Johannes Schneiders
Our Approov GRPC Quickstarts for Android/Java, iOS/Swift mobile clients and NodeJS server allow you to get up and running with Approov easily, whether you are building a new app or adapting an existing one to have an improved security posture.
Google Remote Procedure Call (GRPC) is an open source remote procedure call framework. It is implemented using Protocol Buffers and HTTP/2, and is available for many languages and platforms. It can be used to connect client with services and services with each other. We are focussed on mobile clients and the backend servers to which they connect.
We provide open source, platform specific packages which mediate access to the underlying Approov native modules. Once you have included these into your app, the changes you need to make to your app in order to send Approov tokens are minimal. You need to add the provided GRPC request interceptor to the protocol/communication stack which will automatically add special Approov tokens in the metadata of your GRPC calls that will prove to a backend server that the call is really coming from your official app, and not anything else trying to spoof requests. You control what versions of the app are valid, and also what characteristics of the runtime environment are allowed.
The packages also enable certificate pinning in your app automatically to further heighten its security posture. You can manage the pins using the Approov cloud and changes are automatically sent down to your apps over the air, making it unnecessary to push a new version to the app store or to force an update. More details on Approov dynamic certificate pinning are available in the Approov documentation.
Approov has advanced detections for debugging, rooted and jailbroken devices, and the presence of certain frameworks that might be tampering with your app. You can choose to block apps running on such devices from receiving valid tokens by updating an Approov security policy.
Below are links to the different Quickstarts, and an insight into the method and ease of integrating Approov in each case:
Android/Java request interceptor and pinning verifier: The Approov integration package is added through a JitPack dependency in your app's Gradle files and initialized once, on creation of the Application object.
You then add an `ApproovClientInterceptor` to the remote procedure call stubs that you would like to protect and use the `ApproovChannelBuilder` instead of the usual `ManagedChannelBuilder`. This then automatically adds the Approov token to all of your requests and also deals with pinning.
iOS/Swift request interceptor and pinning verifier: After adding the Approov integration package via the Swift Package Manager you can use the provided `ApproovClientConnection` in place of the `ClientConnectio`n class you would normally be using. Then add a `ClientInterceptor` factory that returns an `ApproovInterceptor` for any GRPC that should be protected. Once this is done, Approov tokens are added to all of your requests and pinning is taken care of.
NodeJS server token-check: This is an Approov Quickstart with a NodeJS server built with GRPC, demonstrating how to ensure that only requests with a valid Approov token get served. It shows how to include the provided Approov token verification function in your server code and then call it to check the token is valid before serving the GRPC request.
If you have any questions around why or how to use Approov in your project or if there are other platforms you would like to see supported then please get in touch.
