How to Add Bot Detection & Protection to Your Mobile App in Less Than an Hour
Wouldn’t it be amazing if you could protect your mobile apps from unwanted bot traffic in just a few clicks? Well, guess what: the DataDome SDKs for iOS and Android allow you to do exactly that.
The SDKs enable you to extend DataDome’s powerful Android and iOS bot detection and protection solution to your mobile apps, so you no longer have to worry about such threats as credential stuffing, Layer 7 DDoS attacks, malicious vulnerability scanning or intensive scraping.
Besides performance, ease of integration has been our top priority, and we honestly think we’re a solid step ahead of the competition. From start to finish, integrating our Android and iOS bot detection should take you no more than an hour. And with a footprint of less than 100 kb and extremely low memory and CPU usage, your users will never notice it’s there.
Let’s take a closer look, shall we?
Real-time bot protection for all vulnerability endpoints
First, just a few words about the DataDome bot detection solution for mobile apps (Android and iPhones) in general for those who aren’t already familiar with us.
Based on artificial intelligence and machine learning, DataDome is a solution for detecting bots in real time and blocks unwanted traffic from all your vulnerability endpoints: websites, mobile apps & APIs. The solution easily integrates into pretty much any web infrastructure, and doesn’t require any changes to the hosting architecture.
What’s the role of the SDK?
The DataDome bot detection solution for Android and iOS apps relies on a combination of client-side and server-side integration. On the server side, a module installed on the API collects HTTP information and enforces blocking decisions made by the DataDome AI.
For mobile apps, the client-side module is directly integrated via our Android, iOS, or React Native SDKs. The client-side module plays two important roles:
- It collects device properties and behavioral data (sensor data) while the user is interacting with the mobile app, and sends the data to the DataDome API. Sensor data includes device information, OS version, touch events, screen details and many more.
- It handles 403 API responses and displays the Captcha to visitors whose API call was blocked by the server-side module.
This means that the client-side module doesn’t perform mobile bot protection or detection on its own; it sends relevant data to the server-side module, which determines whether the user is a human or a bot, and depending on the server response, it either lets the user continue or displays the Captcha.
Read more: Mobile API security: How to protect mobile apps from bad bots
Built-in SDK implementation
The client-side bot detection module is directly implemented in the iOS or Android mobile app via the SDKs. Both SDKs are extremely light and ultra-easy to integrate.
On Android, we provide a Gradle dependency enabling you to integrate our SDK with just a few lines of code. You can choose between two different implementation options:
- DataDomeActivity, using either the DataDome extend OkHttp client or an OkHttp interceptor
- Manual integration with either DataDome HttpClient or DataDome interceptor.
On iOS, it’s a CocoaPods dependency that will inject the DataDome bot detection SDK into the application. There are three different ways to integrate the iOS SDK:
- DataDome HttpClient
- Alamofire Hook
- URLSession Delegate
For additional details, see our technical documentation.
Detailed analytics and custom rules
Once the solution is up and running, the DataDome dashboard is where the fun happens. The dashboard provides detailed analytics of all your incoming traffic, and includes KPIs such as the impact of bot traffic on your infrastructure resources, split of human traffic vs bot traffic, and hacking attempts.
The Endpoint traffic graph breaks down bot traffic by endpoint and by types of bots, enabling you to see which bots are specifically targeting your mobile apps.
The mobile bot detection and protection solution comes with a set of predefined responses to each bot and/or category of bots, but you can modify these responses with Custom rules.
Thanks to our query language, the DataDome DSL, you can filter traffic to your mobile apps extremely precisely using criteria such as referrer domain, user agent and country code. Multiple criteria can also be combined.
Getting started
To start testing the DataDome bot detection solution for iOS and Android mobile apps today, click the Free trial button below and create your account. It takes less than a minute and we don’t ask for a credit card number.
Then, follow the installation instructions for your chosen server-side module and SDK, and publish the new version of the app.
That’s all! You can now access your personal DataDome dashboard, and start observing all bot traffic to your mobile apps in real time.