Free Trial

Product Overview

Stop API Abuse and Security Breaches in Mobile Channels

With more businesses moving to digitalization and future-ready services that utilize mobile API connections, securing those connection properly can get overlooked or not fully implemented for all possible threats. This leaves open the possibility of breaches, fraud, denial of service, and other forms of API abuse which damage your reputation and your business.

Approov API Threat Protection provides a multi-factor, end-to-end mobile API security solution that complements identity management, endpoint, and device protection to lock-down proper API usage. Only safe and approved apps can successfully use your APIs. Bots and fake or tampered apps are all easily turned away.

A small hardened SDK for integrity measurement in app combines with robust decision-making off app to deliver a safe and frictionless end user experience

How It Works

Mobile APIs are secured by implementing these fundamental safeguards:

Identifying your authentic app, eliminating botnets, scripts, and tampered or fake apps from using your APIs, even when they are presenting valid user credentials.

Verifying the environment in which your app is running, giving you the power to reject requests from compromised apps or devices.

Certifying that your apps communicate securely with your backend service with no no man-in-the-middle operational compromises.

The Approov API Threat Protection service frequently verifies your app's authenticity and run-time safety, and it replaces reliance on risky in-app secrets for short-lived security tokens you can efficiently check anywhere in your API backend.

Approov complements identity management, endpoint, and device protections to lock-down proper API usage in a multi-factor end-to-end security solution.

Complete API Protection for Mobile

Positive App Authentication

The Approov SDK measures a running app's “DNA”, and the Approov service cryptographically compares it to that of your registered apps, ensuring that the running app is present, original, and untampered.

Active Threat Protection

Even if your app's authenticity checks out, it may still be running in a compromised environment. Approov detects rooted/jailbroken devices, apps running in debuggers or on emulators, or malicious instrumentation frameworks manipulating your apps. You choose the security policy that meets your needs. Security changes are rolled out over the air without requiring app updates.

Simplified Certificate Pinning

HTTPS/TLS works well in encrypting your app’s communications against snooping or manipulation, but hackers still establish man-in-the-middle-attacks to compromise your customers’ data or reverse engineer your APIs. Approov’s dynamic pinning service defeats these attacks, while allowing secure over-the-air pin updates with no management headaches or service disruption.

Frictionless Security Updates

Approov’s security layers operate frictionlessly for your users. Secure over-the-air capabilities update security policies, deliver enhancements, upgrade or rotate certificates, blacklist specific devices, or deregister specific app versions.

Live Analytics and Threat Intelligence

App attestation traffic monitoring and security failure analytics are available for both command-line and graphical analysis. Establish alerts to changes in volume of attestation traffic or spikes in app integrity failures. Anonymized data provides information on the cause of the security failures and information about the app, device, and network environments.

Easy Integration And Operation

Easy SDK integration on the frontend is combined with industry standard token checks on the backend. Make positive API authorization checks at a CDN, WAF/gateway, API management system or server. A wide range of existing mobile platforms and backend service integrations are provided with more available on request. A unified command line interface provides easy DevSecOps integration into your existing developer and operations infrastructures.

Supported Platforms

Approov supports Android and iOS mobile apps and works with many backend API servers, gateways, WAFs, and CDNs.

Mobile Platforms

Integrating Approov into mobile applications is straightforward, and quickstart guides are provided for popular platforms below. If your platform is not listed, a generic integration approach is described in the Approov user manual.

React Native

Get started quickly

Cordova

Get started quickly

Backend API Platforms

Integrating Approov into backend services is straightforward, and quickstart guides are provided for popular platforms below. If your platform is not listed, a generic integration approach is described in the Approov user manual.

See the Approov user documentation for more detail.

Want a Live Demo?

We will show you how the ShipFast courier service uses Approov to protect their mobile app from abuse by evil ShipRaider.

Schedule a Demo

Copyright © 2020 CriticalBlue, Ltd. All Rights Reserved.