API Security

In a previous article, we discussed “When do we add security into our app and onto our APIs?” The conclusion was to do it as soon as possible! That said, there are still choices to be made so in this article we explore how you should decide on appropriate protections for your mobile app and APIs. Read Full Story

A Man-in-the-Middle attack can come in multiple forms. This article describes these and how you can mitigate such attacks. Read Full Story

Certificate pinning is a security measure that mobile app developers can use to improve the security of their apps. It ensures that your app only connects with a backend API via TLS if the presented certificate chain includes at least one certificate public key that is known to be trusted. This means that the app is not simply reliant on the contents of the trust store on its device, but also requires an additional level of verification. Read Full Story

Certificate Pinning is a security technique that involves binding a cryptographic certificate to a specific host or domain. This ensures that the app and server communications are protected from man-in-the-middle attacks. Developers can use Certificate Pinning to safeguard against malicious certificates and ensure that only certificates issued by a trusted Certificate Authority (CA) are accepted. When used correctly, Certificate Pinning can be an effective security measure.  Read Full Story

As mobile devices become increasingly popular in the workplace, so do attacks targeting mobile apps. In fact, according to a recent 2021 cybersecurity study by Checkpoint, 46% of organizations had at least one employee download a malicious mobile application threatening networks and data. What is mobile app shielding and how can it help protect businesses that rely on mobile apps? Read Full Story

In the final part of this four part series, we’ll recommend what actions you should take and when you should take them in order to implement effective shielding of your mobile app and APIs it uses. Read Full Story

Our Approov GRPC Quickstarts for Android/Java, iOS/Swift mobile clients and NodeJS server allow you to get up and running with Approov easily, whether you are building a new app or adapting an existing one to have an improved security posture. Read Full Story

We sponsored a major report “Playing with FHIR” by Alissa Knight, released in October 2021 (download it here) which investigated the security of mobile healthcare apps and APIs which use the FHIR standard. This report has certainly sparked a lot of debate about the security of healthcare apps and a broader discussion about who is accountable for keeping patient data safe as the ecosystem expands.  Read Full Story

Editor's note: This post was originally published in November 2021 in ThreatPost Most users who install applications through legitimate channels such as Google's Play Store or the Apple Store do so with complete trust that their information is safe from malicious attacks. This makes sense because they're the official app stores across the globe.  Read Full Story

Considering the recent “Playing with FHIR” research report together with the earlier “All that We Let In” research report (which looked at the state of mHealth app/API security), it would be understandable if healthcare organizations were unsure of what immediate actions they should take. In this article we will focus on healthcare service companies who have patient or clinician mobile apps, for whom we will recommend 3 immediate steps which should be taken today. Read Full Story