For Security / Ops
APIs connect your backend services to your customers through your mobile app. They are the customer access point for interaction with your business.
Protection of API calls and data or transactions is now imperative for business. Insecure APIs can lead to lost revenue, increased operating costs, loss of reputation, and potentially large legal costs and restitution if breached.
Approov API Threat Protection provides three critical security benefits:
Ensures a real and authentic app is accessing your backend service, not a bot or tampered, repackaged app.
Detects unsafe operating environments, such as running rooted/jailbroken, in a debugger or emulator, or with malicious frameworks present.
Protects all API communications from third party observation or manipulation.
Identity management (IAM) services and role-based access control (RBAC) can control WHO can access backend services, but how well do you control WHAT can access your services? Approov closes this security gap to answer questions such as:
By 2022, API abuses will be the most frequent attack vector resulting in data breaches for enterprise web applications.
Gartner: How to Build an Effective API Security Strategy
Useful apps are dependent on the data and services provided by multiple APIs from a range of vendors. A typical enterprise app will make use of both internal and 3rd party APIs each with its own approach to access management and associated charges.
Most APIs require apps to present some sort of valid API key with each request to allow access. Failing to protect this key from misuse can have a number of consequences:
The API keys used by your apps can fall into the wrong hands in a number of ways. They can simply be extracted from from your published app and redeployed in scripts, and it is not uncommon for keys to be accidentally uploaded by developers to public code sharing sites with GitHub and BitBucket
100's of millions of API-leveraged attacks occur each day attempting to steal valuable data, goods, or access accounts which can be exchanged for money. A typical attack sequence involves:
Approov's operational capabilities are continually enhanced through interactions with our customers.
Approov detects potentially unsafe mobile device environments including device rooting/jailbreaking, emulator or debugger usage, malicious instrumentation frameworks, and cloned apps. Customers specify which policies should be enforced. Changes to security policies roll out immediately to active apps.
Potentially unsafe conditions detected include:
Live metrics are accumulated regarding device usage, attestation forensics, and billing information. Both graphical and report notifications are available.
Hackers continuously evolve their run time penetration techniques, and Approov keeps pace by providing security detection updates over the air without requiring app store updates. This live update service is also used to manage trust certificates and security policies.
The Approov service is managed by a uniform command line tool available on Windows, MacOS, and Linux for easy integration into devops flows.
See Approov for developers about Approov integration into apps and back-end services.
We will show you how the ShipFast courier service uses Approov to protect their mobile app from abuse by evil ShipRaider.
Schedule a Demo