Mobile App Security: Uncovering the Risks of Secret Theft at Runtime

March 23, 2023

This is our second blog highlighting the results of the Approov Threat Lab Report. Read Full Story

Do You Want to Know a Secret? Just Take a Look Inside Top Finance Apps

March 7, 2023

Financial apps have access to valuable and sensitive personal data, so you would think mobile app security would be top-of-mind for financial institutions. But is it?  Read Full Story

ChatGPT and API Security

February 3, 2023

First of all, this blog was written by a human being! Now that that's out of the way,  let's get onto our main topic for today which is to take a look at ChatGPT and use it to understand some key aspects of mobile security.  Read Full Story

Approov’s Resolution for the New Year is Securing your Healthcare Data

January 12, 2023

Data breaches involving the healthcare industry can have serious consequences, as they can compromise sensitive and personal information such as medical records, financial data, and personal identification numbers. Mobile apps are increasingly being used in the healthcare industry to provide services such as telemedicine, appointment scheduling, and electronic health records, and these apps can also be vulnerable to data breaches. Read Full Story

How to Prevent API Abuse on Mobile Apps

December 2, 2022

API abuse is a growing concern in today's digital landscape, with criminals finding new and innovative ways to exploit APIs for their own gain. According to a recent study by Salt Security, "malicious API attack traffic surged 117% over the past year, from an average of 12.22 million malicious calls per month to an average of 26.46 million calls." This article explores the topic as it relates to mobile centric businesses. Read Full Story

Can I Share My API Key?

November 28, 2022

An API key is a token provided by a client when making API calls. It is used to authenticate and authorize access to specific resources. In this article, we answer the question, "Can I share my API key?" and provide some guidance on when it is appropriate to do so. Read Full Story

Is Certificate Pinning Worth it?

November 24, 2022

In a word - yes; when implemented correctly, certificate pinning is an effective method for securing mobile application traffic by restricting the accepted certificates to just those you are willing to trust. In its most secure manifestation, this trust sits outside the standard TLS certificate store managed by the device. Read Full Story

What is SafetyNet and How Does it Improve Android Security?

November 21, 2022

The Google SafetyNet API is a service for verifying the trustworthiness of the Android operating system on a given device mobile device. In this article we will look at the security it brings and how that will change as it is replaced by Google’s Play Integrity API. Read Full Story

Securing Mobile Gambling Platforms

November 8, 2022

Gambling has come a long way since the days of visiting a bricks and mortar outlet and filling in some paperwork to bet on a small set of events and outcomes. Recent years have seen dramatic changes in this market. In this article we’ll look at how it has evolved and what the security implications are. Read Full Story

How Do I Protect My Flutter App?

October 10, 2022

Google’s open source Flutter has quickly become one of the most popular development toolkits for building cross platform mobile applications. In this article we will examine what security is built-in to Flutter mobile apps and recommend additional layers which you may wish to consider for your mobile projects. Read Full Story