Mobile App Attestation
Complete App and Device Integrity without Backend Integration Headaches
Both Android’s SafetyNet/Play Integrity and iOS’s DeviceCheck/App Attest provide capabilities to check app integrity and to give some assurance that your backend is interacting with the authentic app.
The integration of these is complex, especially in the backend. You need to consider usage quotas and uptime guarantees. The app checks also takes time to execute. It can’t be performed on every API call so you must persist the trust between the attestations. These OS facilities alone can’t provide all the fine grain security controls you might need.
Approov mobile app protection provides:
- Seamless and consistent protection across Android and iOS
- Advanced app attestation with highly granular, policy-driven blocking of any tampering in the client environment
- Uniform Android SafetyNet and iOS DeviceCheck integration creating a powerful threat management framework.
- Protection against man-in-the-middle attacks with dynamic TLS pinning
- Protection of third-party API keys with no change to backend APIs
- Immediate over-the-air updates and dynamic management of all certificates and API keys
- Industry-standard authenticity tokens for easy backend verification
See How Approov Builds on SafetyNet and DeviceCheck
Approov adds greater control and consistency across SafetyNet and DeviceCheck - with simple integration and ongoing operations in one easy to use package for both Android and iOS.