Appdome unveils Threat-Memory to track repeated attacks

Appdome has launched Threat-Memory, a feature that stores threat history inside protected iOS and Android apps and assigns a severity score that updates over time.

The product targets mobile fraud and account takeover attempts that recur across multiple sessions or app installs. It records prior suspicious activity on the device and makes it available to the app at key moments such as login, password reset, onboarding, and transactions.

Threat-Memory extends Appdome’s existing Threat-Events threat-signalling component. It adds local storage for threat histories and an “Agentic Severity Scoring” layer that ranks detections while the app runs. The system also verifies and synchronises threat information with Appdome’s backend, and can receive remote configuration and over-the-air defence updates.

Appdome framed the release as a response to mobile app security tools that treat incidents as isolated alerts. Many do not retain source threat data on the device, reducing visibility into repeat attempts and multi-step patterns. That can delay responses or add friction for legitimate users when controls trigger on a single event.

Threat-Memory introduces a persistent “threat state” within each app. It stores source threat data captured on the device and pairs it with runtime scoring. The threat state can be associated with different entities depending on configuration, including a device, application instance, installation, session, or user account.

The platform synchronises threat histories with Appdome’s backend to maintain integrity and persistence across app upgrades, reinstalls, and operating system updates. Synchronisation can also occur during active attack conditions.

Use cases

Appdome described scenarios where a remembered sequence changes how an app responds. In a bot-driven account takeover attempt, an app could detect repeated automated logins and manipulation signals across sessions, then escalate controls as activity persists. In scams linked to social engineering, the app could use accumulated indicators to restrict sensitive actions or require stronger verification as risk rises.

Threat-Memory draws on Appdome’s library of more than 400 detections spanning behavioural, environmental, and identity-based signals. Categories include fraud, deepfakes, account takeover, geo-spoofing, malware, and manipulation techniques.

The feature supports in-app decisions without requiring an external call each time it evaluates risk. Instead, the app can query the local threat state at decision points.

Architecture and controls

Threat-Memory aggregates threat intelligence locally, then sends threat signals to Appdome’s backend for verification. It can also receive secure configuration updates and changes to defence controls, including over-the-air updates to certificates and exclusions.

Appdome also listed analytics options that organise histories by device, install, release, or user identity. It also pointed to future digital reputation and risk APIs that would feed into the same model.

“Scoring risk without exposing the source data and detecting threats without dynamic scoring has been the model that vendors used until today,” said Tom Tovar, Co-Creator & CEO, Appdome. “We’re stepping forward to provide both on-device threat histories and AI-generated scoring in one solution to identify attack sequences, improve decisioning, and let brands build durable threat and risk profiles, all while providing more flexible enforcement and policy control.”

Appdome described the product as interactive, with apps able to retrieve a “true threat-state” at any point in the application lifecycle. Scoring updates are refreshed via its backend, and threat histories can surface multi-step attacks and evolving patterns that may not be visible in a single session.

“By combining a local threat repository (or store) with agentic and platform-validated threat history and risk intelligence directly inside mobile applications, we eliminate guesswork in defeating mobile security and fraud risks,” said Kai Kenan, VP of Identity & Reputation Solutions, Appdome. “As a substrate to defeat dedicated attackers and fraudsters, there’s no comparison to Threat Memory.”

Appdome also highlighted Threat-Memory’s role in enforcement decisions. The tool can provide counts and patterns across repeated detections, and report whether a detection changed across attempts or occurred alongside other signals.

“Threat Memory allows us to provide an interactive, flexible and informed defense posture in each application,” said Avi Yehuda, Co-Creator & CTO, Appdome. “Now, Appdome can not only tell you ‘when’ and ‘what’ attack happened, but how many times it happened, if it was different each time and whether it occurred with other attack patterns, and the severity of that stand-alone or combined attack sequence.”

Eric Newcomer, Principal Analyst at Intellyx, said the key change is local persistence of security context across repeated attempts. “Threat-Memory improves critical on-device protection capabilities,” he said. “A device-based threat history enables local defense against repeated attacks and multi-step attacks. Together with AI, local history data creates actionable intelligence to stop fraud, prevent ATOs, and defeat social engineering.”

Threat-Memory is designed to accept intelligence updates from future Appdome APIs and to augment or restore severity profiles via its backend when required.