Approov Blog

Mobile App Development (2)

Safeguarding Security and Integrity: In today's digital landscape, mobile applications have become integral to our daily lives, offering convenience, entertainment, and essential services. However, with the rise of mobile app usage, there's also been a surge in unauthorized and malicious apps (aka Dummy Apps, Cloned Apps, Tampered Apps) that pose significant threats to users, organizations, and developers alike. In this blog post, we'll explore why it's imperative for developers to prevent the running of non-authorized apps from accessing your API’s and how cutting-edge solutions like Approov Mobile Security can help safeguard security and integrity. Read Full Story

This is a Guest Blog written by the CyLab-Africa team : Theoneste Byagutangaza, Lena Chacha, Trevor Henry Chiboora, Joel Jefferson Musiime and George McGregor from Approov. This week, we published a new report: “The Security Challenges of Financial Mobile Apps in Africa”. This is based on research carried out by a research team from CyLab-Africa, sponsored by Approov. The research reveals an alarming Fintech exposure in Africa – 95% of the apps investigated leak secrets! The full report is published on the Approov website here and is essential reading for any mobile app developers who are planning worldwide deployment. Read Full Story

What is OWASP MASVS? The OWASP (Open Worldwide Application Security Project) MASVS (Mobile Application Security Verification Standard) is a valuable resource for mobile app developers seeking to improve the security posture of their iOS and Android applications. The standard is based on the collective knowledge of security experts from around the world and provides both a baseline and a benchmark for security requirements for mobile apps. Read Full Story

Introduction Data breaches have become a persistent threat for organizations across the globe, with cybercriminals relentlessly targeting valuable data, sensitive customer information, and proprietary business data. The data below is alarming, but the key takeaway is through prevention, monitoring, and rapid remediation, costs can be eliminated or highly mitigated. Read Full Story

Mobile apps and APIs are increasingly being targeted by cybercriminals using sophisticated techniques to exploit vulnerabilities and gain access to sensitive data. To stay ahead of these threats, real-time analytics on the security state of mobile apps and devices is critical. Read Full Story

Everything. If you are reading this, then it's probably because you are actively considering a free 30 day Approov trial. Why are you interested in Approov? Well possibly because you have uncovered a security issue with a mobile app and that app is critical to your business. In any case, the pressure is on. Read Full Story

Mobile app usage has grown significantly in recent years, and with this growth comes an increased need for mobile app security. Unfortunately, many mobile app developers hold misconceptions and myths about mobile app security, which can lead to a false sense of security that can result in security breaches and compromises of sensitive information. We will cover a range of myths including the belief that mobile app stores guarantee secure apps, that Android mobile apps are more insecure, that iOS is more secure, and that using HTTPS to call the API backend is enough to ensure security. Additionally, we will explore the myth that only popular and public-facing apps require security measures and the belief that only root or jail-broken devices are a concern in terms of mobile app security. Read Full Story

One of the most well-known checklists for mobile app security is found in the OWASP Mobile Application Security Verification Standard (MASVS). If you implement the OWASP Mobile App Security Checklist thoroughly and meet all the requirements, your mobile app will have a good security foundation. However, there are still some potential security gaps to consider. First, the app itself is responsible for conducting security checks and making decisions about its own security, which could allow an attacker to use an instrumentation framework to bypass or modify these checks and decisions. Second, the API backend is not necessarily restricted to serving requests solely from genuine, unmodified instances of the mobile app that are not under attack or running on a compromised device and environment. Read Full Story

As a developer once said… It depends!!! In a nutshell, it depends on what is motivating you to use obfuscation in the first place. If you plan to use only code obfuscation as a security measure then you may end up with a Maginot Line on your security defences. Read Full Story

Runtime Application Self-Protection (RASP) is a security technology that is designed to protect applications from attacks while the application is running. It works by embedding a security mechanism directly into the application, which allows it to monitor the application's behavior and detect and prevent malicious activities in real-time. Read Full Story