Skip to content

How WeAre8 Scaled Trust Without Slipping on Innovation

Social Network Concept

In the digital age, social media platforms often face a critical trade-off: move fast and risk security breaches, or slow down to lock down data. For WeAre8—a purpose-engineered platform that redistributes value to creators, users, and communities—compromising on either wasn't an option.With approximately $50 million in annual revenue and a highly engaged global user base, WeAre8 treats user trust as its most valuable currency. To scale security alongside growth—especially as they prepare to launch internal digital wallets and integrated financial ecosystems—WeAre8 partnered with Approov to revolutionize their API security.

Here is how they did it.

The Hurdles of DIY Mobile Security

Operating a fast-growing platform with an agile engineering team meant that manual security management was no longer sustainable. Standard approaches to mobile security often required tedious code updates and frequent maintenance, diverting critical developer resources away from core product innovation. WeAre8 needed an automated solution that could secure their mobile applications against sophisticated threats without introducing friction for their users or overhead for their team.

How Approov Rewrote the Playbook

Approov provided a comprehensive, automated approach to mobile API protection through three core pillars:

1. Cryptographic App Attestation

Approov ensures that only genuine, untampered versions of the WeAre8 app running on safe mobile devices can access their backend APIs. This effectively blocks scripts, bots, and modified apps from executing malicious requests.

2. Fully Managed Dynamic Certificate Pinning

Traditional certificate pinning protects mobile traffic from Man-in-the-Middle (MitM) attacks but is notoriously difficult to manage manually, often leading to app crashes when certificates expire. Approov automates and manages this entire lifecycle, allowing WeAre8 to update certificates dynamically over the air without requiring an app store update.

3. Runtime Secrets Protection

Hardcoding API keys and secrets within a mobile app exposes them to reverse-engineering. Approov manages and delivers these secrets dynamically at runtime, ensuring they are only revealed to verified, secure instances of the app.

To discover the outcomes and explore the full story, read the case study here.