We're Hiring!

Approov Partnership with BMW on Secure & Seamless Car Share Experience

BMW  and Approov API Threat Protection logos on white backgroundCar theft risks and business-critical security issues are resolved with Approov API authentication software for mobile apps

EDINBURGH — Nov. 10, 2020 — Approov, the award-winning, anti-fraud, anti-bot software solution delivering secure mobile business for the automotive and mobility industry, today announced a partnership with BMW Group to provide a secure, safe and seamless car-sharing
experience. The BMW Group Car Sharing Platform, including the Approov SDK, has already been deployed in several thousand vehicles globally.

Approov was developed specifically for mobile-centric businesses and has been on the market since 2016. It uses patented API (Application Programming Interface) authentication methods to ensure security of critical data and communications in the mobile channel, dramatically reducing the risk of vehicle theft or fraudulent use of car sharing services. The latest Approov release enables offline capabilities in addition to other advanced features relevant to protecting automotive platforms.

“Approov secures the car sharing ecosystem with its unique mobile app authentication technology that stops bad actors at the curb,” said David Stewart, Approov CEO. “Our software and service creates a fortress around the virtual car key, so any attackers’ attempts to misuse
them is thwarted immediately. Major players in the automotive industry are deploying Approov because they recognize its ability to protect the interests of everyone involved in the mobility supply chain.”

The trend away from private car ownership toward car sharing has been evident for some time, with ride-hailing services and shared vehicles becoming feasible alternatives to car ownership. Our customer recognizes the opportunity presented by the explosive growth in car-sharing services, and now offers vehicles that are factory-ready for deployment as car sharing assets.

Most car sharing vehicles are regular models where car sharing hardware and software are retrofitted into the car prior to being added to the car sharing providers’ fleet. This adds an additional step into the process of setting up, running, and maintaining a car sharing service. OEMs who take ownership for the delivery of vehicles which are immediately capable of delivering a comprehensive car sharing service, including all the required security measures, are highly differentiated in the market. It’s clear that the mobile app is a critical component in the system since it is the main user touchpoint for searching, booking and executing car sharing activities, in particular locking and unlocking the vehicles. Traditional mobile ‘app as a key’ approaches which work well for car ownership use cases do not scale into the car sharing world.

Read our customer story to learn more about Approov’s partnership with BMW Group.

Leading Mobility Providers Already use Approov 

This disruptive car sharing trend represents a significant change for the industry, but it also presents a host of security issues for service providers, including personal and company data breaches, competitor price aggregation, and potential automobile theft. Approov’s goal is to minimize the risk of car theft or fraudulent use of the car sharing service, while ensuring the smoothest user experience possible. Using patented technology, Approov ensures that the API request is coming from a genuine instance of the mobile app and that it is operating within a safe environment. This additional layer of security is critical because the mobile app is the main user touchpoint for searching, booking and executing car sharing activities, in particular locking and unlocking the vehicles.

Leading car-sharing providers see the value of Approov in protecting their businesses from disruption caused by third-party aggregation services. Preventing API misuse by scripts — which impersonate genuine mobile app traffic — is vitally important to maintaining control of
business-critical data and ensuring a positive customer relationship. Frictionless protection is necessary to enable car sharing to securely reach its full potential.

Learn more in the SIXT case study.

Customer and Company Data Breaches Avoided with Approov 


In Verizon’s Mobile Security Index 2019 report, companies of all sizes were asked if they needed to take mobile app security more seriously. The majority of respondents said they were not doing enough, with 90% saying mobile app security needed to be highly prioritized. Approov’s proprietary technology differs by rising above just defending mobile apps to provide car sharing companies a comprehensive method of preventing anything other than a genuine mobile app instance from communicating with the company’s backend server; thereby completely shielding its Application Programming Interface (API).

Approov Eliminates Pricing Aggregation Challenges


Aggregators extract pricing and location information about available rental vehicles and relay them to their own mobile apps. This data aggregation jeopardizes the consumer transaction and can impact company revenue and brand reputation. The Approov solution enables mobility suppliers to successfully block and/or manage aggregator access, providing a secure experience for both the customer and company.

Approov Delivers More Security Through Unique Offline Capabilities

Approov also enables business protection independent of the presence of cellular or WiFi Internet connectivity, a particularly relevant use case for the mobility sector. Mobile app authentication can be carried out directly by the vehicle, via a local Bluetooth connection.

“Approov allows car-sharing customers to have the exact same experience and level of security, even if they are five levels below in a parking garage or in an area where wireless service is unavailable,” said Richard Taylor, CTO of Approov. “Ultimately, Approov facilitates a
fundamental advance in securing the mobile economy by protecting digital assets from cyberattacks and fraud vectors. This re-establishes the two-way trust needed to truly secure businesses and their customers around the world.”

The anti-fraud and anti-bot security solution provided by Approov is delivering a safe, dependable, and frictionless experience for the automotive industry, their customers, and the car sharing ecosystem. This next-generation technology is also having an impact on the financial technology, mHealth and retail industries, with additional announcements from Approov to come.

About Approov

Approov cares about making mobile safe for consumers and businesses. With the explosive growth in API and mobile app use overriding traditional web and network security solutions, Approov saw the pressing need for a new approach to protect mobile APIs that would provide a much stronger accept/reject authorization signal. After perfecting techniques to ensure that only genuine mobile app instances are able to access APIs, Approov went live in 2016. 

Approov brings deep skills in binary level dynamic software analysis and in building robust cloud service platforms. It has significant expertise in mobile operating systems and runtimes, having delivered advanced analysis tools and contract services to optimize performance of both consumer and highly secure system platforms.

Contact: Kevin Gaboury, Nereus for Approov
(541) 729-0980
approov@nereus-worldwide.com

David Stewart

- Advisor at Approov / Former CEO of Approov
30+ years experience in security products, embedded software tools, design services, design automation tools, chip design.