In my last post in this series, I introduced Approov, the app authentication solution, and described how it tackles the problem of API protection in a novel and proactive way. In this post, I want to focus on the reasons API publishers need app authentication as part of their mobile security defense, and specifically why it should work alongside user authentication. In our discussions with new customers we often find that we need to explain the difference between the two as well as the contributions that each one provides.
Recently I was doing some API analysis on a video sharing app aimed at the teenage market. As is typical in these types of apps, before you can do anything you need to sign up with an account. You’d think that would be straightforward enough, right?
As many social media platforms continue to experience incredible growth in popularity, the supporting apps, and the APIs that service them, remain top targets for bad actors. The ability to communicate quickly and indirectly with the platforms’ vast user bases make them ideal for spreading malware, phishing attacks, or fake news. Networks of automated accounts, gaining artificial levels of popularity and influence are often used to instigate attacks and the recent admission by Facebook that Kremlin linked propaganda may have been seen by as many as 126 million users gives us some idea of the scale of the threat and the ambition of the attackers.
SAN JOSE, CALIFORNIA, USA, October 31, 2017 /EINPresswire.com/ -- CriticalBlue, provider of the award winning Approov mobile API protection solution, today announced the successful deployment of Approov within the Nimses social media platform. Fast growing mobile businesses are an attractive target for bad actors who will attack the rich APIs between mobile apps and enterprises’ backends to attempt exploits such as scraping of competitive data, fake account onboarding, fraud, DDoS and account takeover. Time and again, basic encryption and embedded secrets in mobile apps have proven to be insufficient barriers against these automated scripts and hackers.