BMW Customer Story

Securing a Car Sharing Platform


BMW Group offers vehicles which are factory ready for deployment as car sharing assets and uses Approov to ensure maximum platform security with minimal customer impact across all use cases.

Most car sharing vehicles are regular models where car sharing hardware and software are retrofitted into the car prior to being added to the car sharing providers’ fleet. This adds an additional step into the process of setting up, running, and maintaining a car sharing service.

The Challenge

The mobile app is a critical component in the system since it is the main user touchpoint for searching, booking and executing car sharing activities, in particular locking and unlocking the vehicles. Therefore, the inherent security via the mobile app in all of the relevant uses cases is critical to the success of the car sharing platform. Further, traditional mobile ‘app as a key’ approaches which work well for car ownership use cases do not scale into the car sharing world.

Security Challenge

How Approov Mobile App Protection Helped

In order to minimize the risk of car theft or fraudulent use of the car sharing service, while ensuring the smoothest user experience possible, it was clear that a security approach based purely on the mobile app software was needed. Unfortunately, most such solutions require secrets such as API keys to be stored in the mobile app code.

Approov is a software only security solution for mobile apps and APIs which does not depend on mobile device characteristics and does not require any secrets to be stored in the mobile app. Using its patented ‘DNA test’, Approov attests that the API request is coming from a genuine instance of the mobile app and that it is running in a safe environment.

Further, Approov can operate over Bluetooth, enabling secure support for tricky car sharing use cases where constant Internet connectivity cannot be guaranteed. In remote or wirelessly inaccessible settings, Approov allows the car to authenticate the mobile app directly, ensuring an uninterrupted customer experience.

Considerable testing was done with the BMW Group´s Car Sharing Platform after Approov had been integrated. A range of use cases and deployment scenarios were considered using vehicles with BMW Group’s own testing fleet initially, and then within pilot projects set up between them and their car sharing provider partners, such as ShareNow.