• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Latest News

Approov Runtime Secrets Protection Shields Mobile App Secrets, Prevents Theft of API Keys and Credentials, Blocks Mobile App DDoS Attacks

May 19, 2022 TechDecisions Staff

New Osterman Research Findings Reveals Massive, Highly Exploitable Mobile API Attack Surface. Approov New Release Dynamically Manages and Protects all API Credentials for Mobile Apps, Keeping them Secure, Shielding Apps from Attack.

SAN JOSE, Calif. & EDINBURGH, Scotland–(BUSINESS WIRE)–#Approov—Approov, creators of advanced mobile app and API shielding solutions, today introduced Approov Runtime Secrets Protection, enabling comprehensive protection of the API credentials and secrets that are typically targeted by threat actors for malicious exploitation.

Recent breaches have highlighted the risk of stolen keys and secrets being exploited by hackers. It is clear that such secrets are not being effectively protected at rest and in transit, resulting in bad actors acquiring them and exploiting them to access APIs and applications.

The wide use of third-party APIs by mobile apps adds another dimension to the problem. Mobile app developers can suffer both financial losses and brand reputation damage if they are seen to be the cause of 3rd party app breaches or service disruptions caused by Distributed Denial of Service (DDoS) attacks using stolen secrets.

Recent research from Osterman Research illustrates the extent of the issue:

“Upcoming Osterman findings show that mobile apps depend on average on more than 30 third-party APIs, and that half of the mobile developers we surveyed are still storing API keys in the app code,” Michael Sampson, senior analyst at Osterman Research, said. “These two things together constitute a massive attack surface for bad actors to exploit. And third-party API threats against mobile apps aren’t as well understood by companies as they should be. The new functionality from Approov allows API keys to be managed and updated dynamically and ensures they are never extractable from the app. This is a major step forward in protecting APIs from abuse.”

Developers have frequently been urged not to store hard coded keys in a mobile app or device, but as the research shows this “best-practice” is not widespread, since up to now, there has been no easy way to conveniently store such secrets safely outside the app code.

Introducing Approov Runtime Secrets Protection: Just in Time Keys Secrets That Thwart Mobile API Attacks

This is why Approov is releasing new functionality in Approov 3.0 which addresses this issue by making management of API keys and other secrets easy and secure, at rest, or in transit.

Approov Runtime Secrets Protection manages and protects all the secrets a mobile app uses. The Approov cloud service delivers secrets “just-in-time” to the app only at the moment they are required to make an API call, and only when the app and its runtime environment has passed attestation. This ensures that sensitive API secrets are not being continuously stored or delivered to unsafe places, such as fake apps or into malicious hands.

All secrets are stored by the Approov cloud service and are easy to manage dynamically. If changes to these are needed, they are easily and immediately changed across all deployed apps, preventing abuse.

This approach marks a major improvement over keys that are hard coded in the app itself, because should those keys be “leaked” the app must be updated with an entirely new version – a process which is complex and time-consuming, and involves juggling new and old keys during the time it takes for the installed base to be transferred to the new version.

Doğan Bolak, CTO of social investment innovator Invstr, said, “We love the way Approov protects both our app and the APIs we use. Our customers need to be confident that our service is secure and Approov delivers that. We are very happy with the technology and support we get from them. Approov Runtime Secrets Protection delivers the important ability to turn static keys into dynamic keys and updates them ‘at the flick of a switch’ which means that 3rd party APIs are no longer open to abuse even if secrets do get in the hands of bad guys.”

Approov Runtime Secrets Protection eliminates the need to include secrets in the mobile app code at all, completely eliminating any risk of extraction through code analysis, as well as the risk of exposure through accidental source code repository leaks. Additionally administration is easy: Approov allows secrets to be dynamically updated in the field with no need to issue app updates.

David Stewart, CEO, Approov, said: “Mobile apps and APIs are — now more than ever — the lifeblood of organizations large and small. Leaving secrets in apps or extractable via man-in-the-middle (MitM) attacks is like leaving your front door open to attackers, and organizations must act immediately to deploy secret shielding solutions. Relying purely on app hardening solutions that do not protect secrets in transit is like locking the front door while leaving the windows open. Approov Runtime Secrets Protection is the first solution to comprehensively shield secrets at rest and in transit, without any backend changes. It protects the full range of APIs that mobile apps now rely on, including previously unprotected 3rd party APIs.”

Upcoming Webinar

Join the live webinar from Approov on June 9th “Best Practices for Secure Access of 3rd Party APIs from Mobile Apps” which will discuss the reputational and financial risks associated with API use and how to mitigate those risks. Sign up here.

Pricing and Availability

The pricing of the Approov solution is designed to be completely aligned with your business growth, based on the number of genuine active apps in a monthly billing period. Approov 3.0 is available now.

About Approov

Approov solutions help stop API abuse at the edge, and prevent security breaches in mobile channels. With more businesses moving to digitalization and future-ready services that utilize mobile API connections, securing those connections properly can get overlooked or not fully implemented for all possible threats, exposing organizations and their users to breaches, fraud, denial of service, and other forms of API abuse.

Approov API Threat Protection provides a multi-factor, end-to-end mobile API security solution that complements identity management, endpoint, and device protection to lock-down proper API usage. It ensures that only safe and approved apps running in safe environments can successfully and securely access an organization’s APIs, and turns away unauthorized accesses by attacker scripting, bots and fake or tampered apps. https://www.approov.io/

Contact info:

Michael Sampson, Senior Analyst, Osterman Research: Contact Madison Alexander

Dogan Bolak, CTO, Invstr: Contact Madison Alexander

Additional Resource Links:

Explainer: The Threats to Mobile Apps and APIs
Explainer: The Approov Product Page

Contacts

Dan Chmielewski

Madison Alexander PR, Inc.

714-832-8716

C: 949-231-2965

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Related Content:

  • Virgin Media O2 Partners with VMware to Complete…
  • SEON Expands Advanced Digital Device Fingerprinting to Counter…
  • Akumina Announces 86% Year-over-Year SaaS Bookings Growth as…
  • Skykit Survey: Sharing Data Dashboards Broadly with Employees…

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSEVENT STANDARDS OF CONDUCTYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.