Skip to content

Cloud-Native Trust for
API Communication

Approov Cloud-Native Connection Integrity (CNCITM) compliments TLS to enhance the security of a mobile app by ensuring that it only communicates with a trusted server whose digital certificate matches a predefined set of certificates. Unlike static pinning, it protects the app against all types of Man-in-the-Middle (MitM) attacks including device trust store manipulation. Most importantly, ECC signed dynamic updates allow the app to immediately employ changed certificates without requiring a code update or deployment of a new version of the app.

Key Benefits

MitMBlock all MitM Attacks

Approov blocks all Man-in-the-Middle (MitM) attacks, including emulator-based attacks and trusted root manipulation

token based securityRealtime Detection of Spoofing Attempts

Implements layered trust for all communications channels, anchored by runtime attestation and dynamic certificate pinning

Сryptographic securityBest-in-Class Security and Compliance

Supports OWASP MASVS-R, aligns with NIST. For healthcare apps, ensures PHI transport security

dynamically update all your appsDynamically Update All Your Apps

Peace-of-mind for your devops team. No more app updates for cert changes. Change pins as needed and dynamically update all your apps immediately

Man-in-the-Middle (MitM) Attacks

Modern apps communicate using a secure TLS connection between the app and the backend APIs. A common mistake is to believe that this encryption makes sure that the data is not vulnerable to eavesdropping by a Man-in-the-Middle (MitM) attacker. Although TLS ensures that the data is encrypted end-to-end, it can’t be certain that one of the ends is actually your app.

It is possible to trick the app into allowing communication indirectly via an MitM attacker that can observe and potentially modify all of the traffic. Such MitM approaches are commonly used by attackers to reverse engineer an API protocol and extract secrets and API keys for subsequent attack.

Mitm attack scheme
Zoomed Image

How Can You Prevent MitM Attacks?

See why MitM attacks are a particular issue for mobile apps, and understand the techniques used by hackers. See how Approov Cloud-Managed Connection Integrity can help thwart mobile MitM attacks and can streamline mobile app devops.

Download the white paper today to understand the MitM threat to mobile apps and the steps you must take to enhance your security and protect your organization’s data and revenue from being hacked.

MitM Webinar

This webinar recording shows why MitM attacks are a particular issue for mobile apps, providing an in-depth analysis of the problem and the techniques used by hackers - and how to stop them.

Certificate Pinning Reinvented - Simplified and Secure

Approov provides support for updating pins dynamically over-the-air with no need to update the app. Certificate rotations can be handled instantly and cleanly, with no risk of interruption to customer service. Our frontend Quickstarts implement dynamic pinning across a wide range of different development frameworks, as part of Approov Cloud-Managed Connection Integrity.

Pinning scheme

When it is not possible to perform a Man-in-the-Middle (MitM) attack by subverting the trusted certificates on a device, attackers turn to other techniques. Sometimes referred to as “Man-in-the-App” attacks, function-hooking frameworks (such as Frida) are used to nullify pinning implementations so that attacker certificates are accepted. Since Approov detects hooking frameworks, valid Approov tokens or Runtime Secrets are never issued in such cases, stopping attacks because the backend APIs will not respond.

Request a Demo

Give us 30 minutes and our security experts will show you how to protect your revenue and business data by deploying Approov to secure your mobile apps and your.

Request a Demo

Get a Trial

Approov offers a complimentary 30 day trial (no credit card necessary) to give you immediate and valuable insight into the security risks of your mobile apps and the devices they run on.

Get a Trial

Related Resource

No related content found.