Posts about

Threats

EETimes Talks Approov and Automotive

September 1, 2020

Approov is making rapid progress in the automotive sector, particularly in mobility businesses. The specific challenges in this market were the subject of an interview we did with EETimes. Read Full Story

What Can You Achieve In Your 30 Day Free Approov Trial?

August 3, 2020

Approov is first and foremost an API protection solution for bot mitigation, securing mobile businesses against automated traffic and other attempts to gain unauthorized access to backend services, data and assets. However, while delivering this service Approov also gives valuable insight into the types and state of devices that are communicating with the protected services via the API. For example, do you know the proportion of connections coming from unauthorized software: bots, scripts, or repackaged apps? Do you know if your communications are being intercepted, if the mobile device is rooted/jailbroken, if your app is running in an emulator, if there is a debugger or framework attached, or even if your app is running in a cloned environment? Read on to find out you can get at these nuggets before the end of your free Approov trial. Read Full Story

A Short Tour of the Approov Metrics

July 17, 2020

Approov API Threat Protection protects the APIs which service your mobile apps from abuse and fraud by unauthorized bad actors. We talk to customers about how Approov authenticates genuine mobile app instances without requiring hidden secrets or design decision making in the app. We discuss the simplicity of integrating it into your app and deploying it in production. We even talk about the scalability, redundancy and resilience built into the Approov cloud service. However, what we don’t talk enough about is our metrics, a required feature to monitor and manage your service. With this article, we will give our metrics the description they deserve. Read Full Story

Scanshake: Meeting the Need for Decentralised Contact Tracing

June 25, 2020

As we discussed in our previous blog, there is a strong argument to be made that Bluetooth Contact tracing is too Blue Sky. The technology has been overhyped, over promised and, in the UK at least , the delivery so bungled that public confidence has been completely undermined. In the meantime we are stepping back to manual contact tracing efforts, with privacy characteristics that don’t come anywhere close to the lofty aspirations of decentralised contact tracing apps. Read Full Story

Is Bluetooth Contact Tracing Too Blue-Sky?

June 24, 2020

Contact tracing has been in the news a lot in recent months. No wonder. It’s widely seen as playing a key role in opening our societies up again after lockdown, and an important part of the strategy for countries that have already done well in suppressing transmissions. As technologists we, and many like us, immediately jumped onto the possibilities of Bluetooth. A ready made technology available on just about every smartphone designed for ubiquitous short range radio communication. Perfect. We just need to throw an app together and we can map all the contacts people are having day to day, so if anyone gets sick we can automatically alert anyone else that might have been exposed. Cool. Should be ready in a couple of weeks, right? Read Full Story

Six Reasons to Choose SaaS Security Over In-house

June 16, 2020

    Spending large amounts of money on in-house security may not yield as great a reduction in risk as you might hope. A big investment might only result in marginal improvements -- especially with the high price of cyber security labour in the current skills shortage. Finding the right mix of security options is something of a balancing act, and cloud-based security or SaaS security (Security as a Service, or SECaaS) can offer an alternative. Read Full Story

Protecting Your SDK With Approov

June 11, 2020

Photo by Ann H from Pexels When we talk about Approov API Threat Protection, we usually talk about it in the context of ensuring that only genuine instances of your own mobile app can use your API to access your backend servers. However, there is another use case which occurs commonly in our customer base - ensuring that only your SDK can use your API where you distribute your SDK to your customers. Here also, Approov is highly effective. Read Full Story

Vulnerabilities In Fintech Mobile Apps

May 22, 2020

  Mobile applications play an increasingly important role in our lives -- and the current global lockdown due to the COVID-19 situation has led to a surge in the download of financial technology or fintech apps. According to research by the deVere Group, the coronavirus pandemic has fuelled a massive 72% rise in the use of fintech apps in Europe. But while this spike in adoption and usage provides encouraging news for the fintech industry, these mobile apps present a real threat, with hackers looking for new ways to bypass software defences, or to exploit security vulnerabilities. Read Full Story

Preventing Faked Proximity

May 15, 2020

We’ve been thinking a lot about contact tracing apps in recent weeks. There are ongoing debates about whether a centralised or decentralised model is superior, and how the ensuing discussions around privacy will impact their takeup.  Read Full Story

Quick Analysis: NHSX Contact Tracing App

May 11, 2020

When the NHSX contact tracing app was made available in the app stores last Thursday we decided to take a quick look at its operation and how the code has been put together. We used the Android version and the excellent MobSF tools to do our reversing analysis. On Friday the full source code of the app was also published on github.  Read Full Story