Mobile software development kits, or SDKs, are the building blocks of the modern mobile app economy. These toolkits provide pre-written code that Android (News - Alert) and iOS developers can integrate into their apps, allowing them to quickly add essential features like secure payment gateways, digital verification tools and in-app analytics. This streamlines development and fosters innovation, which offers a wider range of functionalities to users.

The issue, however, is that the very convenience and ubiquity of SDKs make them attractive targets for cybercriminals. Malicious actors exploit vulnerabilities within these kits to create "supply chain risks" – essentially hidden weaknesses within seemingly legitimate tools. This can compromise the security of the entire app that leads to a variety of attacks.

These may include identity theft through fraudulent account takeovers, where attackers steal login credentials. Spoofing, where a malicious SDK masquerades as a legitimate one, can also occur.

By recognizing the critical role of SDKs and the potential dangers malicious ones can pose, Appdome released a new mobile SDK protection and mobile threat streaming service called Appdome SDKProtect.

Appdome’s mission is to protect every mobile app in the world and the people who use mobile apps in their lives and at work. SDKProtect offers multiple layers of protection against various threats, including static and dynamic attacks, reverse engineering, intellectual property theft and exploits.

One key feature is Threat-Shielding, which obfuscates and encrypts data, strings, resources and preferences within the SDK. This makes it difficult to tamper with or reverse engineer. Additionally, Mobile Risk Evaluation provides comprehensive coverage against specific attacks like bypassing facial recognition systems, rooting or jailbreaking devices, emulator detection and exploiting debugging tools.

For enhanced protection, Appdome offers Threat Intelligence, which combines Threat-Shielding and Mobile Risk Evaluation with real-time threat monitoring capabilities. This comes in two options:

• Threat-Streaming delivers real-time telemetry data to the SDK developer's system for customized responses to attacks.
• Threat-Monitoring combines real-time attack monitoring with advanced intelligence from Appdome ThreatScope Mobile XDR to provide a comprehensive security view.

Both Threat Intelligence packages use Appdome Threat-Events, an in-app attack intelligence framework that helps developers with real-time data and control over their SDKs.

“We want to protect mobile SDKs and empower mobile SDK vendors to use our industry leading in-app intelligence framework to enrich critical mobile services to improve fraud detection, identity verification and transaction integrity, and ensure regulatory compliance in mobile applications, globally,” said Tom Tovar (News - Alert), co-creator and CEO of Appdome.

Using SDKProtect is straightforward. Developers simply submit their mobile SDK to the Appdome platform, choose the desired protection level and initiate the build process. The platform then integrates the chosen protections into the SDK within minutes.

Appdome SDKProtect is fully compatible with all mobile platforms, frameworks, and development languages.