End-to-end
Mobile App
Security
Six Ways Approov Secures Mobile Apps
Approov provides the only comprehensive run-time security solution for mobile apps and their APIs, unified across Android and iOS.
App Integrity
Approov ensures that only genuine and authentic apps access your backend service, stopping bots, and tampered or repackaged apps in their tracks. Our unique deterministic approach ensures there are no false positives to manage.
Device Integrity
Approov detects unsafe operation environments on the client device, such as rooted/jailbroken devices, apps running under debuggers or emulators, or whether malicious frameworks are present. Approov validates all aspects of the client environment and applies dynamic policies that allow fine-grained control.
Dynamic Certificate Pinning
Approov’s dynamic pinning service stops Man-in-the-Middle or Man-in-the-Phone attacks, locking down connections to a fixed set of backend certificates that you can manage easily. Even better, it delivers secure over-the-air instant pin updates with no management headaches or service disruptions.
API Protection
Approov performs an ongoing, deep inspection of your mobile app and the device it is running upon, and based on this guarantees authenticity to your backend APIs and services. API keys for your own and 3rd party APIs are only delivered if the app is genuine and the environment is safe. Approov prevents your backend APIs from API abuse, credential stuffing, fake botnet registrations, and DDoS attacks.
Runtime Secrets Protection
We solve the problem of hard coded or stolen API Keys. Our cloud service delivers secrets “just-in-time” to the app at the moment they are required to make an API call, and only when the app and its runtime environment has passed attestation. Dynamically managed, they can be updated across all deployed apps without the need for app updates.
Easy to Deploy and Manage
You can deploy and test Approov during a free 30-day trial, and ongoing operation is easy. It integrates easily with your environment and a full range of other security tools and services.
Mobile App Attestation
Only Genuine Apps Allowed
Approov performs advanced runtime memory analysis to make sure your untampered official app is being used. This prevents repackaging, modification and fake app attacks, and gives you complete control over which specific versions of your app are accepted.
Easy to Manage and Very Secure
With Approov, the app must prove itself to be genuine through a sequence of integrity measurements. These results are then sent to the Approov cloud service using a patented challenge-response protocol, immune from replay attacks. The Approov cloud makes the decisions. If integrity is verified then the running app is issued with a short lived cryptographic token that it can use to prove its authenticity to the backend API services it uses. The app cannot make its own decisions about integrity and cannot sign its own tokens. Defense is moved out of the attacker’s reach and into the Approov cloud.
No False Positives
Our unique deterministic approach ensures there are no false positives to manage. Either the app is genuine and running in an unmodified environment — or its not.
Device Attestation
Full Validation of the Integrity of the Client Environment
Approov detects any unsafe operating environments on the client device, such as rooted/jailbroken devices, apps running under debuggers or emulators, or whether malicious frameworks are present.
Complete Control via Fine-Grained Policy
You may want to permit some client modifications for some types of apps but not for others. Approov validates all aspects of the client environment and applies dynamic policies that allow fine-grained control. Policy changes are instantly applied to all apps.
Fully Integrated with Android Play Integrity and iOS AppAttest
Approov provides more granular control, wider device support, cross-platform consistency and various other advantages over the basic platform capabilities. However, Approov does optionally integrate with iOS DeviceCheck and/or Android SafetyNet to provide an even more powerful threat management framework.
Dynamic Certificate Pinning
No More Man-in-the-Middle
Approov’s dynamic pinning service stops Man-in-the-Middle or Man-in-the-Phone attacks, locking down connections to a fixed set of backend certificates that you can manage easily.
Completely Secure
Certificate pinning can prevent these attacks. This binds the app to the public key of the certificate that is expected on the backend API service. If an attacker tries to insert their own certificate, even if it is trusted by your customers’ device itself, the connection will be rejected. Because Approov detects hooking frameworks, any attempts to bypass pinning by using a “man-in-the-device” attack to manipulate the client environment are completely blocked too.
Easy to Manage
Pinning can be tricky to implement but not if you use Approov. Approov delivers secure over-the-air instant pin updates with no management headaches or service disruptions. There is no need to ever release a new version of the app simply to update pins. Pin updates are distributed immediately the next time an Approov token needs to be fetched.
Runtime Secrets Protection
Keep Your Secrets Hidden
Approov combines two distinct protection mechanisms in a way that they work seamlessly together. First, Approov is a cloud-based solution for managing and securely storing API keys. Secrets are never ever present in the built app code at all, and the app is no longer subject to any reverse engineering risk since there are no keys to steal. Second, Approov verifies that the application and the client environment has not been tampered with and only delivers secrets for use if this is the case.
Even if Secrets are Stolen, They Can Never be Used
Approov Runtime Secrets Protection manages and protects all the secrets a mobile app uses, solving the problem of hard coded or stolen API Keys. If secrets are stolen from somewhere else, Approov can block them instantly. Secrets are dynamically managed by Approov and they can immediately be updated across all deployed apps without the need for app updates.
Easy to Deploy
Easy for Developers
Our free 30 day trial easily provides enough time to fully deploy and test Approov in your own environment. Adding the SDK to the app and integrating with the backend service are both made easy because Approov provides a range of Quickstart guides for all commonly used environments, and always keeps them up to date. LEARN MORE
Approov also has pretested integrations with a number of backend security platforms, tools and services to make integration in your environment easy.
Approov also has pretested integrations with a number of backend security platforms, tools and services to make integration in your environment easy.
DevOps Will Love It
Approov makes it easy to keep your app working and your service up and running. There are never any false positives to impact customer satisfaction and Approov delivers over-the-air instant pin updates with no management headaches and no risk of service disruption. In fact, with Approov there is no longer any need to release a new version of the app simply to update pins, certificates or API Keys. Your DevOps team will be happy about that.
Visibility and Control for the Security Team
Approov gives the security team complete visibility with Approov Analytics and fine-grained control over policies using over-the-air policy updates. No need for extensively trained specialists either - no tuning or rule creation is required. API Keys, certificates and all the other secrets the app needs are managed and delivered over-the-air. If secrets are stolen from somewhere else, Approov can block them instantly by applying updates across all deployed apps without the need for app version updates. 3rd party APIs are also protected.
API Protection
Keep Your Secrets Hidden
Approov combines two distinct protection mechanisms in a way that they work seamlessly together. First, Approov is a cloud-based solution for managing and securely storing API keys. Secrets are never ever present in the built app code at all, and the app is no longer subject to any reverse engineering risk since there are no keys to steal. Second, Approov verifies that the application and the client environment has not been tampered with and only delivers secrets for use if this is the case.
Even if Secrets are Stolen, They Can Never be Used
Approov Runtime Secrets Protection manages and protects all the secrets a mobile app uses, solving the problem of hard coded or stolen API Keys. If secrets are stolen from somewhere else, Approov can block them instantly. Secrets are dynamically managed by Approov and they can immediately be updated across all deployed apps without the need for app updates.
