Everything. If you are reading this, then it's probably because you are actively considering a free 30 day Approov trial. Why are you interested in Approov? Well possibly because you have uncovered a security issue with a mobile app and that app is critical to your business. In any case, the pressure is on.
You need to address the security issue fast and you need to find out if Approov is the right solution to address the issue. The good news is that 30 days is more than enough time to implement and test Approov in your environment and you don't need to spend any money.
Approov is the most comprehensive End-to-End solution for mobile app and API security you can buy today. Approov works across Android, iOS and HarmonyOS to prevent malicious manipulation of the app, the device environment, the communications channel and the APIs used by the app. It also manages the secrets your apps use to authenticate API access. So, there are a lot of features you can try and verify during the free trial period!
We understand however that you may be focusing on one or more specific issues right now and it's worth laying out the key use-cases that customers test during a trial.
Depending on your priorities you will be looking at all or some of these use-cases during a trial:
- App and Device Attestation: Approov can stop modified apps, scripts and bots from accessing APIs and backend systems. When you turn on Approov you will see requests from bots and scripts turned away. This is the core functionality of Approov. You will use one of the Approov QuickStarts to integrate the SDK with your app. To allow the backend/API check you will use a backend Quickstart. If you are only testing Approov run-time secrets or dynamic pinning you will not need the backend integration.
- Man-in-the-Middle Attacks: Many customers are concerned about MitM attacks (And so they should be - these can be carried out by hacking the mobile device the app is running on). Approov implements dynamic certificate pinning, securing the communications channel in a way that service continuity is always assured.
- Runtime Secrets Management: You may urgently need to get API keys and other secrets out of your mobile code.For the trial you will need to decide which secrets in your mobile app you want Approov to manage and replace them in the code with a call to the SDK. You will see how Approov securely manages them for you and delivers them to your app only when needed and only when safe. More information here.
- Dynamic Security Policy Management: You will certainly want to try out how Approov supports the devops team with the implementation of highly granular security policies. Your team will always have complete dynamic control over what behaviour is acceptable. More information here.
- API Data Breach Mitigation: If your keys and secrets are stolen, your APIs can be exposed to attack. Approov allows you to rotate keys and certificates without having to update deployed apps and you should test this to feel confident that no matter what happens you can keep your apps running.
It is possible to deploy and test all of these use-cases in 30 days - In fact one of our customers managed to go from initial contact to deployment in 8 days (you can read about their experience here). The key is to define what you are trying to achieve and build a plan before you start the 30 day clock. You don't need to make up your plan from scratch. Take a look at this blog where we lay out a 5 step plan to ensure an effective trial.