App
Attestation


Mobile App Attestation Service | Mobile App Attestation Solution | Approov

App Attestation

App Attestation is a runtime technique used to provide proof that an app is truly authentic and running in a trusted device. It uses a combination of measurements made on the client but checked by a remote attestation server.

Benefits

Cloud-Based Security

Migrate security decisions into the cloud for greater security and flexibility

Сryptographic Security

Token based cryptographic security with no secrets in the app

Platform Attestation

Optional integration of platform attestation for additional security

Definitive Attestation

Traditional app security approaches integrate all of the threat detection logic into the app itself, which is running in an attacker controlled environment. Even if the detection code is well defended, it relies on the app making a local decision about it’s own integrity, which presents an obvious weak point that is frequently exploited by attackers.

Approov is different. It uses a remote attestation approach, where the running app must prove itself to be genuine through a sequence of integrity measurements. These results are then sent to the Approov cloud service using a patented challenge-response protocol, immune from replay attacks. The Approov cloud makes the decisions.

If integrity is verified then the running app is issued with a short lived cryptographic token that it can use to prove its authenticity to the backend API services it uses. The app cannot make its own decisions about integrity and cannot sign its own tokens. Defense is moved out of the attacker’s reach and into the Approov cloud.

Approov mobile security architecture diagram

Google Play Integrity and iOS App Attest Integrated

Approov provides more granular control, wider device support, cross-platform consistency and various other advantages over the basic platform capabilities. However, Approov does optionally integrate with iOS App Attest / DeviceCheck and Google Play Integrity to provide the most comprehensive attestation and powerful threat management framework.

Approov app attestation diagram; integration with Google Play Integrity and iOS App Attest
Other Features of Approov End-to-End Mobile App Security
Want to learn more about Approov?

Request a Demo

Give us 30 minutes and our security experts will show you how to protect your revenue and business data by deploying Approov to secure your mobile apps and your APIs

Get a Trial

Approov offers a complimentary 30 day trial (no credit card necessary) to give you immediate and valuable insight into the security risks of your mobile apps and the devices they run on.