Approov Blog

Mobile App Security

In 2024, a lot has happened to curtail the Apple and Google mobile app monopolies and mobile app developers are exploring exciting opportunities beyond the Google and Apple ecosystems. This blog presents a roundup of some of the key initiatives and how they may evolve in 2025. Read Full Story

The rapid pace of technological advancements, particularly in artificial intelligence (AI), has transformed both the opportunities and threats in the mobile app ecosystem. This blog describes why over-the-air (OTA) updates to security solutions are essential to maintain an effective security posture for apps and APIs in this rapidly evolving threat landscape. Read Full Story

The large app sec vendors are only now starting to recognize the mobile gap in their portfolio - that an SDK in mobile apps is needed to eliminate the growing mobile threat. But SDKs differ in how they gather and use contextual signals. This blog shows how to choose the right one and integrate it with your app security quickly to eliminate the threat from hacked apps and devices. Read Full Story

For years, mobile app developers have been at the mercy of app store gatekeepers like Apple and Google. These giants dictate distribution, set exorbitant fees, and often stifle innovation with restrictive rules. But the tide is turning. A global push for open app ecosystems is gaining momentum, and direct-to-consumer (DTC) distribution is emerging as a powerful alternative. Read Full Story

As Chinese smartphone manufacturers, like Realme, Oppo, Honor, and Huawei, make significant strides in Europe and other global markets, developers must broaden their scope to include non-GMS Android and HarmonyOS platforms. The days of concentrating solely on Apple, Google, or Samsung ecosystems are fading fast. This global perspective is not just about market reach; it's also about embracing a broader security and privacy posture across diverse operating environments. Read Full Story

Identity-based and social engineering attacks are surging in 2024. Stolen credentials give hackers immediate access and control… and an instant path to stealing data and orchestrating ransomware attacks. Credential stuffing attacks are the method of choice for hackers, so what are the steps you need to take to prevent them? Read Full Story

And Why Apple, Google and Huawei Need to Participate The OWASP MAS project continues to lead the way in mobile application security. This article describes the resources and tools which have recently been added to OWASP MAS, which provides mobile app security guidance and tools for developers and security professionals alike. Also, we will argue that OWASP really deserves to receive the full support of the major mobile platform and device vendors. Read Full Story

I will cut to the chase in this blog. Protecting and managing the API keys MUST be number one on your security to-do-list. A wave of recent breaches show just how exposed mobile apps are to API key abuse. This blog explains how to make a plan to fix the issue right now. Read Full Story

My favorite local sushi restaurant has just introduced a loyalty program so I can get discounts after I have ordered enough meals. But guess what - I have to download yet another mobile app to manage my points and enter my personal information. Also most of us use airline miles and often use credit cards which add miles and points to our airline and hotel loyalty programs. There is a problem with all this - loyalty and rewards apps are not secure. Read Full Story

On October 7th 2024, Tim Sweeney of Epic Games posted on X, “Big news! The Epic Games Store and other app stores are coming to the Google Play Store in 2025 in the USA - without Google's scare screens and Google's 30% app tax - thanks to victory in Epic v Google.” This is the latest victory in a wide-ranging battle to dismantle the app store duopoly of Apple and Google. This blog gives an overview of what is happening worldwide and where it will likely all end. Read Full Story