APIs (Application Programming Interfaces) are the unsung heroes in an interconnected digital world. They are the crucial communication channels enabling different software systems to talk to each other, powering everything from your mobile banking app to complex enterprise solutions. However, this vital role also makes them prime targets for malicious ... Read More

APIs (Application Programming Interfaces) are the unsung heroes in an interconnected digital world. They are the crucial communication channels enabling different software systems to talk to each other, powering everything from your mobile banking app to complex enterprise solutions. However, this vital role also makes them prime targets for malicious ... Read More

In a troubling development that should alarm everyone involved in mobile security and privacy, a cloned version of the Signal app—TeleMessage—was deployed by the U.S. government and subsequently compromised. The clone, built from open-source Signal code, lacked basic protections like app attestation and secure token-based API access. The result? A ... Read More

In a troubling development that should alarm everyone involved in mobile security and privacy, a cloned version of the Signal app—TeleMessage—was deployed by the U.S. government and subsequently compromised. The clone, built from open-source Signal code, lacked basic protections like app attestation and secure token-based API access. The result? A ... Read More

Companies such as Google and Apple promote hardware-backed key attestation as a security measure for protecting mobile apps and APIs.  This approach ensures that cryptographic keys are stored and used within secure hardware components, such as Trusted Execution Environments (TEEs), Secure Elements (SEs), or hardware security modules (HSMs). We will ... Read More

Companies such as Google and Apple promote hardware-backed key attestation as a security measure for protecting mobile apps and APIs.  This approach ensures that cryptographic keys are stored and used within secure hardware components, such as Trusted Execution Environments (TEEs), Secure Elements (SEs), or hardware security modules (HSMs). We will ... Read More

Major cybersecurity breaches continue to plague the US healthcare industry, and on December 27, 2024, the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) to amend the HIPAA Security Rule, titled "The HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health ... Read More

Major cybersecurity breaches continue to plague the US healthcare industry, and on December 27, 2024, the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) to amend the HIPAA Security Rule, titled "The HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health ... Read More

Approov and Carnegie Mellon University Africa's Upanzi Network have teamed up again to help fintech companies provide more secure services to their customers by creating a new web-based open source tool which scans Android mobile application software for vulnerabilities and security issues and present a detailed report with recommendations on ... Read More

A proposed update to the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information was issued in June 2024. Comments were requested and Approov has proposed some changes. This blog outlines the Approov recommendations to strengthen The Rule, specifically around mobile apps on personal mobile devices accessing ... Read More