In this webinar, Daniel Gallo, a solutions engineer at JetBrains, and Kurt Dusek, a product manager at Appdome, discussed the integration of TeamCity and Appdome for building and securing Unity games in a continuous integration/continuous deployment (CI/CD) pipeline.
The webinar focused on automating this pipeline and integrating Appdome for runtime protection of mobile applications. It showcased the seamless collaboration between TeamCity and Appdome to streamline the CI/CD process for Unity game development, enhancing security and automation throughout the entire pipeline.
Daniel introduced TeamCity, emphasizing its agnostic support for various project types. He showcased a typical game development build pipeline with Unity, including testing, building for different platforms, signing, and deploying to app stores.
During the live demo, Daniel demonstrated how TeamCity triggers builds in response to code changes, executes Unity tests, builds the game for iOS and Android, integrates Appdome for security, signs the builds, and finally deploys the secured game to app stores. The integration with Appdome allows for easy embedding of security measures, such as preventing screen sharing, without additional manual effort.
Kurt provided an overview of Appdome, highlighting its role in securing mobile applications without requiring additional code or plugin updates. Appdome monitors threats in real time and offers an automated response to potential attacks. The integration with TeamCity involves configuring security protections, defining the desired protections for the application, and incorporating Appdome into the build pipeline.
Kurt also provided insights into the security challenges faced by developers, especially in the gaming industry, and how Appdome addresses these issues. Key points discussed during the webinar include:
- Traditional security approaches: Traditional security measures like code scans, static scans, obfuscation, and app store policies offer a basic level of security, but may not be effective against more sophisticated threats such as malware, compromised devices, or emulation.
- Resilient applications: The emphasis is on building resilient applications that can detect not only in-game cheating but also broader issues like running on real devices, absence of malware, and prevention of tampering.
- Unity and security: Unity, while being a powerful game engine, is not primarily focused on security. The demo highlights how Appdome can complement Unity’s capabilities by seamlessly adding security features.
- Security configurations: Appdome allows users to define security policies based on the specific needs of their applications, providing flexibility in choosing and configuring protections against various threats like jailbreaking, memory editing, cheat protection, and more.
- OneShield protection: OneShield is a foundational defense mechanism that offers protection against anti-debugging, anti-tampering, and anti-emulation. It forms the base level of security before additional features are enabled.
- Automated security build: The platform integrates with build pipelines, ensuring that security protections are automatically applied to every release. A certified security document is generated with each build, detailing the security measures implemented.
- ThreatScope: Appdome includes ThreatScope, a threat detection and response tool, providing visibility into the types of threats detected, the platforms affected, and the ability to respond to these threats.
- Performance impact: The platform is designed not to significantly impact runtime performance. Checks for security measures are described as lightweight and optimized to ensure a seamless user experience.
- Piracy protection: Appdome addresses piracy by preventing common tactics such as running games in virtual machines, tampering with binaries, and side-loading. This protection ensures that games go through official distribution channels.
Conclusion
The webinar emphasized the importance of partnering with specialized security providers, allowing developers to focus on creating great apps while ensuring robust protection against evolving threats.
The conversation provides a comprehensive overview of Appdome and TeamCity’s capabilities and how these tools can enhance the security posture of mobile applications, particularly in the gaming industry.