"Bank-grade security" is a term often used to describe a high level of security measures implemented in mobile applications to protect sensitive data, transactions, and user privacy. It implies that the app's security measures are at par with or comparable to the security standards employed by financial institutions, such as banks, which are known for their rigorous security practices. In this post, we will examine what is meant by this term and whether or not you should be comforted by it. Read Full Story

E-scooters are becoming an increasingly popular mode of transportation in cities around the world, offering a convenient and eco-friendly alternative to traditional forms of transport. However, as their popularity grows, so does the risk of vandalism and fraud, which can lead to significant financial losses for companies that operate e-scooter sharing programs. Read Full Story

  In today's digital landscape, securing mobile apps and APIs is of paramount importance. Among the various security solutions available, Approov stands out as truly unique. What sets Approov apart is its combination of Mobile App Security and Mobile API Security, within a single product.  With this innovative approach, Approov enables the lockdown of the Mobile API solely to clean mobile devices running authentic instances of the mobile app that have passed the Approov remote mobile app attestation process. This continuous verification process ensures the device and mobile app integrity, without any impact on user experience. Read Full Story

Mobile devices have become a ubiquitous part of our daily lives, and they are increasingly used for business and personal transactions. Mobile apps often rely on APIs to communicate with back-end systems and other third-party APIs, making them an essential component of modern mobile apps. However, APIs also create security risks that need to be addressed to prevent data breaches, cyber attacks, and other security incidents. Read Full Story

Mobile APIs are a crucial component of mobile app development, enabling apps to communicate with servers and access data. However, the security of these APIs is often misunderstood, leading to several myths and misconceptions surrounding mobile API security. We will discuss how HTTPS encryption, API keys, and authentication are not enough to fully secure mobile APIs, and how even private APIs are susceptible to attacks. We will also examine why mobile API security is a shared responsibility among developers, stakeholders, and security teams. Finally, we will explore the misconception that mobile app security is separate from mobile API security, and how both are crucial for protecting users and data. Read Full Story

The disclosure of three significant API security incidents in the first two months of 2023 serves as a reminder that, as the use of APIs continue to rise, so too does the number of API related security breaches. Read Full Story

Mobile app usage has grown significantly in recent years, and with this growth comes an increased need for mobile app security. Unfortunately, many mobile app developers hold misconceptions and myths about mobile app security, which can lead to a false sense of security that can result in security breaches and compromises of sensitive information. We will cover a range of myths including the belief that mobile app stores guarantee secure apps, that Android mobile apps are more insecure, that iOS is more secure, and that using HTTPS to call the API backend is enough to ensure security. Additionally, we will explore the myth that only popular and public-facing apps require security measures and the belief that only root or jail-broken devices are a concern in terms of mobile app security. Read Full Story

One of the most well-known checklists for mobile app security is found in the OWASP Mobile Application Security Verification Standard (MASVS). If you implement the OWASP Mobile App Security Checklist thoroughly and meet all the requirements, your mobile app will have a good security foundation.  However, there are still some potential security gaps to consider. First, the app itself is responsible for conducting security checks and making decisions about its own security, which could allow an attacker to use an instrumentation framework to bypass or modify these checks and decisions. Second, the API backend is not necessarily restricted to serving requests solely from genuine, unmodified instances of the mobile app that are not under attack or running on a compromised device and environment. Read Full Story

As a developer once said… It depends!!!  In a nutshell, it depends on what is motivating you to use obfuscation in the first place. If you plan to use only code obfuscation as a security measure then you may end up with a Maginot Line on your security defences. Read Full Story

Runtime Application Self-Protection (RASP) is a security technology that is designed to protect applications from attacks while the application is running. It works by embedding a security mechanism directly into the application, which allows it to monitor the application's behavior and detect and prevent malicious activities in real-time. Read Full Story