Approov Blog

Mobile App Security

On October 7th 2024, Tim Sweeney of Epic Games posted on X, “Big news! The Epic Games Store and other app stores are coming to the Google Play Store in 2025 in the USA - without Google's scare screens and Google's 30% app tax - thanks to victory in Epic v Google.” This is the latest victory in a wide-ranging battle to dismantle the app store duopoly of Apple and Google. This blog gives an overview of what is happening worldwide and where it will likely all end. Read Full Story

Cross-platform development tools such as Flutter and React Native are increasingly being used to develop mobile apps. The financial and organizational advantages of using such frameworks are becoming clearer and any perceived shortcomings are being addressed. But what about security? This blog dives into cross-platform tools and argues that security should be cross-platform too. Read Full Story

Zero Trust says “assume breach” and your response plan must cover handling third-party security incidents too. Mobile apps depend on third party APIs, and you need to be prepared to act quickly if a service you depend on has a security incident. This blog discusses what you can do to maintain mobile app service continuity when there is a security incident, especially if it's not your fault. Read Full Story

We got together with our friends at Quokka recently to talk about securing the mobile application software development lifecycle and why it's important to get a dynamic feedback loop going between the security approaches you use at different stages of the life cycle. This blog presents some of the highlights of the recent webinar. Read Full Story

An Intellyx Analyst Guide for Approov by Jason Bloomberg and Eric Newcomer, Intellyx. Read Full Story

Approov publishes a New Whitepaper on Apple, Google and Huawei Mobile App Security We have been quite vocal about the shortcomings of the proprietary approaches to mobile app security from Apple, Google and Huawei. See these previous blogs: Read Full Story

Here at Appoov, we were wondering why there has been so little discussion about applying the principles of Zero Trust specifically to mobile apps when this is a concept which has become quite mainstream in enterprise security. Read Full Story

The Japanese Regulation in Context On June 12 2024 the Japanese Government passed into law the Act on Promotion of Competition for Specified Smartphone Software (SSCPA) or simply the Smartphone Act. Read Full Story

This overview outlines the development and adoption of Huawei HarmonyOS and the associated security solution Safety Detect, highlighting some limitations with the approach. As regulations such as the EU DMA force the use of alternative app stores, the dependence of Huawei security features on the use of the Huawei AppGallery app store and ecosystem will also prove to be problematic for developers. We also compare and contrast Huawei HarmonyOS Safety Detect with the comprehensive mobile security offered by Approov. Read Full Story

Let’s talk about bots. And be a little provocative. A review of bot solutions (see previous blog) reveals a common assumption that I think is misleading: Namely that separating good from bad bots and blocking the bad ones is complicated and requires elaborate solutions using machine learning, AI and whatnot. This common understanding is wrong. If your organization is using mobile apps you can easily and effectively block ANY unwanted automated traffic which is not coming from a legitimate and unmodified app and do this consistently and without generating false positives. Intrigued? Then read on. Read Full Story