We have released a short video that demonstrates how fake apps can be used to commit fraud against your business and how Approov can help your organisation to fight back against these fake and/or repackaged apps.
Fake apps can find their way into the regular app stores, posing as the genuine app, and if they can get a few good reviews, they may claim the rankings sufficiently to be downloaded by unsuspecting customers. Alternatively, phishing attacks may present customers with links to sideload modified apps onto their mobile devices. Either way the customer ends up entering user credentials and confirming transactions using an apps which looks correct on the outside but under the hood is not behaving as expected by the customer.
Using the example of a new mobile app for banking launched by a fictional fintech company, allowing users to make payments directly from their mobile app, the video shows what impact a fake app can have on the fintech’s business and its customers and how user login and two factor authentication (2FA) just are not good enough unless it is guaranteed a customer is using the genuine app.
It then goes on to tell how the fintech company fights back by integrating Approov's app authentication into their app and their API service running in the cloud. This is demonstrated through a real-life (and very quick!) integration of Approov into the mobile app and the company's API server code.
Finally it showcases, again using a live example, how the fintech succeeds in protecting their business and their customers by locking out fake apps from accessing the company's cloud service and only allowing the fintech's genuine app.
Watch the BankSafe Demo (11 minutes) to learn, in a nutshell, why it is not enough to know who (a genuine customer), but also what (a genuine app) connects to an API, and how to achieve that. Note that although the video highlights a fintech app, fake apps are a problem in many sectors, including retail/e-commerce and healthcare.