Approov is an essential component of mobile application security for major global organizations that serve millions of users annually. These organizations operate in various sectors, including eCommerce, financial services, healthcare, automotive, and gaming.
Approov offers a patented and comprehensive runtime security solution, known as RASP (Runtime Application Self-Protection), designed specifically for mobile apps and their APIs. This solution is unified across multiple platforms, including Android, iOS, and HarmonyOS.
In the current business environment, mobile applications are essential for organizations. Unfortunately, they also present potential vulnerabilities that can be exploited by attackers, leading to breaches, fraud, denial of service, and other forms of API abuse. Approov effectively addresses these risks by preventing automated attacks and the manipulation of mobile platforms, as well as blocking any compromised or unauthorized apps. It blocks any unauthorized access attempts from scripts, bots, and fake or tampered apps.
What sets Approov apart is its ability to perform mobile app attestation, app shielding and provide runtime application self-protection (RASP). Approov provides the only comprehensive run-time security solution for the security of mobile apps and their APIs, including just-in-time management of API keys, secrets, and certificates. This combination of features ensures exceptional operational convenience and robust security at scale for organizations using Approov. In summary, the following features are included:
Approov definitively attests to the authenticity of your app and the device on which it is running.
Approov gives you direct real time insight into your deployed apps, the environments they are running in and any threats being actively defended.
Approov’s blocks Man-in-the-Middle (MitM) attacks and enables secure over-the-air instant pin updates without service disruptions.
Approov allows removal of hardcoded API keys and secrets from your app. These can be updated instantly across installed apps.
Approov protects your backend APIs from API abuse, credential stuffing, fake botnet registrations, and DDoS attacks.
Approov detects unsafe operation environments on the client device, such as rooted/jailbroken devices, debuggers/emulators and malicious frameworks.
A History of Innovation
Our initial technology platform was built by the company to perform static and dynamic analysis of ARM machine code to generate highly optimized processor architectures from profile-guided analysis. Binary-to-binary code transformation was then used to map code onto the custom architecture. Later, we enhanced this technology to perform binary translation onto fixed instruction set architectures while preserving vector single instruction, multiple data (SIMD) optimizations.
We expanded our dynamic code analysis capabilities adding support for numerous processor architectures including x86 and POWER with 32-bit and 64-bit instruction set. By expanding beyond instruction level dependency analysis, our interactive development environment enabled optimizations for thread level parallelism extraction from existing code. This was widely deployed to a range of customers along with technical consulting services for code optimization with a specialty in cryptographic accelerators.
Transitioning to Mobile
By 2016, mobile app security was becoming a major issue and because of the rapid adoption of mobile apps, a problem that needed to be urgently addressed. Our team, because of deep knowledge of mobile architectures and cloud software, saw how to solve this issue with a unique approach and Approov was born. We developed the key technology components that became Approov and launched the first commercial release of in 2017. We now serve a wide range and growing customer base.
We predicted an emerging security risk would come with the widespread use of APIs in the app economy and the vulnerabilities of mobile apps. Tampered apps and spoofed API requests have become an increasing significant business security challenge. Apps need a way to continuously identify themselves reliably to backend systems using more sophisticated techniques than API keys or other secrets embedded within apps which are subject to easy exploitation.
Combining deep understanding of mobile client architectures and cloud computing enabled us to develop a highly differentiated approach to end-to-end mobile security.
Our Unique Advantage
Approov allows only genuine mobile app instances, running in safe environments, to access your API and blocks all scripts, bots, modified apps and fake apps from accessing your backend. This is done in a way which is both highly secure and easy to administer and uses standard JWT tokens which are used by backend systems to decide if requests should be allowed. As well as blocking modified apps, Approov Runtime Application Self Protection (RASP) detects a full range of potentially unsafe mobile device environments including device rooting/jailbreaking, emulator or debugger usage and malicious instrumentation frameworks. In addition Approov provides full defense against Man-in-the-Middle attacks via fully pinned communications channels.
Approov also builds on this core functionality to protect the critical secrets used in mobile apps e.g. API keys. Secrets can be dynamically provisioned by Approov and only delivered to applications when needed and only if attestation and environment tests are passed.
The unique client/cloud implementation efficiently and securely partitions the analysis between the client device and the cloud and also permits dynamic and rapid reaction to changing threats: policies can be modified and certificates and pins can be updated over-the-air without the need to update and roll out new versions of an application. This is a key differentiator of Approov, enabling devops teams to dynamically manage the security posture and manage secrets and keys without ever having to update apps.
We couple this unique SaaS approach with Real-Time Threat Analysis Dashboards to provide visibility to threats.
Unlike AI-based behavioral solutions, we take a deterministic approach that ensures the lowest latency, highest performance and most accurate results, with no false positives.
Ted Miracco – CEO of Approov
Ted is an experienced technology executive with expertise in cybersecurity, particularly in the mobile app and API space. He is the CEO of Approov Mobile Security, a prestigious cybersecurity firm based in Edinburgh, UK and at the forefront of safeguarding mobile apps and APIs from malicious attacks. Approov is renowned for its cutting-edge solutions that provide robust protection in the ever-evolving mobile threat landscape. Prior to his role at Approov, Ted co-founded Cylynt Limited, an anti-piracy and SaaS data analytics company, and played a pivotal role in the establishment of AWR Corporation, an EDA company that was later acquired by National Instruments in 2011 and is now an integral part of Cadence. AWR’s contributions to semiconductor design for wireless applications are widely recognized. During his tenure, Ted spearheaded global sales, marketing, and the implementation of a highly successful license compliance program, ensuring the company’s continued growth and success. Ted’s extensive experience extends beyond established industry giants to include collaborations with Fortune 500 software companies such as Cadence Design Systems, as well as innovative startups like EEsof Inc., which was acquired by Hewlett Packard in 1994 and is now part of Keysight Technologies. This diverse background has equipped him with a comprehensive understanding of the industry’s landscape from multiple perspectives. Ted holds a Bachelor of Science in Electrical and Computer Engineering (B.S.E.E.) from Carnegie Mellon University, a testament to his strong academic foundation and commitment to excellence.
Japheth Hossell – CTO of Approov
As an expert software architect and engineer, Jae brings a profound understanding of computer architecture, algorithms, data structures, and systems design. Over two decades of experience have allowed Jae to master a diverse range of technologies and skills including novel architectures, embedded and mobile operating systems, compilers, virtual machines, desktop applications, and comprehensive full-stack cloud-based services. Jae’s app-security expertise has evolved over the last 10 years, as he has immersed himself in the app-security space to continually advance and develop the Approov mobile security solution.