We're Hiring!

Approov Cordova QuickStart

Roman bridge in Cordoba, Spain

Editor's note: This post was originally published in June 2018 and has been revamped and updated for accuracy and comprehensiveness. The latest update was in July 2020.

Our aim is to make the process of integrating Approov into your mobile app easy. Our Cordova Advanced-HTTP Quickstart  allows you to get up and running with Approov easily, whether you are building a new Cordova app that uses Cordova Advanced HTTP or are adapting an existing one to have an improved security posture.

Cordova is a platform for building native mobile applications using HTML, CSS and JavaScript. It is an open source project managed by the Apache Software Foundation. Cordova Advanced HTTP is a popular Cordova plugin for communicating with HTTP(S) servers and it works for both Android and iOS. Please let us know if there is any other networking library that you would like to see supported out of the box for Cordova.

The Approov SDK is provided as a native library, with versions available for iOS and Android. You just need to download the latest versions and include the Cordova Advanced HTTP and Cordova Approov HTTP plugins that we provide, in your app.

This will automatically add special Approov tokens to your API calls that will prove to a backend API that the call is really coming from your official app, and not anything else trying to spoof requests. You control what versions of the app are valid, and also what characteristics of the runtime environment are allowed.

Approov has advanced detections for debugging, rooted and jailbroken devices, and the presence of certain frameworks that might be tampering with your app. You can choose to block apps running on such devices from receiving valid tokens and these settings can be automatically updated over the air. Approov also adds full support for certificate pinning in your app automatically to further heighten its security posture. You can administer the pins using the Approov cloud and changes are automatically sent down to your app when it connects.

If there are other platforms you would like to see supported then please get in touch.

 

Johannes Schneiders