Appdome MobileTRUST Alliance Aims To Quickly Find and Fix Mobile App Security Flaws

Appdome is launching a new initiative aimed at quickly finding and fixing mobile app security vulnerabilities.  IDN explores how Appdome will automatically remediate mobile app security flaws with CEO Tom Tovar.

Tags: AI, Android, Appdome, authentication, DevSecOps, iOS, mobile apps, no-code, security,

Tom Tovar, AppDome
Tom Tovar

"The MobileTRUST Alliance addresses mobile app security challenges by combining vulnerability discovery with Appdome's no-code mobile app security platform to fix found issues."

Appdome, a leading no-code mobile integration and solutions platform, is launching a new initiative aimed at quickly finding and automatically fixing mobile app security vulnerabilities.


The MobileTRUST Alliance enables Appdome and partners to identify and remediate security flaws within mobile apps, Appdome CEO Tom Tovar told IDN. “The MobileTRUST Alliance is an alliance of organizations that help find vulnerabilities in mobile apps and Appdome who provides instant remediation of these vulnerabilities,” he said.

Appdome described the benefits of MobileTRUST Alliance this way:

Mobile app development teams work on tight delivery schedules to build and enhance apps, to retain customers and to stay ahead of the competition. Even when developers conduct vulnerability testing, they typically do not have iOS and Android security skills in-house, nor can they afford to delay to manually remediate discovered security flaws. The MobileTRUST Alliance addresses these challenges by combining vulnerability discovery with Appdome's no-code mobile app security platform to fix found issues.
Application Architecture Summit
Modern Application Development for Digital Business Success
Online Conference

“Trust and time to market make all the difference in an app's success,” Tovar added. “In the extremely competitive mobile app market, proper mobile app security is a competitive advantage. The MobileTRUST Alliance brings together vulnerability assessment providers and Appdome's no-code mobile app security offering.”


Appdome’s offering is designed to be self-service, thanks to its use of patented AI coding technology.  It lets both developers or lesser skilled users build key features into iOS and Android apps. Functionalities supported within Appdome’s no-code interface include security, authentication, access, enterprise mobility, mobile threat and analytics.


Appdome’s platform can support such a wide variety of services thanks to the platform’s more than 25,000 unique combinations of mobile features, kits, vendors, standards, SDKs and APIs, according to Tovar. 


He explained how the MobileTRUST Alliance works compared to how developers, teams or even ISVs conduct their mobile app security tasks currently.


“They would use the services of the vulnerability testing/scanning solution. The outcome of that testing typically is a report with remediation recommendations. At that time, the customer would need to find time and recourses to manually remediate the vulnerabilities. With Appdome, the remediation is instant,” Tovar told IDN.


“To get the full benefit of the MobileTRUST Alliance’s approach to finding and fixing mobile app vulnerabilities, users need to use/buy the solutions of at least two vendors, a vulnerability scanning/testing and Appdome,” he added. 


IDN also asked Tovar how Appdome will work with partners under the MobileTRUST Alliance.


“Appdome is flexible in how vulnerabilities testing/scanning vendors join the alliance and how they will offer Appdome's instant remediation to their customers. The key is to make the buying process easy for customers. So some partners may choose to OEM Appdome, others to resell Appdome and others will refer their customers to Appdome. Instant remediation from Appdome will always require the purchase of an Appdome subscription,” he added.

As to partners, Appdome announced its first MobileTRUST Alliance partner and solution will be with ImmuniWeb, a producer of AI technology for DevSecOps-enabled mobile app penetration testing.


In specific, the ImmuniWeb AI Platform provides a full spectrum of AST (Application Security Testing), ASM (Attack Surface Management) and continuous security monitoring solutions. 


"ImmuniWeb and Appdome address a key pain point for mobile app developers, who are struggling to rapidly release new and updated apps that are also secure," said CEO at ImmuniWeb CEO Ilia Kolochenko said in a statement.


Under the alliance, the Appdome and ImmuniWeb joint solution enables developers to upload any app binary (.apk or .ipa) to ImmuniWeb's free mobile scan tool or leverage its AI-enabled mobile application penetration test for in-depth testing of the most sophisticated vulnerabilities, including full coverage of OWASP Mobile Top 10 and SANS Top 25, according to Appdome and ImmuniWeb officials.


Within minutes, ImmuniWeb's AI-based platform can find and categorizes mobile app vulnerabilities, weaknesses and privacy issues. From this data, it generates a risk-based report.


Users then upload their vulnerable app to Appdome and select the vulnerabilities they would like Appdome's no-code Mobile App Security Suite to remediate. Then, Appdome automatically implements the chosen mobile app security features to deliver a secure version of the app instantly.


Additional MobileTRUST Alliance partners are expected in the near future, Tovar said. The scope of solutions will include an array of vulnerability identification capabilities - crowdsourcing, bug bounty, penetration testing, cloud-based mobile threat detection, static and dynamic app analysis and AI-enabled app security scanning, he added.


Early results from users are encouraging.


"I've used Appdome and ImmuniWeb together in engagements with customers, and they really value the immediate impact of instant remediation," said Paco Villegas, CEO of Sh13ld-4ce (pronounced Shield Force), a reseller and integrator based in Mexico City. "Now that the MobileTRUST Alliance is creating joint solutions that enable developers to immediately address the security flaws found through scans, I can't imagine a customer buying a scanning solution all by itself."


Readers can learn more about the MobileTRUST Alliance here.