...

machine mobile-protect-repos.securetheorem.com
  username cocoapods
  password {MOBILEPROTECT_REPO_API_KEY}

...

target 'MyAwesomeApp' do
  ...

  pod 'MobileProtect'
end

For Mobile Protect Anti Fraud, use the Mobileprotect-antifraud pod:

target 'MyAwesomeApp' do
  ...
  pod 'MobileProtect'
  pod 'MobileProtectAntiFraud'
end

MobileProtectAntiFraud depends on MobileProtect so it is needed to add both pods.

And then run pod install to retrieve the pods for the project. See https://guides.cocoapods.org/using/the-podfile.html#specifying-pod-versions for deciding if pinning the pod versions is the best practice for your project.

Note: If you encounter duplication issues because you have both TrustKit and MobileProtect, you can use the MobileProtect-NoTrustKit pod and keep TrustKit as is.

Note: If you get an error about missing username when installing/updating the pods

fatal: could not read Username for 'https://mobile-protect-repos.securetheorem.com': Device not configured

Edit the ~/.netrc file to add the following line above the password line:

  username cocoapods

Step 3: Add the Mobile Protect configuration

In the iOS project copy the MobileProtect.plist config file into the project's Xcode project, place it in the project root. See Add Existing Files and Folders to a Project for instructions.

The plist file contains an AUTH_TOKEN key; however, the key is NOT SENSITIVE. The key is only used to identify the data sent by Mobile Protect to the backend, but cannot be used to pull any data from the app nor the backend. A different and more secure key is required for pulling data. It is safe to commit and have the token in the .apk as it is used as an identifier, similar to Google's Firebase: https://firebase.google.com/docs/projects/api-keys

Results

Please visit https://www.securetheorem.com/mobile/protect to see the list of your apps and the state of protection, along with the individual protection item details.