20 May 2020 02:50 PM
Hi all,
I am currently evaluating the security of the Mobile OneAgent (for Mobile Application Monitoring) and the beacon for my company, and here are what I understand so far:
My company is concerned that an malicious party may decompile the mobile app and extract the application id and beacon endpoint for future attacks. Thus I have the following questions:
Thank you in advance.
Solved! Go to Solution.
20 May 2020 03:30 PM
/dtmb
instead of /mbeacon
for compatibility reasons when running an agent on an AG host (documentation update in progress)Dynatrace.h
:/*!
@brief Sets a dictionary of custom headers to be included in all OneAgent data transmissions.
The Dynatrace OneAgent sends data to the server via HTTP or HTTPS. If your infrastructure requires
custom headers to be added to HTTP requests in order for them to pass you can use this method to provide
them. This method needs to be called as early as possible to ensure that the headers are available for the first communication with the server.
It can be called again later to change or to remove the headers.
@param beaconHeaders The headers dictionary. Pass nil to remove all headers from future requests.
The headers will be inspected for invalid or not allowed values.
Limitations:
- max number of headers: 10
- max header len: 4096 bytes
- max total size: 8192 bytes
@return YES if the headers where successfully set, NO otherwise.
*/
+ (BOOL)setBeaconHeaders:(NULLABLE NSDictionary*)beaconHeaders;
/**
@return the dictionary of custom headers that was set with setBeaconHeaders: method
*/
+ (NULLABLE NSDictionary*)beaconHeaders;
/**
In order to receive notifications about the network errors occurred in the agent
subscribe to the notification center using this as name.
e.g.: [[NSNotificationCenter defaultCenter] addObserverForName:[Dynatrace getCommunicationProblemNotificationName] ... ];
*/
+ (NONNULL NSString *)getCommunicationProblemNotificationName;
20 May 2020 03:47 PM
a short usage example in Swift:
//set headers onto beacon
Dynatrace.setBeaconHeaders(["X-MyHeader1" : "true", "someOtherHeader" : "aa-bb-cc-dd"])
//request the headers that have been set
let headers: Dictionary? = Dynatrace.beaconHeaders()
//listen for communication problems (e.g. if beacon heder contains a token that can expire required to pass a firewall)
NotificationCenter.default.addObserver(forName: NSNotification.Name(rawValue: Dynatrace.getCommunicationProblemNotificationName()), object: nil, queue: nil) { _ in
//e.g. update beacon header with new token
}
20 May 2020 03:32 PM
Hi Benjamin,
1. Is it possible to inject custom headers in the iOS OneAgent so we get feature parity with the Android?
This feature is also available for iOS. Unfortunately the documentation for this feature is missing in the Dynatrace documentation. Currently the feature is only described in the AppMon documentation. We will ensure that this documentation segment is also added to the Dynatrace pages.
How can we secure the beacon endpoint so it will only accept requests from "known" or "authenticated" clients? Will it require bespoke implementation on the customer side to enable?
Yes, you need a customer side implementation. Currently Dynatrace does not offer this feature. You would have to implement your own solution for verifying the data source and adjust OneAgent accodingly to your solution.
20 May 2020 03:59 PM
As an follow on question: is the custom headers feature available for React Native mobile apps?
20 May 2020 04:47 PM
The API methods are currently not exposed and therefore not usable in the ReactNative components of your app. The feature is accessible in the native components of the app.
17 Aug 2022 03:27 PM
Hi Thomas,
I am bumping on the authentication of the flow between the mobile and our activegate beacon. You mentioned it's up to the client to implement it's own authentication mechanism. Do you have some example? basic authen (user/pwd), certificate, OAuth2/OIDC access token, other? Do you have some client experimentation feedback?
Looking forward hearing from you