Certificate pinning is a security measure that mobile app developers can use to improve the security of their apps. It ensures that your app only connects with a backend API via TLS if the presented certificate chain includes at least one certificate public key that is known to be trusted. This means that the app is not simply reliant on the contents of the trust store on its device, but also requires an additional level of verification.
This is a vital security approach considering the fact that the ever-increasing popularity and use of smartphones and mobile apps make them a prime target of attack. For example, a recent study found that many app categories in the Android Store are vulnerable to cyber security attacks, and at least 16% had no fixes available.
Certificate pinning protects against mis-issuance, Certificate Authority (CA) compromise, and Man-in-the-Middle (MitM) attacks.
The Approov Mobile App Protection solution contains an in-built Dynamic Certificate Pinning solution, designed for out of the box simplicity of implementation, monitoring and management. Many of our customers having benefited from it when certificates have been rotated without notice and they need to instantly update the certificates in their apps to match. You can read more about Approov Dynamic Certificate Pinning here.