Product Overview

API Security for the Mobile App Age

If you connect with your customers through a mobile app, that connection needs to be secure. With Approov, you’ll have a real-time shielding solution built in and around your app. It will protect the backend API services your app accesses, ensuring only your official app, running in a trusted environment, can successfully use those services.

Protection of API calls and data is now essential for business. Insecure APIs leave open the possibility of data breaches, fraud, denial of service, and other forms of API abuse which can impact your revenue and damage your brand. Approov Mobile App Protection provides three critical security benefits to your business:

App Attestation

Ensures a genuine and authentic app is accessing your backend service, not a bot, tampered or repackaged app.

Environment Checks

Detects unsafe operating environments, such as rooted/jailbroken devices, apps running under debuggers or emulators, or with malicious frameworks present on the client device.

Dynamic Pinning

Protects all API communications from third party observation or manipulation, with no risk of service interruption.

Features

Positive app attestation

Man-in-the-middle rejection

User authorization binding

Dynamic certificate pinning

Easy app SDK integration

JWT backend token verification

Selective security policies

DeviceCheck integration

SafetyNet integration

Emulator detection

Debug detection

Root detection

Jailbreak detection

Magisk detection

Frida detection

Xposed detection

Cydia detection

Clone app detection

App automation detection

Memory dump detection

Real-time metrics

Over-the-air security updates

DevOps tooling

24/7/365 support

How It Works

Approov Mobile App Protection verifies your app's authenticity and run-time safety. This prevents tampering of your app, and provides full protection against a wide range of threats. Short lived cryptographic tokens are used to attest the authenticity to backend APIs and services, allowing them to reject any requests not coming from your official apps, running in trusted environments. Over-the-air dynamic pinning updates ensure communication channels between the app and the backend APIs are always secured.

Approov Snapshot

Runtime App Protection

The drop-in Approov SDK measures the authenticity of a running app and the properties of the device environment it is running in. Comprehensive and ongoing runtime protection is provided, detecting app tampering, jailbreaking, rooting, debugging, cloning, hooking and various other malicious actions.

Secure over-the-air update capabilities ensure your apps running in the field are continuously updated to instantly block new threats as they emerge. Real time monitoring allows you to see the blocking of live attacks against your app.

Fine-grained security policy control and tune what is acceptable in the client environment.

Learn More

Mobile App Attestation

Protection approaches that run inside your app are insufficient, since this code must execute in a potentially compromised app environment. Instead, Approov uses an advanced attestation technique, requiring a live, light touch interaction between our Approov cloud service and the Approov SDK in your app. This performs a non-replayable integrity measurement process, where the running app must prove its authenticity and provide secured measurements of its running environment.

The Approov cloud service then responds on the basis of the measurements it received and the security policy you have set. Short lived cryptographically signed tokens, issued by the Approov service, are delivered to verified app instances so they can prove their authenticity to your backend APIs and services.

Learn More

Dynamic Certificate Pinning

HTTPS/TLS works well in encrypting your app’s communications against snooping or manipulation, but hackers can still establish Man-in-the-Middle (MitM) attacks to compromise app secrets or reverse engineer your APIs. Approov’s dynamic pinning service defeats these attacks, locking down connections to a fixed set of backend certificates that you can configure. Even better, it also allows secure over-the-air instant pin updates with no management headaches or service disruption.

Learn More

Rapid Deployment

Integrating Approov is easy. We have a wide range of frontend Quickstarts, supporting popular frameworks such as Flutter, React Native, Xamarin and Ionic as well as native app integrations. Our integrations implement dynamic pinning as well as automatic addition of Approov tokens on your API headers using network interceptors. You just need to use our fully compatible networking stack wrapper.

Approov tokens are industry standard JWTs so have extremely wide library support for easy verification. Just verify at your CDN, WAF/gateway, API management system or in your server code. We have a wide range of backend Quickstarts to show you what to do. A unified command line interface provides simple DevSecOps integration into your existing developer and operations infrastructures.

Learn More

Also see the Approov White Paper Addressing the Security Trust Gap in a Mobile World.

Talk to a Security Expert

Give us 30 minutes and our security experts will show you how to protect your revenue and business data by deploying Approov to secure your mobile apps and your APIs

Talk to an Expert
Approov Consultation