Approov Blog

A proposed update to the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information was issued in June 2024. Comments were requested and Approov has proposed some changes. This blog outlines the Approov recommendations to strengthen The Rule, specifically around mobile apps on personal mobile devices accessing ePHI. Read Full Story

With a global AI race underway, mobile app security is not optional - it’s a necessity. A recent security audit of the DeepSeek iOS application revealed significant vulnerabilities that put user data at risk. These weaknesses, including unencrypted data transmission, insecure cryptographic practices, and disabled security mechanisms, have exposed users to potential data breaches and cyberattacks. Read Full Story

Man-in-the-middle (MitM) attacks occur when an attacker intercepts or manipulates mobile device communications to gain access to sensitive information. Attackers can extract login information, API keys and useful credentials from messages and can modify messages and intercept sensitive commercial or personal data, or even easily launch a denial of service attack against the service being accessed via a mobile app. Read Full Story

All the key players in cyber-security make predictions at the end of every year and 2025 is no exception, there was a flurry of predictions which are nicely summarized here. Read Full Story

In 2024, a lot has happened to curtail the Apple and Google mobile app monopolies and mobile app developers are exploring exciting opportunities beyond the Google and Apple ecosystems. This blog presents a roundup of some of the key initiatives and how they may evolve in 2025. Read Full Story

The rapid pace of technological advancements, particularly in artificial intelligence (AI), has transformed both the opportunities and threats in the mobile app ecosystem. This blog describes why over-the-air (OTA) updates to security solutions are essential to maintain an effective security posture for apps and APIs in this rapidly evolving threat landscape. Read Full Story

The large app sec vendors are only now starting to recognize the mobile gap in their portfolio - that an SDK in mobile apps is needed to eliminate the growing mobile threat. But SDKs differ in how they gather and use contextual signals. This blog shows how to choose the right one and integrate it with your app security quickly to eliminate the threat from hacked apps and devices. Read Full Story

For years, mobile app developers have been at the mercy of app store gatekeepers like Apple and Google. These giants dictate distribution, set exorbitant fees, and often stifle innovation with restrictive rules. But the tide is turning. A global push for open app ecosystems is gaining momentum, and direct-to-consumer (DTC) distribution is emerging as a powerful alternative. Read Full Story

As Chinese smartphone manufacturers, like Realme, Oppo, Honor, and Huawei, make significant strides in Europe and other global markets, developers must broaden their scope to include non-GMS Android and HarmonyOS platforms. The days of concentrating solely on Apple, Google, or Samsung ecosystems are fading fast. This global perspective is not just about market reach; it's also about embracing a broader security and privacy posture across diverse operating environments. Read Full Story

Identity-based and social engineering attacks are surging in 2024. Stolen credentials give hackers immediate access and control… and an instant path to stealing data and orchestrating ransomware attacks. Credential stuffing attacks are the method of choice for hackers, so what are the steps you need to take to prevent them? Read Full Story