We're Hiring!

Approov Android Native Integration QuickStarts


Photo by Pathum Danthanarayana on Unsplash

Our aim is to make the process of integrating Approov into your mobile app as simple as possible. Our Quickstart guides show you how to Approov into your app, tailored to whatever framework or programming style you’ve already adopted. In this blog we are going to cover the comprehensive options we have for Android Native app development.

Since Approov is an API protection solution, the integration will depend on the particular way you’ve chosen to make backend API calls using your app. We have Quickstart support for HttpsUrlConnection, OkHttpRetrofit and Volley. For OkHttp and Retrofit we have Kotlin specific additions too - although you can always cross call into our Java code anyway. Getting started just means integrating our SDK and then a simple open source layer that adapts to your API calling stack. It’s straightforward. Just follow our step-by-step guides. 

Once you’ve downloaded the SDK and added our framework code layer, the changes you need to make to your app in order to send Approov tokens is minimal. Moreover, this will also provide certificate pinning in your app automatically to further heighten its security posture. You can administer the pins using the Approov cloud and changes are automatically sent down to your apps when they connect.

Here are the links to the different Quickstarts, and an insight into how easy integrating Approov is:

Java OkHttp, Kotlin OkHttp: An Approov initialisation call is required in the Application class for when the app is launched. You can then call a method on ApproovService to get a custom OkHttpClient to make your API calls. This automatically adds the Approov token to requests and deals with pinning.

Java Retrofit, Kotlin Retrofit: An Approov initialisation call is required in the Application class for when the app is launched. Then in your method to get a Retrofit instance you call a method in ApproovService that can be customized with your Retrofit Builder parameters. This adds the Approov token and pinning automatically to all the calls you make. Typically there is only one lazy constructor for the Retrofit instance, so this single change adds Approov to your API calls across your app.

Java HttpsUrlConnection: An Approov initialisation call is required in the Application class for when the app is launched. Just pass each new HttpsUrlConnection as a parameter to a special ApproovService method. This adds the Approov token and adds a custom HostnameVerifier to deal with pinning.

Java Volley: You simply need to call a custom ApproovService initializer in your VolleyService class. Then calls to get the RequestQueue simply need to be passed a special Approov BaseHttpStack, that automatically adds Approov tokens and deals with pinning. Typically these are part of a factory class so you only need to change this once to add Approov to all your API calls across your app.

If there are other platforms you would like to see supported then please just get in touch.



Richard Taylor

- CTO and Co-Founder at Approov Ltd
Chief Technical Officer with more than 30 years of industry experience. Background in compiler optimization and processor architecture, working more recently in application security and cloud computing technologies. Richard Co-Founded and is CTO of Approov Mobile Security (previously Critical Blue Ltd) and has led a number of innovative product developments in the area of EDA, software optimization and remote software attestation.