Approov Blog

Mobile App Authentication (5)

ShipFast and ShipRaider made a fresh appearance at the RSA Conference in late February 2020 in San Francisco. This time the focus was on API security for React Native Apps: Read Full Story

Photo by Digital Buggu from Pexels Google announced Android App Bundles a couple of years ago at I/O 2018. App Bundles are a new app publishing format providing new features that have rapidly driven their adoption. In particular App Bundle delivery enables automatic splitting of various assets within the overall app package, so they are only delivered to a device if they are actually needed. Read Full Story

Photo by Ferenc Almasi on Unsplash React Native is a very popular framework for building cross platform apps. Apps are developed in Javascript, but with full support for inclusion of native iOS or Android libraries where that is necessary. You shouldn’t need to compromise on security though just because you are using a higher level framework rather than developing native apps. Our React Native Quickstart allows you to easily get up and running with Approov, whether you are building a new app or adapting an existing one to have an improved security posture. Read Full Story

Photo by Ankush Rathi from Pexels Editor's note: This post was originally published in April 2020 and has been revamped and updated for accuracy and comprehensiveness. The latest update was in September 2020. Approov lets your mobile app prove to a backend API that it really is the official mobile app making the call, and that it is not running in an environment that may be compromised. Only requests from the apps that you specifically allow can make successful requests. Read Full Story

Photo by Pathum Danthanarayana on Unsplash Our aim is to make the process of integrating Approov into your mobile app as simple as possible. Our Quickstart guides show you how to Approov into your app, tailored to whatever framework or programming style you’ve already adopted. In this blog we are going to cover the comprehensive options we have for Android Native app development. Read Full Story

Image by Andrew Martin from Pixabay The Android app store contains numerous Cloner Apps. These are an increasingly popular category that allow you to have multiple accounts associated with an app, such as a social media or messaging app. Our analysis shows that such apps introduce some really concerning potential security isolation risks that you should be aware of so that you can decide if you want to enable features to block the use of such cloner apps with your own app. Read Full Story

Recent years have seen a move towards cloud platforms and mobile health apps for citizens -- applications and data processing systems that enable ordinary people to interact with their health providers, make appointments with medical professionals, order prescriptions, and gain on-demand access to their medical records. The ongoing COVID-19 pandemic is putting greater emphasis on this trend, as citizens clamour for the latest news, advice, and best practices, while government and health organisations look to digital technologies to help them develop treatment protocols, track the progress of the virus spread, and monitor the condition of all those affected. Read Full Story

Photo by Fusion Medical Animation on Unsplash Last Friday, there was an unusual joint announcement from Apple and Google providing details of a new phone API for Covid-19 contact tracing via Bluetooth. The protocol allows mobile phones to continually transmit Bluetooth advertisements to one another. This includes a proximity identifier derived from randomly generated keys that can be held secretly on each device. If a phone user is later diagnosed with Covid-19, they are able to upload the daily tracing keys for those days when they might have been infectious. Read Full Story

At a time when the world could use some good news, any good news, the central health crisis continues to get compounded by a persistent wave of cyberattacks targeted at companies and their employees. Not even healthcare institutions and agencies at the center of responding to the emergency have been spared, with the World Health Organization, the U.S. Department of Health and Human Services and even a UK-based coronavirus testing facility being targeted by cyber profiteers. Read Full Story

For zero trust mobile apps and APIs, credentials aren’t nearly enough. Read Full Story