Approov Blog

Identity-based and social engineering attacks are surging in 2024. Stolen credentials give hackers immediate access and control… and an instant path to stealing data and orchestrating ransomware attacks. Credential stuffing attacks are the method of choice for hackers, so what are the steps you need to take to prevent them? Read Full Story

And Why Apple, Google and Huawei Need to Participate The OWASP MAS project continues to lead the way in mobile application security. This article describes the resources and tools which have recently been added to OWASP MAS, which provides mobile app security guidance and tools for developers and security professionals alike. Also, we will argue that OWASP really deserves to receive the full support of the major mobile platform and device vendors. Read Full Story

I will cut to the chase in this blog. Protecting and managing the API keys MUST be number one on your security to-do-list. A wave of recent breaches show just how exposed mobile apps are to API key abuse. This blog explains how to make a plan to fix the issue right now. Read Full Story

My favorite local sushi restaurant has just introduced a loyalty program so I can get discounts after I have ordered enough meals. But guess what - I have to download yet another mobile app to manage my points and enter my personal information. Also most of us use airline miles and often use credit cards which add miles and points to our airline and hotel loyalty programs. There is a problem with all this - loyalty and rewards apps are not secure. Read Full Story

The image above shows the download page for the messaging app Viber. What makes this image significant is that it features not just the usual two icons for Apple's App Store and Google Play, but also icons for Huawei's AppGallery, GetApps, and Samsung's Galaxy Store. This is a direct result of Epic Games winning their lawsuit against Google, which has paved the way for alternative app stores to gain a foothold in the mobile market. Read Full Story

On October 7th 2024, Tim Sweeney of Epic Games posted on X, “Big news! The Epic Games Store and other app stores are coming to the Google Play Store in 2025 in the USA - without Google's scare screens and Google's 30% app tax - thanks to victory in Epic v Google.” This is the latest victory in a wide-ranging battle to dismantle the app store duopoly of Apple and Google. This blog gives an overview of what is happening worldwide and where it will likely all end. Read Full Story

Cross-platform development tools such as Flutter and React Native are increasingly being used to develop mobile apps. The financial and organizational advantages of using such frameworks are becoming clearer and any perceived shortcomings are being addressed. But what about security? This blog dives into cross-platform tools and argues that security should be cross-platform too. Read Full Story

In the ongoing legal battle between Epic Games, Google, and Samsung, the focus on monopolistic practices within the mobile app ecosystem is intensifying. Epic’s lawsuit highlights a critical issue that extends beyond gaming—how Google and Samsung maintain a stranglehold over mobile app distribution. This is not just a matter of antitrust law but also one of innovation, privacy, and security in mobile app development. Read Full Story

Zero Trust says “assume breach” and your response plan must cover handling third-party security incidents too. Mobile apps depend on third party APIs, and you need to be prepared to act quickly if a service you depend on has a security incident. This blog discusses what you can do to maintain mobile app service continuity when there is a security incident, especially if it's not your fault. Read Full Story

We got together with our friends at Quokka recently to talk about securing the mobile application software development lifecycle and why it's important to get a dynamic feedback loop going between the security approaches you use at different stages of the life cycle. This blog presents some of the highlights of the recent webinar. Read Full Story