Approov 2.7 delivers API cybersecurity protection for mobile-based applications

Approov introduced release 2.7 of the Approov API Shielding platform which lets companies of all sizes adopt leading-edge, affordable API cybersecurity protections for mobile-based applications.

Approov 2.7 incorporates feedback from customers across several sectors, and is an ideal solution for both large hyperconnected organizations and those smaller and medium-sized businesses (SMBs) and enterprises that have either been priced out of application API solutions or were daunted by slow and complex deployment with high overhead.

Approov 2.7 is driven by customer requirements, delivering:

  • Instant, immediate effective shielding of mobile app APIs and protection from the costs of fraud, without demands on in-house talent to implement and sustain complex back-end solutions,
  • Easy back-end integration with partner solutions (e.g. API Gateways, WAFs, CDNs, etc.) for comprehensive security and control of API access,
  • Deep security expertise to stay ahead of attackers’ next moves,
  • Cross-platform consistency that’s complimentary to Apple iOS and Google Android tools,
  • Real-time visibility and enhanced reporting, and
  • “Actual use” pricing that charges only for the validation of genuine active monthly users. Competing offerings also charge for rejected traffic at the backend, failed attempts by bots, scripts or tampered apps, etc. Approov aligns mobile app API security investments with the company’s business growth and budget.

Approov 2.7 is now in use with customers across several industry sectors including finance, eCommerce, connected cars/transport, and mobile health applications.

Connected cars – Sixt

“In the early days of car sharing, we saw aggregators displaying the availability and location of our vehicles. Reviewing our API security arrangements, we realized how straightforward it was to extract this level of data and we worried that third parties might be able to take a further step, and reserve and access our cars via our API. We sought a solution which could authenticate API requests from our mobile apps and from third party mobile apps, and that’s when we found Approov. We are not opposed to sharing data, but we want to control what we share and who we share it with to maintain our brand image and direct connection with our customers. Approov gives us that control,” said Nico Gabriel, President, SixtX.

Connected cars – BMW

Also in the connected cars sector, Approov previously announced in Q4:2020 its partnership with BMW Group to provide a secure and seamless car share experience. A recent application of the platform is within BMW’s Mini Sharing service which was launched in April 2021.

eCommerce – Deindeal

“Having a WAF with bot detection built in worked well for us when we had a web-based platform. Moving to APIs means that you have no context through which to identify automated traffic. We needed a new security solution for our API-based platform. Knowing what is calling your API is necessary to protect your mobile channel against scripts and bots that can negatively impact your revenue streams. The documentation is excellent, and the developers didn’t need to read it a lot of the time! In addition to the product itself, we really appreciate the Approov solution’s real-time analytics, the Command Line Interface (CLI) tool and the deep security knowledge of the support team,” said Alexandre Branquart, CIO/CTO & Co-Founder, Deindeal.

Financial services – Papara

“Having completed the integration and test in less than 30 days, we deployed the Approov protection and instantly saw the costs due to the fraudsters drop by 90 percent. Approov was a natural choice at the end of our research because its capabilities met precisely the need we had. It required minimal integration work while providing maximum security and flexibility. Other offerings were too rigid and required too much initial integration work. Blocking so much fraudulent traffic from scripts and automators significantly lifts the pressure on Papara’s systems as well as on our finances,” said Emre Kenci, CTO, fintech leader Papara.

Healthcare – MV

“Getting the app and API protection wrong in the MV Medic app is not an option. The recent Brazilian Personal Data Privacy Regulation (LGPD) legislation means that our healthcare institution customers could suffer from significant fines if we didn’t meet our security goals. When we developed the Medic app, we pentested the app and the APIs which service the app, and one of our pilot customers expressed concerns about giving access to patients’ Electronic Health Records on a mobile device.

“Approov plugged an immediate API security hole which pentesting had exposed in our platform, and we calculate that the adoption of Approov will bring us a 10x RoI considering lost sales and the cost of an internal development. We are so convinced by the need for leading-edge security that we are now planning to add Approov into all of our healthcare apps,” said Tiago Calado, Product and Development Manager at MV.

Shift left and shield right, without false positives and extreme expense: Approov 2.7 delivers run-time shielding that protects APIs from attacks, isolating mobile apps against data theft and operation service blocking threats that mobile app hardening cannot address. It protects browser applications against these same vulnerabilities – without the false positives and inordinate expense typical to app API shielding.

This run-time shielding of APIs from attack is urgently needed. It complements current development-stage “shift left” initiatives with new, ongoing production “shield right” inoculation for production apps. Approov 2.7 delivers immediate, easy and secure app API protection services that also provide and protect an optimal customer experience.

David Stewart, CEO of Approov, said: “Approov 2.7 was developed for organizations that lack the time, expertise and budgets to deploy hard-to-manage backend bot /API security solutions, and for those who may be concerned about the potential impact of app/API protections on customer-experience. This last year, we’ve all seen just how foundational integrated mobile applications and services are to the fabric of our daily lives. We have also seen the security gaps arising from our collective increased dependence on mobile app APIs, and with Approov 2.7, we effectively address them.”

Don't miss