Six Ways Approov Secures Mobile Apps
Approov provides the only comprehensive run-time security solution for mobile apps and their APIs, unified across Android and iOS.
Approov ensures that only genuine and authentic apps access your backend service, stopping bots, and tampered or repackaged apps in their tracks. Our unique deterministic approach ensures there are no false positives to manage.
Approov detects unsafe operation environments on the client device, such as rooted/jailbroken devices, apps running under debuggers or emulators, or whether malicious frameworks are present. Approov validates all aspects of the client environment and applies dynamic policies that allow fine-grained control.
Dynamic Certificate Pinning
Approov’s dynamic pinning service stops Man-in-the-Middle or Man-in-the-Phone attacks, locking down connections to a fixed set of backend certificates that you can manage easily. Even better, it delivers secure over-the-air instant pin updates with no management headaches or service disruptions.
Approov performs an ongoing, deep inspection of your mobile app and the device it is running upon, and based on this certifies authenticity to your backend APIs and services. API keys for your own and 3rd party APIs are only delivered if the app is genuine and the environment is safe. Approov prevents your backend APIs from API abuse, credential stuffing, fake botnet registrations, and DDoS attacks.
Runtime Secrets Protection
We solve the problem of hard coded or stolen API Keys. Our cloud service delivers secrets “just-in-time” to the app at the moment they are required to make an API call, and only when the app and its runtime environment has passed attestation. Dynamically managed, they can be updated across all deployed apps without the need for app updates.
Easy to Deploy and Manage
You can deploy and test Approov during a free 30-day trial, and ongoing operation is easy. It integrates easily with your environment and a full range of other security tools and services.