We're Hiring!
Free Trial

How to Prevent Mobile Man-in-the-Middle (MitM) Attacks

The communication channel between apps and APIs presents a rich target for hackers via Man-in-the-Middle (MitM) attacks. Transport Level Security (TLS) alone is not sufficient to stop them since tools installed in the device can easily intercept encrypted communications.

This free whitepaper provides an in-depth analysis of the techniques used by hackers and explains how certificate pinning can help thwart mobile MitM attacks. It also introduces methods to prevent hackers tampering with device environments.

In addition, it shows how over-the-air updates can be employed to reduce the chance of customer service being interrupted. Certificate rotations can be handled instantly and cleanly, eliminating any need to update apps.

Request Your Copy Now

CriticalBlue (developer of Approov) will use the personal information you provide to send you the content requested and information about our services. You may unsubscribe from these communications at any time by clicking the link at the bottom of our emails. For information on our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.

MitM Attack

Whitepaper Contents

  • Introduction
  • Man in the Middle Attacks
  • TLS and Encrypted Traffic
  • The Chain of Trust
  • Breaking Trust - Trust Store Poisoning
  • Breaking Trust - CA Breach
  • The Benefits of Pinning
  • Public Key Pinning versus Certificate Pinning
  • Implementing Pinning
  • The Static Pinning Configurator
  • The Operational Risks of Pinning
  • The Bad News - Pinning Can Be Bypassed in the Client
  • Pinning Bypass by App Repackaging
  • Pinning Bypass Using a Hooking Framework
  • Certificate Transparency
  • Dynamic Pinning Provides Easy Administration and Elimination of Operational Risks
  • The Final Piece in the Puzzle - How to Block Client-Side MitM Attacks
  • Approov: Complete MitM Protection with Assured Service Continuity
  • Conclusion

Talk to a Security Expert

Give us 30 minutes and our security experts will show you how how to protect your revenue and business data by deploying Approov to secure your mobile apps and your APIs

TALK TO AN EXPERT

Get a Trial

Ready to get serious? For detailed pricing information, tell us the name of your app and the expected number of active monthly users on Android and iOS.

GET A TRIAL

Close up of man using a smartphone

Looking for a quick fix?

Our Quickstarts will show you the fastest path to implementing better
mobile security.

GET A TRIAL