We're Hiring!

Approov Blog

Mobile API Security Best Practices

May 12, 2023

Mobile devices have become a ubiquitous part of our daily lives, and they are increasingly used for business and personal transactions. Mobile apps often rely on APIs to communicate with back-end systems and other third-party APIs, making them an essential component of modern mobile apps. However, APIs also create security risks that need to be addressed to prevent data breaches, cyber attacks, and other security incidents. Read Full Story

Mobile API Security Myths

May 10, 2023

Mobile APIs are a crucial component of mobile app development, enabling apps to communicate with servers and access data. However, the security of these APIs is often misunderstood, leading to several myths and misconceptions surrounding mobile API security. We will discuss how HTTPS encryption, API keys, and authentication are not enough to fully secure mobile APIs, and how even private APIs are susceptible to attacks. We will also examine why mobile API security is a shared responsibility among developers, stakeholders, and security teams. Finally, we will explore the misconception that mobile app security is separate from mobile API security, and how both are crucial for protecting users and data. Read Full Story

What Can You Achieve in Your 30 Day Free Approov Trial?

May 10, 2023

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android. Approov immediately stops any automated tools or compromised apps from manipulating any part of the end-to-end mobile platform, turning away unauthorized access attempts by scripts, bots and fake or tampered apps. Read Full Story

Zero-Trust Alone Proves Inadequate for Securing APIs

April 18, 2023

The disclosure of three significant API security incidents in the first two months of 2023 serves as a reminder that, as the use of APIs continue to rise, so too does the number of API related security breaches. Read Full Story

Mobile App Security Myths

April 14, 2023

Mobile app usage has grown significantly in recent years, and with this growth comes an increased need for mobile app security. Unfortunately, many mobile app developers hold misconceptions and myths about mobile app security, which can lead to a false sense of security that can result in security breaches and compromises of sensitive information. We will cover a range of myths including the belief that mobile app stores guarantee secure apps, that Android mobile apps are more insecure, that iOS is more secure, and that using HTTPS to call the API backend is enough to ensure security. Additionally, we will explore the myth that only popular and public-facing apps require security measures and the belief that only root or jail-broken devices are a concern in terms of mobile app security. Read Full Story

Mobile App Security Checklist

April 12, 2023

One of the most well-known checklists for mobile app security is found in the OWASP Mobile Application Security Verification Standard (MASVS). If you implement the OWASP Mobile App Security Checklist thoroughly and meet all the requirements, your mobile app will have a good security foundation. However, there are still some potential security gaps to consider. First, the app itself is responsible for conducting security checks and making decisions about its own security, which could allow an attacker to use an instrumentation framework to bypass or modify these checks and decisions. Second, the API backend is not necessarily restricted to serving requests solely from genuine, unmodified instances of the mobile app that are not under attack or running on a compromised device and environment. Read Full Story

Is Code Obfuscation Worth it?

April 10, 2023

As a developer once said… It depends!!! In a nutshell, it depends on what is motivating you to use obfuscation in the first place. If you plan to use only code obfuscation as a security measure then you may end up with a Maginot Line on your security defences. Read Full Story

What is Runtime Application Self-Protection (RASP)?

April 6, 2023

Runtime Application Self-Protection (RASP) is a security technology that is designed to protect applications from attacks while the application is running. It works by embedding a security mechanism directly into the application, which allows it to monitor the application's behavior and detect and prevent malicious activities in real-time. Read Full Story

Mobile App Security Best Practices

April 3, 2023

Mobile apps are now essential for communication, entertainment, shopping, banking and other aspects of our daily lives. As security threats increase, it's crucial to ensure that mobile apps are secure. Insecure mobile apps can lead to data breaches, sensitive information theft, and financial losses. Adopting best security practices is essential to safeguard your mobile apps, APIs, and users' data and privacy. This blog post outlines the best practices for mobile app security that every mobile app developer should consider while developing mobile apps and where Approov can be used to enhance the security of a mobile app and their APIs. We'll cover topics like secure code development, authentication and authorization, network security, secure data storage, and regular security testing. Read Full Story

What You Need to Know About Broken Object Level Authorization (BOLA)

March 28, 2023

Broken Object Level Authorization (BOLA) is the #1 vulnerability in the OWASP API Security Project’s API Security Top Ten in 2019. Using BOLA, an attacker exploits a vulnerable API endpoint by manipulating an arbitrary object identifier to exfiltrate or manipulate data they are not authorized to access. Authorization schemes can be complex, and it is easy for an API developer to miss an authorization check when the application state is passed between client and service. Read Full Story