An Analysis of Hardware-Backed Key Attestation for Mobile Security
Companies such as Google and Apple promote hardware-backed key attestation as a security measure for protecting mobile apps and APIs. This approach ensures that cryptographic keys are stored and used within secure ...
HIPAA Security Rule Amendment: Key Public Comments and Next Steps
Major cybersecurity breaches continue to plague the US healthcare industry, and on December 27, 2024, the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) to ...
UK NHS API Flaw Exposes Critical Mobile Security Risks
A recent vulnerability discovered in an UK National Health Service HS API has once again highlighted the risks associated with insecure mobile application programming interfaces (APIs). The flaw reportedly allowed unauthorized access ...
New Mobile App Scanning Tool Created by Approov and CMU Africa
Approov and Carnegie Mellon University Africa's Upanzi Network have teamed up again to help fintech companies provide more secure services to their customers by creating a new web-based open source tool which ...
Incorporating Mobile App Security into HIPAA’s Healthcare Security Rule
A proposed update to the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information was issued in June 2024. Comments were requested and Approov has proposed some changes. This ...
DeepSeek App Security Flaws Exposed: How Approov Could Have Averted the Risk
With a global AI race underway, mobile app security is not optional - it’s a necessity. A recent security audit of the DeepSeek iOS application revealed significant vulnerabilities that put user data ...
Why Over-the-Air Updates are Key for Mobile App Security in the AI Era
The rapid pace of technological advancements, particularly in artificial intelligence (AI), has transformed both the opportunities and threats in the mobile app ecosystem. This blog describes why over-the-air (OTA) updates to ...
Enhancing Mobile App API Security: Closing Gaps with a Robust SDK
The large app sec vendors are only now starting to recognize the mobile gap in their portfolio - that an SDK in mobile apps is needed to eliminate the growing mobile ...
Strategies to Stop Credential Stuffing Attacks on Mobile Apps
Identity-based and social engineering attacks are surging in 2024. Stolen credentials give hackers immediate access and control… and an instant path to stealing data and orchestrating ransomware attacks. Credential stuffing attacks ...
