Approov's Commitment to Security: SOC 2 Type 2 Compliance
At Approov, we prioritize the security and integrity of our customers' data. We are proud to announce that the Approov Mobile Security Service has successfully completed its System and Organization Controls (SOC) 2 Type 2 audit. This comprehensive article outlines our security commitments, the details of our recent examination, and how you can access our compliance documents via our Trust Center.
What is SOC 2 Type 2?
Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 framework evaluates a company's controls relevant to specific trust services criteria. A SOC 2 Type 2 report goes beyond examining the design of internal controls at a point in time; it verifies the operational effectiveness of these controls over a specified period. Approov was evaluated against the trust services criteria for Security, Availability, and Confidentiality.
Audit Information & Details
The audit was performed by Sensiba LLP, an independent auditing firm, demonstrating our ongoing dedication to the highest standards of data security and operational integrity. Below are the key details of our most recent SOC 2 Type 2 examination:
|
Audit Detail |
Information |
|---|---|
|
Service Organization |
Approov Limited |
|
In-Scope Service |
Approov Mobile Security Service |
|
Auditor |
Sensiba LLP |
|
Audit Period |
February 25, 2026 to May 25, 2026 |
|
Trust Services Criteria |
Security, Availability, and Confidentiality |
Our Security Architecture
The Approov Mobile Security Service helps developers protect their apps and cloud APIs from fraud and abuse by ensuring that only legitimate, untampered apps running in secure mobile environments can communicate with backend services. Key pillars of our security infrastructure include:
- Dynamic App Integrity Verification: Utilizes a challenge-response cryptographic protocol to assess app and environment integrity.
- Runtime Secrets Protection: Allows API keys and other secrets to be completely removed from the app package shipped to the app store and delivered securely at runtime.
- Secure Cloud Infrastructure: Hosted primarily on AWS in Dublin, Ireland, with a failover service running on GCP.
- Encryption & Protection: User requests are encrypted using TLS, and data at rest is encrypted using AES 256-bit encryption.
The Approov Trust Center
To provide our customers and prospects with transparent access to our compliance posture, we maintain an always-up-to-date Trust Center. This is your central destination to view and request our core legal and security documents.
You can access the Trust Center here. Documents available in our Trust Center include:
- Data Protection Addendum (DPA)
- Terms of Service (ToS)
- Service Level Agreement (SLA)
- Mutual Non-disclosure Agreement (MNDA)
- Privacy Policy
Need More Information?
If you are an existing customer or prospect who requires the full SOC 2 Type 2 report, please visit the Trust Center or reach out to your account executive to request a copy under NDA.