SDK Integration - Standard Mode
Overview
Standard Mode is the default way to protect a mobile app with AppTego. Upload a compiled APK, AAB, or IPA and AppTego applies MobileDefender protection according to the selected security configuration. No source code changes are required.
Use Standard Mode when you are evaluating AppTego, protecting an existing release candidate, or moving protection into CI/CD. The protected app should behave like the original app with the selected security controls active, but every protected artifact should be validated before release.
How It Works
- Configure controls and response actions in the AppTego Portal.
- Upload the compiled app through the portal, a CI/CD integration, or the Automation API.
- AppTego protects, packages, and signs the app according to the selected configuration and signing option.
- Download the protected output when the build completes.
- Validate the protected app on representative devices.
- Distribute through your normal release channel after QA approval.
Supported Formats
| Format | Platform | Public output |
|---|---|---|
.apk | Android | Protected APK |
.aab | Android | Protected Android App Bundle; a universal test APK may also be available for QA |
.ipa | iOS | Protected IPA |
Upload Via The Portal
- Open Application Builds in the sidebar.
- Click Upload.
- Select Android or iOS.
- Choose the configuration version: Development, Staging, or Production.
- Select the APK, AAB, or IPA file.
- Select a signing key when the build should use customer signing material.
- Click Upload.
The build appears in the Application Builds list with a live status indicator. When complete, download the protected artifact from the build record.
Upload Via CI/CD
For repeatable CI/CD integration, use one of these paths:
| Option | Best for |
|---|---|
| Automation API | Direct HTTP integration from any CI system |
| GitHub Action | GitHub workflows using apptego-mobile-protect |
| CircleCI Orb | CircleCI workflows using apptego/mobile-protect |
Build Limits
Default build and application limits depend on your subscription plan. Contract-specific or support-configured limits can override these defaults.
| Plan | Concurrent builds | Application allowance | Protected build allowance |
|---|---|---|---|
| Free | 1 | 1 app per platform | 2 builds per platform and configuration version over 7 days |
| Team | 2 | 3 apps per platform | 10 builds per platform and configuration version over 7 days |
| Enterprise | 5 | Effectively unlimited unless a tenant cap is set | Effectively unlimited unless a tenant cap is set |
Build history, retention, signing, and detailed build behavior are covered in Uploading and Building Apps. Plan details are covered in Subscription Plans and Billing.
What Standard Mode Applies
During protected build creation, AppTego can apply the selected configuration, including:
- MobileDefender runtime protection.
- Detection controls and configured response actions.
- Prevention controls and platform hardening.
- AppTego obfuscation and build-time hardening supported by the tenant plan and platform.
- Protected configuration packaging for the selected environment.
- Signing using the selected signing key or temporary test signing.
Controls are plan-gated at configuration and build time. Many controls are build-time protections, so changing a configuration usually requires a new protected build before the app contains that change.
Signing
If no custom signing key is selected, AppTego can produce an installable test build using temporary signing. Temporary test signing is useful for QA and smoke testing, but it is not intended for app store distribution.
For production workflows, upload and select your own signing identity:
- Open Application Builds.
- Add the Android or iOS signing material in the Signing Keys panel.
- Select the signing key during upload, or set it as the default for future builds.
Custom signing keys are available on paid plans. Always validate that the protected artifact uses the expected signing identity for its distribution path.
Architecture Settings
Standard Mode protected outputs are device-focused by default. Enterprise tenants can enable optional build settings for Android x86/x86_64 support or iOS simulator support when QA or CI needs emulator/simulator installation. See Uploading and Building Apps for the current portal settings and tradeoffs.
Validation Checklist
| Check | What to verify |
|---|---|
| Installation | The protected app installs through the intended QA or release channel. |
| Launch and login | Startup, authentication, and session restore still work. |
| Critical workflows | Payments, uploads, offline mode, deep links, push notifications, and core user journeys behave as expected. |
| Controls | Selected controls trigger, block, or harden behavior as expected for the environment. |
| Network | API calls, certificate policy, and third-party SDKs work as expected. |
| Signing | The artifact uses the correct signing identity for its distribution path. |
Comparison with Library Mode
| Feature | Standard Mode | Library Mode |
|---|---|---|
| Source code access required | No | Yes |
| AppTego protects an uploaded binary | Yes | No |
| Final app build and signing owned by your pipeline | Optional | Yes |
| Runtime detection callbacks in app code | No | Yes |
| Controls enabled from app code | No | Yes |
| AppTego post-build obfuscation workflow | Yes, where plan and platform support it | No |
| Plan requirement | All plans | Enterprise |
For source-level setup, see Library Mode.