Approov Blog

API

Mobile devices have become a ubiquitous part of our daily lives, and they are increasingly used for business and personal transactions. Mobile apps often rely on APIs to communicate with back-end systems and other third-party APIs, making them an essential component of modern mobile apps. However, APIs also create security risks that need to be addressed to prevent data breaches, cyber attacks, and other security incidents. Read Full Story

Mobile APIs are a crucial component of mobile app development, enabling apps to communicate with servers and access data. However, the security of these APIs is often misunderstood, leading to several myths and misconceptions surrounding mobile API security. We will discuss how HTTPS encryption, API keys, and authentication are not enough to fully secure mobile APIs, and how even private APIs are susceptible to attacks. We will also examine why mobile API security is a shared responsibility among developers, stakeholders, and security teams. Finally, we will explore the misconception that mobile app security is separate from mobile API security, and how both are crucial for protecting users and data. Read Full Story

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android. Approov immediately stops any automated tools or compromised apps from manipulating any part of the end-to-end mobile platform, turning away unauthorized access attempts by scripts, bots and fake or tampered apps. Read Full Story

First of all, this blog was written by a human being! Now that that's out of the way, let's get onto our main topic for today which is to take a look at ChatGPT and use it to understand some key aspects of mobile security. Read Full Story

API abuse is a growing concern in today's digital landscape, with criminals finding new and innovative ways to exploit APIs for their own gain. According to a recent study by Salt Security, "malicious API attack traffic surged 117% over the past year, from an average of 12.22 million malicious calls per month to an average of 26.46 million calls." This article explores the topic as it relates to mobile centric businesses. Read Full Story

The NestJS framework for NodeJS is built on top of the Express or Fastify frameworks with TypeScript support. NestJS provides an out-of-the-box application architecture to enable developers to create code that is loosely coupled, easy to maintain, and highly testable, which scales without getting in the way. Read Full Story

Our Approov GRPC Quickstarts for Android/Java, iOS/Swift mobile clients and NodeJS server allow you to get up and running with Approov easily, whether you are building a new app or adapting an existing one to have an improved security posture. Read Full Story

One of the key, if sometimes overlooked, features of Approov is its integrated support for dynamic certificate pinning. In this blog we explain how it works and its numerous advantages. Read Full Story

In this blog we introduce our new mobile certificate pinning configuration tool. This free web tool allows you to automatically generate the configuration required to pin your mobile app connections, providing an additional layer of security. Read Full Story

The AWS API Gateway platform aims to act as the front gate for APIs hosted in AWS, on premise, or even in other cloud services. The fully managed platform allows developers to create, publish, maintain, monitor and secure APIs at any scale. Read Full Story