Runtime
Secrets
Protection
Shift Left To Secure Your Secrets
Approov has developed an SDK that you can drop into your app to manage the secrets that it needs, such as API keys, to authenticate itself to various services that it uses. Rather than hardcode these in your app, where they are fixed and subject to reverse engineering extraction, the SDK obtains them at runtime from our cloud service.
Approov performs a deep inspection of your mobile app and the device it is running upon, and only if various integrity checks are passed are the secrets passed to it at runtime, where they are held securely. Outgoing requests that may contain the secrets are pinned, ensuring they cannot be extracted by a Man-in-the-Middle.
Shift left with Approov and integrate runtime secrets management, giving you complete operational flexibility and observability. Rotate secrets as needed and eliminate the risk of secrets exposure damaging your business.
Just-in-Time Secrets Delivery From The Secure Cloud
Approov Runtime Secrets Protection manages and protects all the secrets a mobile app uses. The Approov cloud service delivers secrets “just-in-time” to the app only at the moment they are required to make an API call, and only when the app and its runtime environment has passed attestation. This ensures that sensitive API secrets are not being continuously stored or delivered to unsafe places, such as fake apps or into malicious hands.
Mobile App Integration
Adding Approov to your iOS or Android app is easy with our wide range of quickstarts. Each one implements a networking interceptor model so when secrets such as API keys need to be sent by the app they can be automatically added at runtime, minimizing code changes and maximizing security. All networking calls are protected with dynamic pinning, ensuring the secrets are also safe in transit. Other types of secrets can be obtained through simple calls, with options allowing user notification if the app has failed its runtime integrity checks.
Dynamically Managed
All secrets are stored by the Approov cloud service and are easy to manage dynamically. Certificates, pins, and API keys can easily and immediately be updated across all deployed apps. In this way, if secrets are ever stolen from cloud repositories or acquired through other means, or if a third-party API used by your app changes keys, they can immediately be rotated without any service interruption and without having to update apps.
