We're Hiring!

Approov Blog
Mobile App Development (3)

Mobile App Security Best Practices

April 3, 2023

Mobile apps are now essential for communication, entertainment, shopping, banking and other aspects of our daily lives. As security threats increase, it's crucial to ensure that mobile apps are secure. Insecure mobile apps can lead to data breaches, sensitive information theft, and financial losses. Adopting best security practices is essential to safeguard your mobile apps, APIs, and users' data and privacy. This blog post outlines the best practices for mobile app security that every mobile app developer should consider while developing mobile apps and where Approov can be used to enhance the security of a mobile app and their APIs. We'll cover topics like secure code development, authentication and authorization, network security, secure data storage, and regular security testing. Read Full Story

China and India present new Challenges and Opportunities

March 24, 2023

Pinduoduo Malware highlights the need for App Attestation on a Global Scale The recent Pinduoduo hack may have impacted over 700 million users in China, and highlights the need for mobile app attestation to protect against mobile app malware and other vulnerabilities. In the Pinduoduo hack, attackers were able to exploit a vulnerability in the popular ecommerce mobile app to gain access to user accounts and steal sensitive information, such as users' names, phone numbers, and addresses. This type of attack is not uncommon, and highlights the importance of implementing strong security measures, such as app attestation, to help prevent such vulnerabilities from being exploited. Read Full Story

Can I Share My API Key?

November 28, 2022

An API key is a token provided by a client when making API calls. It is used to authenticate and authorize access to specific resources. In this article, we answer the question, "Can I share my API key?" and provide some guidance on when it is appropriate to do so. Read Full Story

Is Certificate Pinning Worth it?

November 24, 2022

In a word - yes; when implemented correctly, certificate pinning is an effective method for securing mobile application traffic by restricting the accepted certificates to just those you are willing to trust. In its most secure manifestation, this trust sits outside the standard TLS certificate store managed by the device. Read Full Story

Securing Mobile Gambling Platforms

November 8, 2022

Gambling has come a long way since the days of visiting a bricks and mortar outlet and filling in some paperwork to bet on a small set of events and outcomes. Recent years have seen dramatic changes in this market. In this article we’ll look at how it has evolved and what the security implications are. Read Full Story

How Do I Protect My Flutter App?

October 10, 2022

Google’s open source Flutter has quickly become one of the most popular development toolkits for building cross platform mobile applications. In this article we will examine what security is built-in to Flutter mobile apps and recommend additional layers which you may wish to consider for your mobile projects. Read Full Story

The False Economics of Agentless Security for Mobile

September 29, 2022

Editor's note: This post was originally published in September 2022 in IDG TECH(talk). Agentless security for mobile is an approach that promises businesses protection from attack without having to add any security related software into their mobile apps. In this article we will look at the pros and cons of adopting this approach compared to alternative mechanisms. Read Full Story

How Do I Make My API Gateway Secure?

September 21, 2022

An API Gateway is a tool that manages APIs and API traffic. Essentially it sits between remote clients (servers, browsers, mobile apps) and backend services and is responsible for routing API requests in either direction to the right source. It provides a degree of protection out of the box and in this article we’ll examine how much security you’ll get from your API Gateway and what else might be needed to secure your data and services. Read Full Story

Is an API Gateway Secure?

September 14, 2022

An API Gateway is a tool that manages APIs and API traffic. Essentially it sits between remote clients (servers, browsers, mobile apps) and backend services and is responsible for routing API requests in either direction to the right source. But how much security should you expect from an API Gateway? Read Full Story

The State of Mobile App Security in 2022 in Financial Services

August 17, 2022

Introduction and Context This blog provides a snapshot of mobile app security in Financial Services based on an extensive study performed by Osterman Research and published in the Approov-sponsored report “The State of Mobile App Security in 2022”, in July this year. Read Full Story