BMW Customer Story
Securing a Car Sharing Platform
BMW Group offers vehicles that are factory-ready for deployment as car sharing assets and uses Approov to ensure maximum platform security with minimal customer impact across all use cases.
Most car-sharing vehicles are regular models with car-sharing hardware and software retrofitted prior to being added to the car-sharing providers’ fleet. This adds an additional step into the process of setting up, running, and maintaining a car-sharing service.
The mobile app is a critical component in the system since it is the main user touchpoint for searching, booking and executing car-sharing activities, including locking and unlocking the vehicles. The inherent security via the mobile app in all relevant uses cases is critical to the success of the car-sharing platform. Further, traditional mobile ‘app as a key’ approaches that work well for car ownership use cases do not scale into the car-sharing world.
How Approov Mobile App Protection Helped
To minimize the risk of car theft or fraudulent use of the car-sharing service while ensuring the smoothest user experience possible, it was clear that a security approach based purely on the mobile app software was needed. Most solutions require secrets such as API keys to be stored in the mobile app code.
Approov is a software only security solution for mobile apps and APIs that does not depend on mobile device characteristics or require secrets to be stored in the mobile app. Using its patented ‘DNA test,’ Approov attests that the API request is coming from a genuine instance of the mobile app and it is running in a safe environment.
Approov can operate over Bluetooth, enabling secure support for tricky car-sharing use cases where constant Internet connectivity cannot be guaranteed. In remote or wirelessly inaccessible settings, Approov allows the car to authenticate the mobile app directly for an uninterrupted customer experience.
Considerable testing was done with the BMW Group´s Car Sharing Platform once Approov was integrated. A range of use cases and deployment scenarios were considered using vehicles with BMW Group’s own testing fleet initially, and then within pilot projects set up with car-sharing provider partners, such as ShareNow.