We're Hiring!

Approov Blog
Android Security

The Impact of EU's Digital Markets Act on 3rd Party App Security

February 26, 2024

With the implementation of the Digital Markets Act (DMA) in the EU, Apple is opening the possibility of installing apps from alternative apps stores. As discussed in Update on apps distributed in the European Union the intention is that all apps that can be installed must go through a notarization process, which signs the app package with a certificate from Apple. This will be a lighter (and fully automated) review process than will be applied to apps for the official Apple Store. Read Full Story

Enhancing Android App Security: Approov's Role with Non-GMS Apps

February 13, 2024

In today's digital age, mobile applications and APIs play a pivotal role in our daily lives. With the Android ecosystem being the dominant platform, the security of Android apps is a critical concern. Based on privacy concerns and a desire for openness more Android apps than ever are being developed without relying on Google Mobile Services (GMS), commonly known as non-GMS apps. Read Full Story

The Limitations of Google Play Integrity API (ex SafetyNet)

December 20, 2023

This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. The imminent deprecation of Google SafetyNet Attestation API means this is a good time for a comprehensive evaluation of solutions in this space. Read Full Story

How Do I Protect My Flutter App?

October 10, 2022

Google’s open source Flutter has quickly become one of the most popular development toolkits for building cross platform mobile applications. In this article we will examine what security is built-in to Flutter mobile apps and recommend additional layers which you may wish to consider for your mobile projects. Read Full Story

How to Bypass Certificate Pinning with Frida on an Android App

May 4, 2021

In a previous article we learned how to perform a MitM attack on a mobile app that doesn’t employ certificate pinning as a mechanism of preventing such attacks. Today I will show how to use the Frida instrumentation framework to hook into the mobile app at runtime and instrument the code in order to perform a successful MitM attack even when the mobile app has implemented certificate pinning. Read Full Story

How to MitM Attack the API of an Android App

May 1, 2021

Performing a MitM attack against an HTTPS channel requires the capability for the attacker to be able to add the proxy server Certificate Authority (CA) into the Trust Store of the device running the mobile app and a popular approach is to manually upload the CA to the device, but this comes with some challenges, that may require to root the device and/or repackage the mobile app. An easier way exists, and in this article I will show how to use an Android Emulator with a writable file system that will allow us to install the proxy certificate directly into the system trusted store, without the need to root the emulator or make changes in the mobile app. This is a hands on how to tutorial, that you can easily follow, even if you have not done a MitM attack before or you are just starting your developer Android journey. Read Full Story