Appdome has launched Appdome SDKProtect™, a service designed to protect and stream mobile SDKs, including payment gateways, biometric identification, and advertising. The service aims to reduce third-party supply chain risk and democratize mobile threat intelligence among developers. It allows developers to create protected versions of their SDKs, reducing fraud and ensuring compliance. Mobile SDKs are crucial for the mobile app economy.

“Mobile brands have become SDK providers themselves, and there’s more need than ever to leverage real-time attack and threat data inside mobile services,” said Tom Tovar, co-creator and CEO of Appdome. “We want to protect mobile SDKs and empower mobile SDK vendors to use our industry leading in-app intelligence framework to enrich critical mobile services to improve fraud detection, identity verification, and transaction integrity, and ensure regulatory compliance in mobile applications, globally.”
The new Appdome SDKProtect service provides mobile SDK vendors and developers with multiple options for mobile SDK protection. Appdome SDKProtect strengthens the security posture of third-party software development kits (SDKs) used in mobile app development against static and dynamic attacks, reverse engineering, IP loss, and exploits. The service also makes the Appdome platform’s rich mobile attack and intelligence data intelligence framework available to SDK providers to enhance the value of their SDK-based mobile services.
“Mobile SDKs are critical components of the mobile app supply chain, and if left unprotected, can result in significant and reverberating impacts across the mobile app ecosystem,” said Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security. “ SDKProtect from Appdome provides an automated method for SDK makers  to secure and protect their SDKs, as well as provide them with threat intelligence to detect and respond quickly to real-world attacks.”
Appdome SDKProtect™ offers several levels of mobile SDK protection:
  • Threat-Shielding: Used to protect mobile SDK against reverse engineering and tampering by obfuscating and encrypting SDK data, strings, resources, and preferences.
  • Mobile Risk Evaluation: Comprehensive coverage of SDK attacks, such as facial recognition bypass, root and Jailbreak detection, emulator detection, hooking frameworks, debuggers, Android debug bridge, and more.
  • Threat Intelligence: Takes the power of Threat-Shielding and Mobile Risk evaluation and combines it with two visibility and control options.
    • Threat-Streaming takes Threat Intelligence to the next level by providing real-time telemetry data that can be streamed to the SDK maker’s back-end to create specific outcomes when attacks happen.
    • Threat-Monitoring combines the protections with real-time attack monitoring and enterprise-grade intelligence via Appdome ThreatScope™ Mobile XDR.
The mobile Threat Intelligence packages leverage the power of Appdome Threat-Events™ in-app attack intelligence framework. The framework empowers mobile developers with real-time event data and control for mobile SDKs.
“Keeping the mobile app economy safe requires this step,” said Chris Roeckl, Chief Product Officer of Appdome. “Protecting mobile SDKs from reverse engineering is table stakes. Leveraging comprehensive, real-time attack and threat data in mobile services and making mobile SDKs threat-aware is the quantum leap forward the industry has needed for a long time.”
Using the Appdome SDKProtect service is easy. Mobile SDK developers present the Appdome platform with a version of the mobile SDK (in Android .aar or .jar and iOS framework files), choose the level of protection to apply to the SDK, and initiate the build command. Once selected, the Appdome platform builds the chosen protections into the mobile SDK. In just minutes, the protected mobile SDK is available for download and distribution by the mobile SDK developer to its customers.
Appdome SDKProtect is fully compatible with all mobile platforms, frameworks, and development languages. It seamlessly integrates with existing app development workflows and tools, requiring no changes to the SDK source code or development environment.
To learn more about Appdome SDKProtect, please visit https://www.appdome.com/sdkprotect/.