We're Hiring!

Approov Blog
Mobile App Security (3)

How to Use a MitM Attack to Bypass Code Obfuscation to Extract Secrets From the ChatGPT Mobile App

June 23, 2023

In a previous article, we saw how to use code obfuscation to make it more difficult for an attacker to extract a secret through static binary analysis of the ChatGPT demo mobile app. However, it's important to note that code obfuscation is not always as effective in protecting secrets as we might hope. It can give a false sense of security, similar to the Maginot Line that the French built during World War II to deter the German invasion of France. As many know, the German military simply went around the Maginot Line and quickly invaded France, rendering it useless. This event is now often used as an analogy for situations where something provides a false sense of security rather than actual security. Read Full Story

How to Use Code Obfuscation to Hide Secrets in Your Mobile App

June 21, 2023

Mobile app security is a crucial aspect that needs to be prioritised by developers and businesses alike. With the increasing number of cyber-attacks targeting mobile apps and their APIs, it's more important than ever to take measures to protect the secrets used by mobile apps to access their APIs to protect users' sensitive data and prevent unauthorised access to it and subsequent data breach. Read Full Story

What is “Bank-Grade Security” and is it Enough?

June 7, 2023

"Bank-grade security" is a term often used to describe a high level of security measures implemented in mobile applications to protect sensitive data, transactions, and user privacy. It implies that the app's security measures are at par with or comparable to the security standards employed by financial institutions, such as banks, which are known for their rigorous security practices. In this post, we will examine what is meant by this term and whether or not you should be comforted by it. Read Full Story

Can You Protect E-Scooters from Vandalism and Fraud?

May 30, 2023

E-scooters are becoming an increasingly popular mode of transportation in cities around the world, offering a convenient and eco-friendly alternative to traditional forms of transport. However, as their popularity grows, so does the risk of vandalism and fraud, which can lead to significant financial losses for companies that operate e-scooter sharing programs. Read Full Story

Comparing Mobile App & API Security from Approov to Zimperium (A-Z)

May 15, 2023

In today's digital landscape, securing mobile apps and APIs is of paramount importance. Among the various security solutions available, Approov stands out as truly unique. What sets Approov apart is its combination of Mobile App Security and Mobile API Security, within a single product. With this innovative approach, Approov enables the lockdown of the Mobile API solely to clean mobile devices running authentic instances of the mobile app that have passed the Approov remote mobile app attestation process. This continuous verification process ensures the device and mobile app integrity, without any impact on user experience. Read Full Story

Mobile App Security Myths

April 14, 2023

Mobile app usage has grown significantly in recent years, and with this growth comes an increased need for mobile app security. Unfortunately, many mobile app developers hold misconceptions and myths about mobile app security, which can lead to a false sense of security that can result in security breaches and compromises of sensitive information. We will cover a range of myths including the belief that mobile app stores guarantee secure apps, that Android mobile apps are more insecure, that iOS is more secure, and that using HTTPS to call the API backend is enough to ensure security. Additionally, we will explore the myth that only popular and public-facing apps require security measures and the belief that only root or jail-broken devices are a concern in terms of mobile app security. Read Full Story

Mobile App Security Checklist

April 12, 2023

One of the most well-known checklists for mobile app security is found in the OWASP Mobile Application Security Verification Standard (MASVS). If you implement the OWASP Mobile App Security Checklist thoroughly and meet all the requirements, your mobile app will have a good security foundation. However, there are still some potential security gaps to consider. First, the app itself is responsible for conducting security checks and making decisions about its own security, which could allow an attacker to use an instrumentation framework to bypass or modify these checks and decisions. Second, the API backend is not necessarily restricted to serving requests solely from genuine, unmodified instances of the mobile app that are not under attack or running on a compromised device and environment. Read Full Story

How Do You Make a Mobile App Secure?

April 10, 2022

Mobile apps are an integral part of our lives, but all too often, they're not secure. Over the years, several high-profile cases of mobile app data being stolen or compromised have hit the headlines. Uber, for example, had to pay $148 million to settle claims when hackers accessed the personal information of 25 million customers and drivers. In this article we'll look at some of the main insecurities in mobile platforms and how you should approach protecting your mobile business. Read Full Story