Approov Runtime Secrets Protection Shields Mobile App Secrets. – MarTech Series

MarTech Series – Marketing Technology Insights
New Osterman Research Findings Reveals Massive, Highly Exploitable Mobile API Attack Surface. Approov New Release Dynamically Manages and Protects all API Credentials for Mobile Apps, Keeping them Secure, Shielding Apps from Attack.
Recent breaches have highlighted the risk of stolen keys and secrets being exploited by hackers. It is clear that such secrets are not being effectively protected at rest and in transit, resulting in bad actors acquiring them and exploiting them to access APIs and applications.
The wide use of third-party APIs by mobile apps adds another dimension to the problem. Mobile app developers can suffer both financial losses and brand reputation damage if they are seen to be the cause of 3rd party app breaches or service disruptions caused by Distributed Denial of Service (DDoS) attacks using stolen secrets.
Recent research from Osterman Research illustrates the extent of the issue:
“Upcoming Osterman findings show that mobile apps depend on average on more than 30 third-party APIs, and that half of the mobile developers we surveyed are still storing API keys in the app code,” Michael Sampson, senior analyst at Osterman Research, said. “These two things together constitute a massive attack surface for bad actors to exploit. And third-party API threats against mobile apps aren’t as well understood by companies as they should be. The new functionality from Approov allows API keys to be managed and updated dynamically and ensures they are never extractable from the app. This is a major step forward in protecting APIs from abuse.”
Developers have frequently been urged not to store hard coded keys in a mobile app or device, but as the research shows this “best-practice” is not widespread, since up to now, there has been no easy way to conveniently store such secrets safely outside the app code.
Marketing Technology News: MarTech Interview with Hanan Maayan, CEO and Co-founder at Trackonomics
“Upcoming Osterman findings show that mobile apps depend on average on more than 30 third-party APIs, and that half of the mobile developers we surveyed are still storing API keys in the app code”
Introducing Approov Runtime Secrets Protection: Just in Time Keys Secrets That Thwart Mobile API Attacks
This is why Approov is releasing new functionality in Approov 3.0 which addresses this issue by making management of API keys and other secrets easy and secure, at rest, or in transit.
Approov Runtime Secrets Protection manages and protects all the secrets a mobile app uses. The Approov cloud service delivers secrets “just-in-time” to the app only at the moment they are required to make an API call, and only when the app and its runtime environment has passed attestation. This ensures that sensitive API secrets are not being continuously stored or delivered to unsafe places, such as fake apps or into malicious hands.
All secrets are stored by the Approov cloud service and are easy to manage dynamically. If changes to these are needed, they are easily and immediately changed across all deployed apps, preventing abuse.
This approach marks a major improvement over keys that are hard coded in the app itself, because should those keys be “leaked” the app must be updated with an entirely new version – a process which is complex and time-consuming, and involves juggling new and old keys during the time it takes for the installed base to be transferred to the new version.
Doğan Bolak, CTO of social investment innovator Invstr, said, “We love the way Approov protects both our app and the APIs we use. Our customers need to be confident that our service is secure and Approov delivers that. We are very happy with the technology and support we get from them. Approov Runtime Secrets Protection delivers the important ability to turn static keys into dynamic keys and updates them ‘at the flick of a switch’ which means that 3rd party APIs are no longer open to abuse even if secrets do get in the hands of bad guys.”
Approov Runtime Secrets Protection eliminates the need to include secrets in the mobile app code at all, completely eliminating any risk of extraction through code analysis, as well as the risk of exposure through accidental source code repository leaks. Additionally administration is easy: Approov allows secrets to be dynamically updated in the field with no need to issue app updates.
David Stewart, CEO, Approov, said: “Mobile apps and APIs are — now more than ever — the lifeblood of organizations large and small. Leaving secrets in apps or extractable via man-in-the-middle (MitM) attacks is like leaving your front door open to attackers, and organizations must act immediately to deploy secret shielding solutions. Relying purely on app hardening solutions that do not protect secrets in transit is like locking the front door while leaving the windows open. Approov Runtime Secrets Protection is the first solution to comprehensively shield secrets at rest and in transit, without any backend changes. It protects the full range of APIs that mobile apps now rely on, including previously unprotected 3rd party APIs.”
Marketing Technology News: Social Media is Changing – Don’t Let Your Multi-Location Business Miss Out
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Prev Post
Dasera Selected as SC Media Trust Award Finalist for Best Database Security Solution
Next Post
Near, a Global Leader in Privacy-Led Data Intelligence, to go Public on Nasdaq via a Merger with KludeIn I Acquisition Corp.
Near, a Global Leader in Privacy-Led Data Intelligence, to go Public on Nasdaq via a…
Dasera Selected as SC Media Trust Award Finalist for Best Database Security Solution
Post COVID-19: 3 Consumer Behavior Shifts That Should Inform Marketing Strategies
MarTech Interview with Kirsten Allegri Williams, CMO at Optimizely
Popular Posts
Nascar Selects Fan Engagement Platform, Pickup, to Help…
Why the Next Big Marketing Opportunity is: In-App Customer…
Brands Expand Use of Creative for Campaign Performance…
Quest Software Delivers Data Intelligence Offering to Help…
Offering Privacy-Centric Data and Marketing Solutions,…
WeWay Is an Official Partner of the WIBA Awards in Cannes
mParticle Introduces Lifetime Profiles for Audiences to…
ON24 Platform Innovations Deliver More Engagement,…
Intuit QuickBooks and Mailchimp Introduce Small Business…

Copyright © 2022 MarTech Series. All Rights Reserved. Privacy Policy
Welcome, Login to your account.
Recover your password.
A password will be e-mailed to you.

source

Share:

More Posts

Market Research

Pulse Surveys

Turn feedback into action

Our survey platform makes it easy to measure and understand feedback so you can drive growth and innovation

Pulse Handshak

Pulse Handshak

Collaborative online survey tool for the market research industry. Remote assisted surveying just like face-to-face interviews. Here interviewers can talk to the respondent over the web-console without the need for any other communication channel and share the same Q're with responses and click actions.

Pulse FE

Pulse FE

Pulse Field Expert or Pulse FE is the main platform for both offline and online survey at softofficepro.com. It is robust and used by hundreds of clients over tens of years with millions of responses. Do it once Q're and deploy on both offline devices (android) and online forms makes it a great cost effective platform for any kind of responses

Pulse Ultimate

Pulse Ultimate

Pulse Ultimate is targeted for tracking studies and retail audits. An offline survey system offering extreme field control including processes like data quality check, back-check, rework, comparison with previous wave data etc. helps to get the best results on a day-to-day basis

Pulse LS

Pulse LS

Use a managed Limesurvey and our expertise for creating complex forms and token based user management. Use optional mailing system to send survey invitation to each participant and track progress of the response status. Industry standard SPSS / R output supported