Appdome - Experts & Thought Leaders

Appdome, the pioneer in protecting mobile businesses, announced here at Black Hat 2025 the integration of its IDAnchor’s Customer Identity Protection suite into MobileBOT Defense, Appdome’s bot defense offering. This powerful combination enables mobile brands and businesses to build a virtual Mobile API Gateway on top of any standard backend infrastructure, preventing unauthorized API access, stopping brute-force bot attacks, and eliminating point products for API Protection and Bot Defense.   IDAnchor “There’s no need for point products in Bot Defense and API Protection any longer,” said Tom Tovar, CEO and co-creator of Appdome. “Within one solution, IDAnchor can tell network security teams if an API request is coming from real users, apps, and devices, and MobileBOT Defense can stop brute force bot attacks with ease.”  Mobile API Gateway Powered by AI, Appdome’s MobileBOT Defense, with IDAnchor inside, enables mobile teams to create a virtual Mobile API Gateway that sits on top of any standard backend infrastructure. Together, they provide an OS-independent chain of trust consisting of:  WorkspaceID - root identifier from the DevOps environment,  ReleaseID - intermediate identifier for each App Release,  InstallID - leaf identifier for each App instance, and  DeviceID - leaf identifier for each mobile Device that uses an IDAnchor enabled app.  True Device Attributes - OS-independent device attributes. Threat Signals – for identity, OS, Application and Device Threats. API connection request During any API connection request, if any part of the chain is missing, altered, or replaced, the mobile brand or business knows the origin of API request is suspicious or malicious. If an attacker attempts to impersonate legitimate mobile users, applications, devices, locations, or uses automated programs to generate requests individually or via brute force methods, the connection can be dropped or routed for mitigation in the application. No external systems or SDKs are required. “The Appdome platform lets mobile brands create the Mobile API Gateway or Mobile Application Firewall of their choice,” said Chris Roeckl, Chief Product Officer at Appdome. “Put simply, MobileBOT™ Defense and IDAnchor™ combined can offer deeper inspection, 400+ detection and defense options, to stop Unauthorized Access, API Attacks, API Abuse or Bot Attacks in one.”  Cryptographically bound Legacy mobile API and bot defense products use time-based cookies and tokens to determine session validity. They can be stored insecurely or transmitted in the clear, making them vulnerable to reuse by the attacker. Cookies and tokens do not provide any data on the mobile device, application, or installation making the API request. In short, cookies and tokens cannot tell if the API request is coming from a good, bad, real, fake, compromised or uncompromised mobile user, app, install, or device. In contrast, each IDAnchor fingerprint can be cryptographically bound to each user so that it is not reusable and persists across re-installs, OS updates, and factory resets. This fully addresses these top challenges in legacy bot protection strategies: Fake Users & Devices: Fake users and fake, emulated, or spoofed devices cannot present a valid IDAnchor identity, making it easy to block spoofed or impersonated sources. Bot Attack Masking & Evasion Techniques: Any attempted reuse or manipulation of the device, application, or OS attributes will result in an IDAnchor mismatch, revealing the attacker. Stolen Credentials or Identities: Stolen identities using separate devices, synthetic identity or AI generated deepfakes, vishing, or session hijacks. Install and attribution fraud: Fraud attempts conducted by emulator farms, malware-controlled apps, or fake devices.  KYC-fraud: Fake signups, fake account creation, and usage performed by bots or automated tools designed to spoof real behavior.   Weaponized Mobile Apps. Malware-controlled or modified apps will change the IDAnchor fingerprint, revealing the weaponized mobile app. Brute force credential stuffing: Attacks that use automated programs or stolen credentials with fake or spoofed mobile applications and devices. Bot Source Triangulation: A bot detected from App A can be blocked or flagged in App B—without needing to sync external intelligence.  Risk Scoring for API Connection Requests: Each match or mismatch of IDAnchor values is represented as a percentage and can be used as a proxy for connection risk or used to influence risk scoring methods for such purpose. API attacks “API attacks and abuse are a superset of bot defense, and you have to defend against both,” said Gil Hartman, Field CTO at Appdome. “MobileBOT Defense with IDAnchor proves you can address both in one solution and retain full flexibility to customize where and how you enforce each defense, per App, per API, or per Device.”  Appdome will showcase IDAnchor and MobileBOT Defense at BlackHat USA in Vegas, Aug 6th and 7th. 

Appdome, the pioneer in protecting mobile businesses, announced IDAnchor™, the industry’s first Customer Identity Protection (CIP) solution for the mobile economy. IDAnchor fingerprints each release, installation, and device used to access, log in, and generate transactions in a mobile app. It combines this immutable chain of trust with real-time threat signals to bring sign-in alerts and unrecognized device notifications to every mobile app in the world and create a perimeter defense around Identity Verification (IDV), Customer Identity & Access Management (CIAM), and other services in mobile apps. Trusted identity and engagement “Mobile brands have learned the hard way that successful authentication doesn’t mean there’s a trusted identity, engagement, or transaction in an app,” said Tom Tovar, Co-Creator of Appdome. “They also want the ability to tell when there’s unauthorized activity on an unrecognized device, application, or installation. IDAnchor solves all these challenges easily.” What is customer identity protection? CIP is the missing link needed to boost biometric authentication, CIAM, and IDV in mobile apps Customer Identity Protection (CIP) is the missing link needed to strengthen biometric authentication, CIAM, and IDV in mobile apps.  By adding a perimeter defense around identity assertions in a mobile app, CIP ensures that no part of the value chain – the mobile app, installation, or device – has been compromised or impersonated during login, authentication, engagement, or purchasing in mobile apps. Signs of on-device threat staging Mobile apps and identity products often assume the integrity of the mobile environment when creating, verifying, or using customer identities in mobile apps. However, fake or compromised devices, operating systems, and accounts, as well as malware-controlled sessions, can undermine signal fidelity from the mobile environment, giving fraudsters the upper hand. CIP monitors the source of each customer identity while it’s being used by the application, installation, device, or user. Customer Identity Protection detects if any part of that value chain has been compromised or impersonated, or if there are any signs of on-device threat staging, manipulation, spyware, and other risks that can compromise biometric authentication, CIAM, IDV, Ad Attribution, and other processes in a mobile app. IDAnchor™ is CIP for mobile apps Each IDAnchor fingerprint is securely stored and built to persist across device resets, app re-installs Unlike static and ephemeral device binding, IDAnchor™ creates a living, cryptographically bound, tamper-resistant chain of trust that spans the entire mobile app lifecycle. IDAnchor fingerprints the mobile DevOps workspace and each app release, installation, device, and session to enable mobile brands to bind customer identity from the point of origin, through the distribution chain, to user acquisition and use in a mobile app. Each IDAnchor fingerprint is securely stored and built to persist across device resets, app re-installs, OS updates, and sophisticated evasion techniques, including device cloning, app spoofing, Trojan installations, and threats that target customer identity in mobile apps. If, at any time, the chain of trust is broken, brands know customer identity is at risk. ATO moment and protect users Mobile brands can now offer their users the same powerful, real-time “Is this you?” sign-in alerts made famous across Apple and Google applications. Detect sign-ins or identity assertions from unrecognized devices, apps, or installs and trigger real-time responses like user-facing alerts, step-up authentication, or session blocks. Appdome makes it possible for every mobile brand to own the ATO moment and protect users From mobile banking to social, healthcare, and ride-sharing apps, Appdome makes it possible for every mobile brand to own the ATO moment and protect users with confidence. “IDAnchor gives brands a dynamic way to know if the source of the identity assertion can be trusted and if the user’s device, instance and environment are real, the same, unaltered, and uncompromised before, during, and after calling any identity-based service,” said Avi Yehuda, Co-Creator and CTO of Appdome. Built-in threat signals for identity assurance IDAnchor combines real-time threat signals with the chain of trust to solve a wide range of mobile threats, including: Deepfake attacks used on alternative or compromised devices. KYC fraud and fake account creation on synthetic, cloned, or altered mobile devices. Install/re-install abuse for inflating ad campaign metrics. Emulator farms that mimic real user engagement and devices. Loyalty and referral abuse from GAID/IDFA and device resets. Social engineering scams where users are tricked into installing Trojan versions of legitimate apps. Geo-fraud carried out through location spoofing, fake GPS apps, VPNs, IP cycling, and other techniques. Transaction and On-Device Fraud carried out by attackers using fake devices, synthetic identities, and stolen credentials. Range of fraud, ATOs, and scams “Without CIP, anyone or anything could successfully authenticate or engage inside an app,” said Chris Roeckl, Chief Product Officer at Appdome. “With IDAnchor™, brands can detect the full range of fraud, ATOs, and scams and get the true device attributes being used in each session.” IDAnchor™ feature overview Key features and capabilities include: DevOps Workspace Fingerprint – Appdome runs in DevOps. IDAnchor uses the DevOps environment to create a trusted root identifier for the mobile app. App Release Fingerprint – Unique Mobile App Release IDs do not change or reset based on device or install. No User Opt-Out. App Install Fingerprint – Each Mobile App Installation ID resets on update or upgrade. No User Opt-Out. Mobile Device Fingerprint – IDAnchor™ creates a unique and immutable Mobile Device ID for Android & iOS Devices. No reset. No User Opt-Out. True Device Attributes – With each payload, IDAnchor provides the true device attributes for each mobile device. Prevent Device Spoofing – Prevents modified or impersonated device attributes and bypassing probabilistic Device Identity systems. Prevent Vendor ID Spoofing – Prevents tampering with or rotating unique device identifiers that attribution systems or apps rely on to track installs, users, and fraud. Prevent Advertiser ID Cycling – Prevents attackers from rotating GAID/IDFA values to appear as unique users per fraud event. Protect Google/Apple Advertising ID – Monitor Google/Apple’s advertiser IDs for signs of manipulation, reuse, or substitution. Detect IDAnchor™ Manipulation Attempt – Send threat data and telemetry if attackers target IDAnchor™. Threat Signal Intelligence – Send threat data and telemetry on 400+ attack vectors, including deepfakes, device spoofing, device manipulation, RCE, RAT, ATS Malware, social engineering scams, IT scams, phishing, quishing, smishing, geo-fraud, and other attacks. Advances in AI deepfakes "Identity is the new perimeter,” said Eric Newcomer, Analyst at Intellyx. “Customer Identity Protection is more important than ever, given the advances in AI deepfakes, the rise of identity spoofing, and the use of mobile devices as an attack vector." "IDAnchor from Appdome strengthens the value of CIAM, IDV and Ad Attribution by tracking the true identity of the applications and devices connecting to enterprise services.” IDAnchor availability IDAnchor™ is available now for all Android and iOS applications. Mobile brands can use and evaluate IDAnchor fingerprints in the app, via an on-premise server, or cloud service.  To get a live demonstration of IDAnchor, visit Appdome at the Black Hat conference on August 6 and 7 in Las Vegas at Appdome’s booth (#4746).

Appdome, the pioneer in protecting mobile businesses, announces the availability of new dynamic defense plugins to detect and defend against Agentic AI Malware and unauthorized AI Assistants controlling Android & iOS devices and applications. The new Detect Agentic AI Malware plugins allow mobile brands and enterprises to know when Agentic AI applications interact with their mobile applications and use the data to prevent sensitive data leaks and block unvetted on-device AI Agents from accessing transaction, account, or enterprise data and services. Agentic AI Malware Malicious AI Assistants can exploit this access to perform data harvesting, session hijacking, and account takeovers Agentic AI Assistants—such as Apple Siri, Google Gemini, Microsoft Copilot, OpenAI ChatGPT, and others—are increasingly available to mobile users in consumer and enterprise environments. However, the same capabilities that make AI Assistants useful to consumers and employees can also be used by Agentic AI Malware and Trojans. Good and bad AI Assistants can gain broad runtime access to screen content, UI overlays, activity streams, user interactions, and contextual data. Malicious AI Assistants can exploit this access to perform data harvesting, session hijacking, and account takeovers—often under the guise of legitimate AI functionality. On Android, this risk is amplified by more permissive APIs. On iOS, threats extend to mirroring-based leaks (e.g., via AirPlay) and enterprise-targeted surveillance. Agentic AI Assistants “Mobile brands and enterprises have quickly acknowledged the risk of Agentic AI Assistants on mobile devices,” said Tom Tovar, co-creator and CEO of Appdome.   “Our new Detect Agentic AI Malware plugins give mobile brands and enterprises choice and control over when and how to introduce AI Assistant functionality to their users.”   Malicious AI Agents Agentic AI assistants have wide appeal in internal enterprise and public-facing consumer use cases. However, in consumer use cases—like banking, eWallet, and healthcare applications—some brands might take the view that, for now, the risks outweigh the benefits. Currently, whatever a good AI assistant can do, a bad AI Assistant can do. Both can access, extract or input credentials, intercept transactions, and send messages to other users. In enterprise environments, malicious AI Assistants could perform actions as the employee, accessing proprietary systems, leak sensitive documents, or create entry points for lateral compromise. Dangers of AI Apps Without real-time detection and control, mobile brands remain exposed to surveillance Wrapped or re-skinned AI apps—especially unofficial or third-party clones of tools like ChatGPT—further increase the attack footprint, often requesting dangerous (overreaching) permissions and quietly transmitting captured data to external servers. Without real-time detection and control, mobile brands remain exposed to surveillance, compliance failures, and data loss at scale. “The mobile application and device can only know it’s an Agentic AI Assistant,” said Avi Yehuda, Co-Creator and Chief Technology Officer at Appdome. "The mobile environment has no concept of “good” or “bad” actors, only allowed and disallowed access or permissions, that’s the point.” Risk of data loss Security researchers have observed that malicious AI Assistants can extract session data, cryptographic tokens, or decrypted content by analyzing on-screen information in real time. Security researchers have observed that malicious AI Assistants can extract session data These apps often masquerade as legitimate voice assistants, and once granted access, can silently monitor users’ activity. Furthermore, when coupled with generative AI models, attackers can script automated reconnaissance, tampering, or replay of sensitive operations inside apps. “If you have sensitive data or regulated use cases on mobile, AI Assistants are no longer a hypothetical risk—they’re an active one,” said Kai Kenan, VP of Cyber Research at Appdome. “Detecting and controlling the use of these tools is a must-have capability for any mobile defense strategy.” Appdome’s new Detect Agentic AI Malware Appdome’s new Detect Agentic AI Malware plugin uses behavioral biometrics to detect the techniques that malicious or unauthorized AI Assistants use to interact with an Android or iOS application in real time. This includes official, third-party, or wrapped AI apps that impersonate trusted tools or gain elevated permissions. Mobile brands and enterprises can use Appdome to monitor AI Assistant use or detect and defend against Agent AI Assistants using multiple evaluation, enforcement and mitigation options. Mobile brands and enterprises can also specify any number of Trusted AI Assistants, to guarantee that users have access to approved and legitimate Agentic AI Assistants.  new dynamic defenses “A tsunami of Agentic AI—both good and bad—is approaching the mobile ecosystem. The question is no longer if, but when,” said Chris Roeckl, Chief Product Officer at Appdome. “Most concerning are wrapped versions of legitimate apps, which are increasingly used to trick users into signing in, transacting, and engaging with what looks like your brand—until a malicious agent takes over. Our new dynamic defenses stop Agentic AI from weaponising your app against your users.”