Approov Xamarin QuickStart

Wed 29 July 2020 By Ivo Liondov

Category: Integration, Mobile App Authentication, Mobile App Development, Certificate Pinning, API Security

 

Xamarin is a very popular framework for building cross platform apps using C#. Microsoft offers full support for inclusion of native iOS or Android libraries and an excellent IDE, Visual Studio, making Xamarin an ideal cross platform mobile app development solution. You shouldn’t need to compromise on security just because you are using a higher level framework rather than developing native apps. Our Xamarin Quickstart guide allows you to easily get up and running with Approov, whether you are building a new app or adapting an existing one to have an improved security posture.

Read More

Security key to mHealth success

Thu 23 July 2020 By David Stewart

Category: Mobile App Authentication, Repackaged Apps, MitM Attack, Certificate Pinning, API Security, Healthcare

 

 
In 2016, mHealth apps were the third fastest-growing category of apps behind games and utilities. In 2017, the number of healthcare applications available for smartphone users doubled from that of 2015 to 325,000, from 84,000 different publishers, with an estimated 3.7 billion downloads that year. By 2018, nearly a third of all patients were using their mobile phone for health-related searches and for booking appointments, an overwhelming 99% of consumers believed that mHealth apps improved their quality of life and 70% of millennials were interested in a mobile app that would help them actively manage their well-being. By 2027, mHealth app usage among patients is projected to grow at a 10-year CAGR of 40%.
Read More

A Short Tour of the Approov Metrics

Fri 17 July 2020 By David Stewart

Category: Integration, Mobile App Authentication, Threats, Mobile App Development, Certificate Pinning, API Abuse, API Security

Approov API Threat Protection protects the APIs which service your mobile apps from abuse and fraud by unauthorized bad actors. We talk to customers about how Approov authenticates genuine mobile app instances without requiring hidden secrets or design decision making in the app. We discuss the simplicity of integrating it into your app and deploying it in production. We even talk about the scalability, redundancy and resilience built into the Approov cloud service. However, what we don’t talk enough about is our metrics, a required feature to monitor and manage your service. With this article, we will give our metrics the description they deserve.

Read More

Approov Dynamic Pinning - An Independent View

Fri 26 June 2020 By David Stewart

Category: iOS, SafetyNet, Certificate Pinning, API Security

Our friends at Rakuten have written a blog about their opinions of and experiences with the Approov dynamic pinning capability. You can read it here. It’s always nice to be able to point at independent material about Approov because, although we think very highly of it, we may be somewhat biased!

Read More

Approov iOS Native QuickStarts

Sun 17 May 2020 By Richard Taylor

Category: Integration, iOS, Mobile App Authentication, Mobile App Development, Certificate Pinning, API Security

Photo by Evgeni Tcherkasski on Unsplash

Our aim is to make the process of integrating Approov into your mobile app as simple as possible. Our Quickstart guides show you how to add Approov into your app, tailored to whatever framework or programming style you’ve already adopted. In this blog we are going to cover the options we have for iOS Native app development.

Read More

Quick Analysis: NHSX Contact Tracing App

Mon 11 May 2020 By Richard Taylor

Category: Reverse Engineering, Threats, API, Mobile App Development, MitM Attack, Certificate Pinning, API Abuse, API Security

When the NHSX contact tracing app was made available in the app stores last Thursday we decided to take a quick look at its operation and how the code has been put together. We used the Android version and the excellent MobSF tools to do our reversing analysis. On Friday the full source code of the app was also published on github

Read More

Approov Backend Quickstarts

Wed 29 April 2020 By Richard Taylor

Category: Integration, Mobile App Authentication, API, MitM Attack, Certificate Pinning, API Security

Photo by Ankush Rathi from Pexels

Approov lets your mobile app prove to a backend API that it really is the official mobile app making the call, and that it is not running in an environment that may be compromised. Only requests from the apps that you specifically allow can make successful requests.

Read More

Approov Android Native Integration QuickStarts

Tue 28 April 2020 By Richard Taylor

Category: Integration, Android, Mobile App Authentication, Mobile App Development, Certificate Pinning, API Security

Photo by Pathum Danthanarayana on Unsplash

Our aim is to make the process of integrating Approov into your mobile app as simple as possible. Our Quickstart guides show you how to Approov into your app, tailored to whatever framework or programming style you’ve already adopted. In this blog we are going to cover the comprehensive options we have for Android Native app development.

Read More

How to Protect Against Certificate Pinning Bypassing

Tue 15 October 2019 By Paulo Renato

Category: Mobile App Authentication, Repackaged Apps, Reverse Engineering, Threats, API, MitM Attack, Certificate Pinning

In my previous article, we saw how to bypass certificate pinning within a device you control and, as promised, we will now see how you can protect yourself against such an attack.

In this article you will learn how to use a mobile app attestation service to protect your API server from accepting requests that come from a mobile app where certificate pinning has been bypassed. This means that even though the attacker has bypassed the certificate pinning, he will not be able to receive successful responses from the API server. Instead, the server will always return 401 responses, thus protecting your valuable data from getting into the wrong hands.

Read More

Bypassing Certificate Pinning

Sun 18 August 2019 By Paulo Renato

Category: Android, Mobile App Development, MitM Attack, Certificate Pinning

In a previous article we saw how to protect the https communication channel between a mobile app and an API server with certificate pinning, and as promised at the end of that article we will now see how to bypass certificate pinning.

To demonstrate how to bypass certificate pinning we will use the same Currency Converter Demo mobile app that was used in the previous article.

In this article you will learn how to repackage a mobile app in order to make it trust custom ssl certificates. This will allow us to bypass certificate pinning.

Read More

Page 1 of 2