This document outlines the setup process for the Mobile Protect SDK in Apache Cordova applications. The onboarding steps are similar to those for native iOS and Android apps, but each platform is addressed separately.
iOS: Add Mobile Protect SDK
Repo API Key
Mobile Protect builds are served from the following git repository: <https://mobile-protect-repos.securetheorem.com/mobileprotect-ios
.>
Access via SPM and CocoaPods, or Clone the Repo
To clone the repo:
git clone <https://any:{REPO_API_KEY}@mobile-protect-repos.securetheorem.com/mobileprotect-ios>
You can avoid the need for directly referencing the Repo API Key by adding it to your environment's .netrc
file. Add the following to ~/.netrc
(create the file if it doesn't already exist):
machine mobile-protect-repos.securetheorem.com password {REPO_API_KEY}
Replace {REPO_API_KEY}
with your real Mobile Protect Repo API Key.
Using CocoaPods
1. Initialize CocoaPods
Skip this step if your project already uses CocoaPods and has a Podfile
.
Navigate to the iOS project directory in your Cordova project. This is usually located at platforms/ios/
.
cd platforms/ios/
Initialize CocoaPods in this directory:
pod init
2. Add the MobileProtect
Pod
Open the Podfile
created in your project directory using a text editor and add the MobileProtect
pod:
# platform :ios, '9.0' target 'HelloWorld' do use_frameworks! # Unpinned version pod 'MobileProtect' # Specific version pod 'MobileProtect', '~> 25.0.3' end
'HelloWorld' would be replaced with the real target name of your Cordova iOS project.
3. Install the Pod
Run the following command in the same directory to initiate the download of Mobile Protect:
pod install
Using Swift Package Manager (SPM)
1. Open the Project's Xcode Workspace (.xcworkspace
)
Navigate to the iOS project directory in your Cordova project. This is usually located at platforms/ios/
.
cd platforms/ios/
Open project's .xcworkspace
file.
open *.xcworkspace
2. Add the Mobile Protect SPM Package
Enter the following URL in Xcode, File → Add Package Dependencies… → Enter Package URL:
<https://spm:{REPO_API_KEY}@mobile-protect-repos.securetheorem.com/mobileprotect-ios>
Replace {REPO_API_KEY}
with your real Repo API Key. If the Repo API Key has already been added to your environment's .netrc
file, spm:{REPO_API_KEY}@
can be omitted from the URL.
iOS: Mobile Protect Configuration
Add the Mobile Protect Config
Copy the MobileProtect.plist
config file into the project, place it in the Target root. See Add Existing Files and Folders to a Project for instructions.
Android: Add Mobile Protect SDK
1: Add the Mobile Protect Maven Repository
The Mobile Protect for Android SDK is hosted on a private Maven repository. To be able to fetch the dependency, you must first register the dependency within your Gradle manifest.
You will need to add our repository to the plugin repositories, and declare it in your settings.gradle
file:
pluginManagement { repositories { mavenCentral() gradlePluginPortal() google() // Mobile Protect Maven Repository maven { credentials { // Leave the username as "MAVEN" username "MAVEN" password "$MOBILEPROTECT_REPO_API_KEY" } url "<https://mobile-protect-repos.securetheorem.com/mobileprotect-android>" } } }
Our plugin will then download its project dependencies so you will also need to add our repository to your project’s build.gradle
file:
allprojects { repositories { mavenCentral() google() // Mobile Protect Maven Repository maven { credentials { // Leave the username as "MAVEN" username "MAVEN" password "$MOBILEPROTECT_REPO_API_KEY" } url "<https://mobile-protect-repos.securetheorem.com/mobileprotect-android>" } } }
Note: If you use settings for dependency management (for ex. if you see the error “Build was configured to prefer settings repositories over project repositories”) the Data Theorem repository will need to be added in settings.gradle
under dependencyResolutionManagement->repositories
.
2. Add the Mobile Protect Gradle Plugin
Declare the plugin within your project’s build.gradle
as follows:
plugins { id "com.dtplugin.mobileprotect" version("$VERSION") // If you want to auto update to the latest use: version("+") }
Note: If you encounter duplication issues because you have both TrustKit and MobileProtect, you can use the com.dtplugin.mobileprotect-notrustkit artefact and keep TrustKit as is.
3: Initialize Mobile Protect
Now you're ready to initialize the SDK. Within your application's main Application
class, preferably in the onCreate()
method, add the following code:
MobileProtect.init(this, R.xml.mobileprotect);
Android: Mobile Protect Configuration
Add the Mobile Protect Config
In the Android project, create the xml
directory (/app/src/main/res/xml
) if it does not exist. Then, copy the mobileprotect.xml
config file into the xml
resources folder.
The AUTH_TOKEN
key contained in the configuration file is not sensitive. The key is only used to identify the data sent by Mobile Protect to the backend, but cannot be used to pull any data from the app nor the backend. It is safe to commit and have the token in the .apk
as it is used as an identifier, similar to Google's Firebase: https://firebase.google.com/docs/projects/api-keys .
Congratulations! The Mobile Protect SDK is now fully integrated into your app.
By default, all functionality of the SDK operates in Telemetry mode. This means that data about attacks will be forwarded to the Mobile Protect Dashboard. Each Protection Item offered by Mobile Protect can be individually toggled into Active Protection mode by configuring the feature flags within the configuration file.