Introducing Custom Threat Response Messages
Security responses should not feel like app crashes
When a mobile security control detects a threat, the easiest response is often the least helpful one: close the app immediately. No explanation. No next step. No context for the person holding the device.
From the user's perspective, the app did not protect them. It just broke.
Custom Threat Response Messages give teams a better option. Instead of relying on a generic alert or a sudden termination, AppTego lets you show a branded in-app message when a detection rule triggers. The message can explain what happened, tell the user what to do next, and keep the experience aligned with your app's normal support voice.
The security decision stays firm. The communication becomes much clearer.
What are Custom Threat Response Messages?
Custom Threat Response Messages are portal-configured messages that appear when selected AppTego detection controls trigger. They are useful for situations where users need context, such as a rooted or jailbroken device, an emulator, an attached debugger, a policy-violating environment, or another risky condition.
Each message can be:
- Branded - Use your own colours, typography, layout, and tone of voice.
- Specific - Match the wording to the control that triggered it.
- Actionable - Give users a clear next step, such as closing the app, continuing after acknowledgement, or visiting a support page.
- Environment-aware - Test messages in Development, validate them in Staging, and promote them to Production when ready.
That means a financial app can explain why a rooted device is not supported. A healthcare app can direct users to a help page before access is blocked. An enterprise app can tell employees which device policy needs to be fixed. The user sees a controlled, intentional response instead of a mystery failure.
Why this matters
Consider the difference in practice.
Without a custom message A user opens a banking app on a rooted device. The app immediately closes. The user is confused, assumes the app is unstable, and may contact support with very little useful information.
With a custom message The same user opens the app and sees a branded security notice explaining that the device state increases fraud risk. The message offers a clear "Close App" button and a "Learn More" option that points to the bank's support guidance.
The same response policy is applied, but the experience is far easier to understand. For customer-facing apps, that difference matters. It can reduce frustration, improve support outcomes, and make security feel like part of the product rather than a hidden failure mode.
Built for the portal workflow
Custom messages are configured from the AppTego portal, so product, security, and release teams can work with them without writing app code.
<figure class="media-frame light blog-video-frame"> <video controls muted autoplay loop playsinline preload="auto" poster="/assets/img/resources/detection-response.png" aria-label="Custom threat response message design demo"> <source src="/assets/img/resources/website-demo-message-design.mp4" type="video/mp4"> </video> <figcaption class="media-caption"><strong>Message design demo</strong><span>Watch branded threat response copy and layout come together in the portal.</span></figcaption> </figure>
The setup flow is straightforward:
- Open Message Design from the sidebar.
- Start from the default template or one of the starter designs.
- Adjust the HTML, CSS, colours, spacing, buttons, and support copy in the built-in editor.
- Use the live preview to check the layout before saving.
- Open Detection & Response and choose the control that should show the message.
- Set the response action to Message.
- Enter the title, body text, button labels, and button actions for that control.
- Test the result in Development, validate it in Staging, and promote it to Production.
The important part is that the message template and the control response are managed in the same portal experience as the rest of your AppTego configuration. You can tune the wording for one control without changing every other response, and you can keep Development experiments away from Production users until the message is approved.
Simple controls for real user journeys
Each detection rule can have its own message and buttons. That lets teams choose the right response for the risk level.
| Button action | What it is useful for |
|---|---|
| Close app | High-risk conditions where the session should not continue |
| Dismiss | Lower-risk warnings where the user can acknowledge and proceed |
| Redirect | Support flows, FAQs, app store links, policy pages, or remediation guidance |
For example, debugger detection might close the app after showing a short explanation. VPN detection might show a warning with a support link. Emulator detection might use different wording for internal testing than it does for a production release.
This is where portal-based configuration is especially useful: you can make those decisions per control, per platform, and per environment, then promote the version that has been tested.
Templates that start close to finished
AppTego includes starter templates so teams do not have to begin with a blank screen. You can choose a clean warning layout, a darker high-severity design, or a lighter dual-action layout, then customise the details to match your product.
The editor supports the practical pieces teams need day to day: syntax highlighting, line numbers, bracket matching, code folding, and live preview. Templates use placeholders for the title, message body, button labels, and button actions, so one approved design can support different copy across different detection rules.
Because messages are displayed inside the protected app, templates should be self-contained. Keep CSS inline, avoid remote images or scripts, and test the result on small screens before promotion.
Better messages make security easier to support
The best threat response message is short, calm, and useful. It should tell the user what changed, why access is limited, and what they can do next.
A few good practices:
- Use plain language instead of internal detection names.
- Avoid blaming the user or exposing bypass details.
- Give one clear next step.
- Link to a support page your team controls.
- Keep button labels specific, such as "Close App", "Contact Support", or "Learn More".
- Validate the copy, links, and button behaviour before promoting to Production.
Security teams get enforcement. Product and support teams get a controlled customer experience. Users get an explanation instead of a crash.
Live Push for Enterprise
Enterprise customers can update supported custom messages in already-deployed apps without requiring a rebuild when live configuration is enabled. That makes it easier to refine support copy, update remediation links, respond to new threats, or correct wording quickly without waiting for an app store release.
For teams managing high-risk apps, that flexibility is valuable. The policy can stay consistent while the communication improves over time.
Available now
Custom Threat Response Messages are available now for Team and Enterprise plan customers. Log in to the portal, open Message Design, and create a security response that feels intentional, helpful, and on brand.