Skip to content
  • There are no suggestions because the search field is empty.

Approov's Commitment to Security: SOC 2 Type 2 Compliance

At Approov, we prioritize the security and integrity of our customers' data. We are proud to announce that the Approov Mobile Security Service has successfully completed its System and Organization Controls (SOC) 2 Type 2 audit. This comprehensive article outlines our security commitments, the details of our recent examination, and how you can access our compliance documents via our Trust Center.

What is SOC 2 Type 2?

Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 framework evaluates a company's controls relevant to specific trust services criteria. A SOC 2 Type 2 report goes beyond examining the design of internal controls at a point in time; it verifies the operational effectiveness of these controls over a specified period. Approov was evaluated against the trust services criteria for Security, Availability, and Confidentiality.

Audit Information & Details

The audit was performed by Sensiba LLP, an independent auditing firm, demonstrating our ongoing dedication to the highest standards of data security and operational integrity. Below are the key details of our most recent SOC 2 Type 2 examination:


Audit Detail

Information

Service Organization

Approov Limited

In-Scope Service

Approov Mobile Security Service

Auditor

Sensiba LLP

Audit Period

February 25, 2026 to May 25, 2026

Trust Services Criteria

Security, Availability, and Confidentiality


Our Security Architecture

The Approov Mobile Security Service helps developers protect their apps and cloud APIs from fraud and abuse by ensuring that only legitimate, untampered apps running in secure mobile environments can communicate with backend services. Key pillars of our security infrastructure include:

  • Dynamic App Integrity Verification: Utilizes a challenge-response cryptographic protocol to assess app and environment integrity.
  • Runtime Secrets Protection: Allows API keys and other secrets to be completely removed from the app package shipped to the app store and delivered securely at runtime.
  • Secure Cloud Infrastructure: Hosted primarily on AWS in Dublin, Ireland, with a failover service running on GCP.
  • Encryption & Protection: User requests are encrypted using TLS, and data at rest is encrypted using AES 256-bit encryption.

The Approov Trust Center

To provide our customers and prospects with transparent access to our compliance posture, we maintain an always-up-to-date Trust Center. This is your central destination to view and request our core legal and security documents.

You can access the Trust Center here. Documents available in our Trust Center include:

  • Data Protection Addendum (DPA)
  • Terms of Service (ToS)
  • Service Level Agreement (SLA)
  • Mutual Non-disclosure Agreement (MNDA)
  • Privacy Policy

  AICPA-SOC2-blue-logo

Need More Information?

If you are an existing customer or prospect who requires the full SOC 2 Type 2 report, please visit the Trust Center or reach out to your account executive to request a copy under NDA.