In the digital age, social media platforms often face a critical trade-off: move fast and risk security breaches, or slow down to lock down data. For WeAre8—a purpose-engineered platform that redistributes value to creators, users, and communities—compromising on either wasn't an option.With approximately $50 million in annual revenue and a highly engaged global user base, WeAre8 treats user trust as its most valuable currency. To scale security alongside growth—especially as they prepare to launch internal digital wallets and integrated financial ecosystems—WeAre8 partnered with Approov to revolutionize their API security.
Here is how they did it.
The Hurdles of DIY Mobile Security
Operating a fast-growing platform with an agile engineering team meant that manual security management was no longer sustainable. Standard approaches to mobile security often required tedious code updates and frequent maintenance, diverting critical developer resources away from core product innovation. WeAre8 needed an automated solution that could secure their mobile applications against sophisticated threats without introducing friction for their users or overhead for their team.
How Approov Rewrote the Playbook
Approov provided a comprehensive, automated approach to mobile API protection through three core pillars:
1. Cryptographic App Attestation
Approov ensures that only genuine, untampered versions of the WeAre8 app running on safe mobile devices can access their backend APIs. This effectively blocks scripts, bots, and modified apps from executing malicious requests.
2. Fully Managed Dynamic Certificate Pinning
Traditional certificate pinning protects mobile traffic from Man-in-the-Middle (MitM) attacks but is notoriously difficult to manage manually, often leading to app crashes when certificates expire. Approov automates and manages this entire lifecycle, allowing WeAre8 to update certificates dynamically over the air without requiring an app store update.
3. Runtime Secrets Protection
Hardcoding API keys and secrets within a mobile app exposes them to reverse-engineering. Approov manages and delivers these secrets dynamically at runtime, ensuring they are only revealed to verified, secure instances of the app.
To discover the outcomes and explore the full story, read the case study here.
Mark Mazur
Field CTO of Approov
Mark Mazur is an accomplished Chief Technology Officer and Field CTO with over 20 years of experience architecting and scaling enterprise, mobile, web, AI, and server software. He has a proven track record of driving technology strategy for high-growth startups and mature organizations across cybersecurity, fintech, ad-tech, messaging, and gaming. Currently serving as the Field CTO at Approov Mobile Security, Mark specializes in mobile app security, API abuse prevention, and zero-trust bot protection. Previously, as CTO at Grow Credit Inc., he led a globally distributed, rapid Agile engineering team of 20+ engineers to deploy a containerized microservice platform and multiple partner integrations serving over 100K active users. Over his distinguished career, he has built robust MVPs, optimized infrastructure, and partnered with CEOs to create massive investor value for companies including TextPlus, Mobilityware, November Media, and NorthBay Solutions.
