Approov Blog

Mobile API Security

Personalization is a double edged sword. On one hand, it enhances user experiences by offering tailored recommendations, but on the other hand, it raises significant privacy concerns. Google Play's recent announcement about introducing new personalization options is a prime example of this dichotomy. While these changes promise a richer, more tailored experience for users, they also highlight some underlying privacy risks that cannot be ignored. Read Full Story

Understanding the Security Risks and Solutions for Protecting Sensitive Data There is a trend emerging for anyone launching a consumer business. Almost every business these days does two things: the first is to create an app and the second is to publish an API. Read Full Story

The recent breach at AT&T has once again highlighted the critical importance of robust security measures throughout the supply chain. As reported by SC Magazine, this incident has left many questioning the security of their sensitive information. This incident, affecting millions of customers, highlights why mobile devices and their data are prime targets for cybercriminals and why their security must be a priority. Read Full Story

Major API Breaches in H1 of 2024 Earlier this year, we provided an overview of the significant security breaches from 2023. It's now clear that for API related breaches, this year is on track to be even worse. Read Full Story

This overview outlines the development and adoption of Huawei HarmonyOS and the associated security solution Safety Detect, highlighting some limitations with the approach. As regulations such as the EU DMA force the use of alternative app stores, the dependence of Huawei security features on the use of the Huawei AppGallery app store and ecosystem will also prove to be problematic for developers. We also compare and contrast Huawei HarmonyOS Safety Detect with the comprehensive mobile security offered by Approov. Read Full Story

Let’s talk about bots. And be a little provocative. A review of bot solutions (see previous blog) reveals a common assumption that I think is misleading: Namely that separating good from bad bots and blocking the bad ones is complicated and requires elaborate solutions using machine learning, AI and whatnot. This common understanding is wrong. If your organization is using mobile apps you can easily and effectively block ANY unwanted automated traffic which is not coming from a legitimate and unmodified app and do this consistently and without generating false positives. Intrigued? Then read on. Read Full Story

E-scooters are becoming an increasingly popular mode of transportation in cities around the world, offering a convenient and eco-friendly alternative to traditional forms of transport. However, as their popularity grows, so does the risk of vandalism and fraud, which can lead to significant financial losses for companies that operate e-scooter sharing programs. Read Full Story

Financial apps have access to valuable and sensitive personal data, so you would think mobile app security would be top-of-mind for financial institutions. But is it? Read Full Story

API authentication is about proving that whoever is trying to access an API is who they say they are. This is sometimes confused with authorization which is about proving that whoever is trying to access data via the API has the right to access that data. In this article we’ll discuss the main API authentication methods (HTTP basic authentication, API Keys and OAuth2) and whether they provide sufficient protection for your APIs. Read Full Story

Mobile apps commonly use APIs to interact with backend services and information. In 2016, time spent in mobile apps grew an impressive 69% year to year, reinforcing most companies' mobile-first strategies, while also providing fresh and attractive targets for cybercriminals. As an API provider, protecting your business assets against information scraping, malicious activity, and denial of service attacks is critical in maintaining a reputable brand and maximizing profits. Read Full Story