Approov iOS Native Integration QuickStarts

Sun 17 May 2020 By Richard Taylor

Category: Integration, iOS, Mobile App Authentication, Mobile App Development, Certificate Pinning, API Security

Photo by Evgeni Tcherkasski on Unsplash

Read More

Quick Analysis: NHSX Contact Tracing App

Mon 11 May 2020 By Richard Taylor

Category: Reverse Engineering, Threats, API, Mobile App Development, MitM Attack, Certificate Pinning, API Abuse, API Security

When the NHSX contact tracing app was made available in the app stores last Thursday we decided to take a quick look at its operation and how the code has been put together. We used the Android version and the excellent MobSF tools to do our reversing analysis. On Friday the full source code of the app was also published on github

Read More

Approov Backend Quickstarts

Wed 29 April 2020 By Richard Taylor

Category: Integration, Mobile App Authentication, API, MitM Attack, Certificate Pinning, API Security

Photo by Ankush Rathi from Pexels

Approov lets your mobile app prove to a backend API that it really is the official mobile app making the call, and that it is not running in an environment that may be compromised. Only requests from the apps that you specifically allow can make successful requests.

Read More

Approov Android Native Integration QuickStarts

Tue 28 April 2020 By Richard Taylor

Category: Integration, Android, Mobile App Authentication, Mobile App Development, Certificate Pinning, API Security

Photo by Pathum Danthanarayana on Unsplash

Our aim is to make the process of integrating Approov into your mobile app as simple as possible. Our Quickstart guides show you how to Approov into your app, tailored to whatever framework or programming style you’ve already adopted. In this blog we are going to cover the comprehensive options we have for Android Native app development.

Read More

How to Protect Against Certificate Pinning Bypassing

Tue 15 October 2019 By Paulo Renato

Category: Mobile App Authentication, Repackaged Apps, Reverse Engineering, Threats, API, MitM Attack, Certificate Pinning

In my previous article, we saw how to bypass certificate pinning within a device you control and, as promised, we will now see how you can protect yourself against such an attack.

In this article you will learn how to use a mobile app attestation service to protect your API server from accepting requests that come from a mobile app where certificate pinning has been bypassed. This means that even though the attacker has bypassed the certificate pinning, he will not be able to receive successful responses from the API server. Instead, the server will always return 401 responses, thus protecting your valuable data from getting into the wrong hands.

Read More

Bypassing Certificate Pinning

Sun 18 August 2019 By Paulo Renato

Category: Android, Mobile App Development, MitM Attack, Certificate Pinning

In a previous article we saw how to protect the https communication channel between a mobile app and an API server with certificate pinning, and as promised at the end of that article we will now see how to bypass certificate pinning.

To demonstrate how to bypass certificate pinning we will use the same Currency Converter Demo mobile app that was used in the previous article.

In this article you will learn how to repackage a mobile app in order to make it trust custom ssl certificates. This will allow us to bypass certificate pinning.

Read More

SECURING HTTPS WITH CERTIFICATE PINNING ON ANDROID

Wed 26 June 2019 By Paulo Renato

Category: Android, API, Mobile App Development, MitM Attack, Certificate Pinning

 

In a previous article we saw how we could steal an API key by performing a man in the middle (MitM) attack to intercept the https traffic between the mobile app and the API server. In this article we will learn how to mitigate this type of attack by using a technique known as certificate pinning.

In order to demonstrate how to use certificate pinning for protecting the https traffic between your mobile app and your API server, we will use the same Currency Converter Demo mobile app that I used in the previous article.

In this article we will learn what certificate pinning is, when to use it, how to implement it in an Android app, and how it can prevent a MitM attack.

Read More

Page 1 of 1