which combines shielding and risk evaluation with two distinct options: Threat-Streaming and Threat-Monitoring. Threat-Streaming delivers real-time telemetry data that can be streamed back to the SDK provider's backend to trigger specific actions in response to threats. Threat-Monitoring combines these protections with real-time attack monitoring and enterprise-grade intelligence through Appdome's ThreatScope Mobile Extended Detection and Response (XDR).
Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security at IDC, endorsed the service's potential impact. "SDKProtect from Appdome provides an automated method for SDK makers to secure their products and gather threat intelligence to swiftly address real-world attacks. It offers critical coverage for mobile SDKs that are essential components of the mobile app supply chain," she stated.
The integration process for Appdome SDKProtect is designed to be straightforward. Developers need to submit their SDK to the Appdome platform, choose the desired level of protection, and initiate the build process. Within minutes, the protected SDK is ready for download and distribution. The service supports all mobile platforms, frameworks, and development languages, and integrates seamlessly with existing development workflows without necessitating changes to the SDK source code.
As mobile threats continue to evolve, solutions like Appdome SDKProtect are indispensable in fortifying the security of mobile SDKs, ensuring the mobile app economy continues to function smoothly and securely. Chris Roeckl concludes, "Leveraging comprehensive, real-time attack and threat data in mobile services and making mobile SDKs threat-aware is the quantum leap forward the industry has needed for a long time."