Approov

Approov provides mobile API security solutions that protect mobile applications and their backend APIs from automated attacks and unauthorized access. The company's platform focuses on authenticating mobile apps themselves rather than just users, ensuring that only genuine, unmodified instances of legitimate mobile applications can access backend APIs. Approov's technology addresses several key security challenges including man-in-the-middle (MitM) attacks through certificate pinning, API abuse prevention through app authentication, and protection against scripted attacks that exploit API vulnerabilities. The solution works by verifying that API requests originate from authentic mobile app instances running in safe runtime environments, effectively blocking scripts and bots from accessing protected APIs. The company serves organizations across multiple sectors including healthcare, financial services, and mobile gaming. Their approach complements traditional API security measures by adding a layer of runtime app authentication, analogous to two-factor authentication for users. This prevents attackers from exploiting API keys and tokens even if they are extracted from mobile apps or intercepted in transit. Approov's platform integrates with existing mobile applications and API infrastructure, providing ongoing protection without requiring organizations to become security specialists. The company has conducted and sponsored research on API security vulnerabilities in healthcare (FHIR APIs) and financial services, highlighting the importance of securing the "last mile" connection between mobile apps and backend services.