George McGregor

The Japanese Regulation in Context On June 12 2024 the Japanese Government passed into law the Act on Promotion of Competition for Specified Smartphone Software (SSCPA) or simply the Smartphone Act. Read Full Story

This overview outlines the development and adoption of Huawei HarmonyOS and the associated security solution Safety Detect, highlighting some limitations with the approach. As regulations such as the EU DMA force the use of alternative app stores, the dependence of Huawei security features on the use of the Huawei AppGallery app store and ecosystem will also prove to be problematic for developers. We also compare and contrast Huawei HarmonyOS Safety Detect with the comprehensive mobile security offered by Approov. Read Full Story

Let’s talk about bots. And be a little provocative. A review of bot solutions (see previous blog) reveals a common assumption that I think is misleading: Namely that separating good from bad bots and blocking the bad ones is complicated and requires elaborate solutions using machine learning, AI and whatnot. This common understanding is wrong. If your organization is using mobile apps you can easily and effectively block ANY unwanted automated traffic which is not coming from a legitimate and unmodified app and do this consistently and without generating false positives. Intrigued? Then read on. Read Full Story

In case you didn't notice, the OWASP Mobile Top 10 List was just updated, for the first time since 2016! This is important for developers since this list represents the list of the most crucial mobile application security risks in 2024. This blog explains how this fits in with other OWASP security guidelines, summarizes each of the 10 risks and discusses some possible next steps for developers. Read Full Story

Gaming Means Mobile Gaming With the rise in popularity, mobile games have become a massive target for hackers, and cybersecurity should be a priority for both developers and players. However recent research shows that mobile games are still not well protected. This could be due to developers struggling to prioritize the long list of overlapping threats which must be mitigated, or concern around the possible negative impact of security solutions on customer experience. Read Full Story

On January 10th 2024 the Cyber Security Agency of Singapore (CSA) published V1.0 of the Singapore Safe App Standard. This is intended to help app developers and providers enhance mobile app security. The standard provides a common security benchmark and guidance to app developers and providers on the necessary security controls and best practices to better protect any mobile applications, and in so doing, enhance the protection of user data and app transactions. It is intended to cover apps developed or deployed in Singapore. Read Full Story

This overview outlines the history and use of Apple DeviceCheck including the DeviceCheck App Attest feature. It will highlight how this security solution is used and highlight some limitations. We also compare and contrast Apple DeviceCheck and App Attest with the comprehensive mobile security offered by Approov. Read Full Story

This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. The imminent deprecation of Google SafetyNet Attestation API means this is a good time for a comprehensive evaluation of solutions in this space. Read Full Story

Apple and MIT recently published a study indicating that 2.6 billion personal records were exposed through data breaches over the last two years. These findings underscore the need for protecting data in the cloud through mobile attestations and improved API security. Watches, wearables and other new types of mobile devices are now the weakest link in the mobile app threat landscape. Approov addresses this threat head on with Release 3.2 of the solution. While Release 3.2 includes other important enhancements (detailed in the Press Release), this blog specifically explores the crucial advancements made to enhance the security of the Apple Watch. Read Full Story

Approov stands at the forefront of mobile cybersecurity: Our expansive customer base, ongoing research initiatives and the insights we collect from our live threat metrics, give us unique visibility into trends in mobile security. Based on this data, we wanted to share our predictions for 2024. We don't claim to be able to predict the future but we do think we can see some trends that will help you prepare your own plan for navigating the challenges and opportunities that lie ahead in 2024. First, let's talk about some general trends we see and then dive into our mobile predictions. Read Full Story