The IT Nerd

Approov’s network monitoring and analysis has found that the World Cup will be the first major proving ground for AI-driven betting fraud, combining record-breaking volumes with high-speed AI tools.

Findings have just been published in “AI Scraping for Manipulation Makes Sports Betting Unfair – The World Cup is the Immediate Test, The LA28 Olympics are a Next Level.”

Indicators of upcoming activity were observed on the Approov Global Attestation Network.  For sportsbooks, this creates two problems that don’t get better with time:

• Market distortion: Automated actors can move faster than human bettors, particularly in live‑in‑play and micro‑markets (such as first-scorer, goal/point totals, or player-specific props), which are expected to dominate World Cup betting.
• Perception of unfairness: If regular users believe that bots and AI systems are always one step ahead, the sense of a “level playing field” collapses.

The analysis discusses a new generation of organized, AI-driven bad actors looking to fleece both bettors and betting platforms, with well‑resourced scrapers, arbitrageurs, and betting syndicates treating the World Cup as a high‑margin, high‑velocity data opportunity. It’s also a test lab for exploitation of other high-speed markets, real-time pricing-sensitive transactions, behavioral manipulation, API exploitation and consumer trust engineering.

Why does it all matter? Because when users believe that humans can’t compete, systems collapse.

More details here: https://approov.io/blog/threat-analysis-ai-scraping-for-manipulation-makes-sports-betting-unfair

When a smartphone’s AI agent can execute actions across apps, read messages, interpret meaning, pull data from various apps and act autonomously outside of the user’s knowledge or intent, outcomes can potentially go sideways very quickly.

For the last 15 years, smartphones have responded to their users’ commands. Now, Android 17 threatens this user interaction model and its inherent safety guardrails.

Agentic mobile’s risks are explained in “Android 17: Your Phone’s AI is Evolving to be More Autonomous,” new analysis by Approov Senior Manager Joyce Kuo.  The full analysis is embedded at bottom.

Here’s the upshot:

Android 17 represents a major step towards moving toward the agentic mobile model, in which a device can coordinate tasks across apps as a personal agent. The upside is convenience. The downside is a new class of risk where nothing is technically compromised, but the result is unpredictable and potentially quite wrong. Data may be exposed, actions may be triggered, and workflows may be executed based on manipulated or misunderstood context.

Kuo looks at this expansion of the mobile attack surface beyond traditional app boundaries and user interaction norms, and why existing protections like sandboxing and permissions won’t address this new layer of risk.

Android 17 represents more than just a UX update; it’s a fundamental security and architecture shift – for brands on mobile, for their developers, and for users.

The core issues are straightforward: when systems start acting on your behalf, potentially without the user’s knowledge, how do you as a smartphone-using consumer prevent them from doing exactly what they may otherwise be allowed to do at the wrong time and for the wrong reasons? And how to brands and other app publishers (and their developers) contain these risks?

Approov today announced the official opening of its new headquarters in Edinburgh’s New Town. The move marks a significant milestone for the company following a defining year characterised by major investment, strategic partnerships, and a rapidly expanding global customer base.

The relocation to one of Edinburgh’s most iconic areas is a direct response to the company’s accelerated growth trajectory in 2025. Propelled by a recent investment round led by Maven Capital Partners, the new facility provides the necessary infrastructure to scale Approov’s technology and accommodate a growing workforce across engineering, product, sales, and customer success.

Heading into 2026, Approov plans to utilise the new space to accelerate innovation in mobile app and API security, expand its global partner ecosystem, and enhance threat-intelligence capabilities.

Approov today announced significant strategic expansion of its global network infrastructure, positioning its unique cloud-based mobile app and device attestation platform as the essential defense against rapidly evolving AI-based API threats. This expansion includes the deployment of Cloudflare’s Argo Smart Routing technology across its multi-cloud network, which is supported by Amazon Web Services (AWS) and Google Cloud Platform (GCP).

Approov’s architecture represents a major shift in mobile security, moving away from conventional, on-device approaches like Runtime Application Self-Protection (RASP) and code obfuscation that are increasingly vulnerable to sophisticated hacking tools and AI-driven reverse engineering.

The Next Generation of Mobile Security: Cloud-Based Attestation

The core of Approov’s next-generation platform is its approach to security-by-design: moving all sensitive secrets, such as API keys, out of the mobile application and into a secure, cloud-based enclave. Security is then managed through a rigorous, real-time app and device attestation process performed entirely in the cloud.

Approov’s cloud platform verifies that all API requests originate from a genuine, untampered mobile app running on a secure device. This model drastically reduces API attacks from bots, scripts, and cloned apps by over 95%, creating a safer digital ecosystem for major organizations in finance, retail, healthcare, and connected cars.

High Performance for a Mission-Critical Platform

To ensure this mission-critical security is delivered without compromising the user experience, Approov recognizes the absolute need for a high-performance, robust, and resilient network infrastructure. The platform must deliver attestation tokens over an encrypted channel with the lowest possible latency, regardless of a mobile app’s operating location.

To meet this demand, Approov has made two key infrastructure enhancements:

1.    Cloudflare Argo Smart Routing Integration: Approov has integrated Cloudflare’s Argo Smart Routing™ across its network. This technology continuously optimizes the routing of attestation traffic by dynamically selecting the fastest and most reliable network paths. By enabling Argo Smart Routing, Approov reduces Internet latency on average by more than 30% and connection errors by 27%, significantly enhancing performance for end-users globally. The integration also includes Cloudflare’s enterprise-level Layer 4/7 Distributed Denial of Service (DDoS) protection.

2.    Expanded Global Attestation Fabric: Approov continues to grow its multi-region, multi-cloud fabric with new points of presence in U.S. East, Hong Kong, and Taipei, Taiwan, complementing existing locations in Dublin, U.S. West (San Jose), Sao Paulo, and Singapore. The multi-cloud deployment on AWS and Google Cloud is designed with automatic cross-cloud failover for maximum resiliency under the most extreme threats.

These strategic investments ensure that Approov will continue to deliver the fastest, most efficient, and most secure mobile app protection, allowing enterprises to fully trust the source of every mobile API request.

Approov has announced that it’s been shortlisted as a finalist for the Cyber Innovation Award at the 2025 Scottish Cyber Awards, sponsored by SC3. This prestigious recognition highlights Approov’s groundbreaking work in mobile security, alongside esteemed finalists Lloyds Banking Group, Morgan Stanley, TrueDeploy, and PACE Anti-Piracy Europe Ltd.

The Scottish Cyber Awards celebrate outstanding contributions to cybersecurity, showcasing organizations that drive innovation and resilience in digital security. Approov’s selection as a finalist underscores its pioneering app attestation technology, which safeguards mobile applications and their backend APIs from emerging cyber threats.

A Revolutionary Approach to Mobile Security

Approov’s innovation directly addresses the growing risks of API abuse, mobile app tampering, and data breaches. With its patented client software attestation technology (U.S. Patent 11,163,858 B2), Approov ensures that only legitimate, untampered mobile applications can interact with critical backend systems. This cloud-based attestation solution provides seamless security across Android, iOS, and HarmonyOS applications, making it a trusted choice for industries such as fintech, healthcare, automotive, and e-commerce.

Standing Out in the Cybersecurity Landscape

Approov’s nomination stems from its proven impact in reducing fraud, preventing unauthorized API access, and helping businesses comply with evolving data security regulations like the EU Digital Markets Act (DMA) and UK Digital Markets, Competition and Consumers Act (DMCC). By tackling API security vulnerabilities that traditional platform-native solutions fail to address, Approov offers organizations a future-proof defense against sophisticated cyber threats.

The winners of the 2025 Scottish Cyber Awards will be revealed at a gala ceremony in Edinburgh on March 27, 2025. Approov congratulates all fellow finalists and looks forward to celebrating cybersecurity excellence in Scotland.

For more information about the Awards, visit 2025 Scottish Cyber Awards.

Approov, a leader in mobile application and API security, and PreEmptive, a pioneering force in application security, today joined forces to provide comprehensive mobile application protection as the EU Digital Markets Act takes effect. The joint solution addresses the main challenges for mobile app security: protecting intellectual property and app shielding, as well as runtime threats to apps and the need for app attestation.

The EU DMA forces Google and Apple to allow side-loaded apps via alternative app stores which reduces the effectiveness of the security mechanisms provided by these vendors. For example, the theft of app intellectual property, creation of illegal copies of apps, and manipulation of apps at runtime are all harder for Google and Apple to prevent.

PreEmptive and Approov have partnered to effectively protect app intellectual property and prevent runtime tampering through a straightforward, cross-platform solution to these challenges that are compatible with both iOS and Android. This effective and easy-to-deploy security solution for mobile apps seamlessly integrates with the CI/CD pipeline and SAST/DAST solutions, and is not dependent on Apple or Google. It includes:

• Comprehensive shielding of Android and iOS mobile app code from reverse engineering and intellectual property theft.
• Runtime app attestation to prevent cloned and copied apps.
• Anti-tampering checks to detect client OS manipulation and the presence of emulators and hostile frameworks at runtime.
• API and communications channel protection by using dynamic certificate pinning.
• Dynamic API Key and certificate management to prevent API abuse.

There are fundamental security challenges with mobile apps: they can be reverse engineered, analyzed, cloned, modified, or copied, and the environments they run in can be hacked, rooted, instrumented, and manipulated to interfere with the operation of an app. Apple and Google provide only basic app protection and attestation, but these are limited and are dependent on features of the Apple App Store and on Google Play. Stronger security measures are needed.

Approov and PreEmptive address these challenges with a joint solution that works across all platforms and application types — independent of the app store employed to distribute apps. This means users can future-proof your application security while continuously monitoring for and preventing app and API abuse.

Under terms of the partnership:

• Approov can resell Dotfuscator and JSDefender, and the PreEmptive mobile shielding products: PreEmptive DashO for Android, and Defender for iOS.
• Approov provides an extended 90-day trial period of Approov RASP and runtime analytics to PreEmptive customers.

April 24 Joint Web Seminar Explains It All

Approov will host a joint web seminar on the impact of the EU Digital Markets Act with PreEmptive on April 24, 2024, at 11am US Eastern Time (ET). The one-hour session will delve into mobile app vulnerabilities and demonstrate how PreEmptive and Approov effectively protect app intellectual property and prevent runtime tampering, with a straightforward approach compatible with both iOS and Android. Attendees will learn:

• How the EU Digital Markets Act exposes the limitations of Google and Apple mobile security.
• Why the two main challenges for mobile app security are: (1) The protection of intellectual property and the need for app shielding; and (2) Runtime threats to apps and the need for app attestation.
• How to easily and effectively defend against these threats as the EU DMA takes effect
• How PreEmptive and Approov together provide an effective and easy-to-deploy security solution for mobile apps that is not dependent on Apple or Google.

Register for the webinar here: https://approov.io/info/joint-webinar-comprehensive-and-effective-mobile-security

Approov, leaders in mobile app security, have just published:  Limitations of Google Play Integrity API (ex SafetyNet).

Given recent lawsuits on Google’s & Apple’s app stores, are the giants hiding behind “app store security” to rake in commissions, and if so, what might change? The Approov blog examines some of the security gaps that researchers have repeatedly found, and lists nine specific Google Play App Store security issues and gaps that impact integrity – all of which can be addressed in a less restrictive, more open marketplace. 

Ted Miracco, CEO of Approov, adds these comments: 

   “Google and Apple have faced increased scrutiny and legal action recently over their app store policies and alleged anti-competitive behavior. Google was found by a California jury to have engaged in anticompetitive conduct related to the Google Play Store on Android devices in their case against Epic Games. Additionally, Google settled a related lawsuit with over 30 US states for $700 million and agreed to changes in Play Store policies. Meanwhile, Apple faces ongoing appeals over a similar lawsuit brought by Epic Games regarding App Store policies for iOS devices.

   “These legal actions could bring significant changes to the mobile app ecosystems that are now controlled tightly by Google and Apple. The lawsuits have focused heavily on the 30% commission charged by the app stores, with plaintiffs arguing that this fee is excessive and only possible due to the app store operators’ monopolistic power. Forced reductions in this commission percentage could have major financial implications for Google and Apple.

   “Additionally, policy changes that enable alternative payment processing and easier sideloading of apps could threaten the dominance of both the Play Store and App Store. If third-party app stores can gain traction, bypassing the tech giants’ review processes and fees, it would reduce both their control and access to valuable end user data. 

   “Google and Apple have staunchly defended their walled garden approaches by arguing it provides critical security protections for users. For example, Google claimed its policies “retain strong security protections” in its recent $700 million settlement. Apple makes similar statements about App Store security safeguards. History indicates otherwise.

   “This is where mobile app attestation solutions like Approov come in. Approov provides advanced integrity checking of apps to verify they are genuine and untampered, while also checking the security integrity of user devices. By leveraging Approov across apps distributed through third-party stores, the security justification for restrictive policies rings hollow. App integrity and security can be maintained without the excessive control and fees imposed by Google and Apple.

   “The recent legal action could force app store policy changes and reduce the dominance of Google and Apple in mobile software distribution. And innovative technologies like Approov’s app attestation enables security confidence in alternative app sources, blowing holes through the app security arguments Apple and Google depend on to restrict competition. The results could be substantial shifts in power and revenue in the mobile app ecosystem.”

Approov, the leader in mobile security, today revealed new data indicating that watches, wearables and new devices are now the weakest link in the mobile app threat landscape.

Key findings include:

• Watches and other wearables now communicate directly with backend APIs and services.
• An Apple Watch “zero-day” vulnerability was uncovered in September 2023.
• Unless protected, watches and wearables will become a rich attack vector for hackers.
• Approov extends its mobile RASP to Watch OS to prevent exploitation of any new zero-day vulnerabilities.

The findings were released in today’s Approov blog “Approov Addresses Apple Watch Security Issues” at this link: https://approov.io/blog/apple-watch-security-issues

Apple and MIT recently published a study indicating that 2.6 billion personal records were exposed through data breaches over the last two years. These findings underscore the need for protecting data in the cloud through mobile attestations and improved API security.

Approov, a trailblazer in mobile app and API security, addresses this threat directly with Release 3.2. The release introduces groundbreaking features, including the first commercially available App Attestation Solution for Apple WatchOS to provide API Protection against emerging threats.

The release also includes Harmony OS support and deployment of extended global Points of Presence (PoPs), and improved ease of deployment and administration.

Approov’s Runtime Application Self Protection (RASP) defenses are also strengthened by extending threat detections to include the latest versions of tools used by hackers to attack apps and APIs.

The danger is real: In September, Citizen Lab found an actively exploited zero-click Apple vulnerability which was used to deliver NSO Group’s Pegasus mercenary spyware. Apple acknowledged the threat to all their devices, issuing a specific WatchOS Security briefing (https://support.apple.com/en-mide/106360) on November 9 concerning a vulnerability in Apple Wallet on WatchOS. Apple quickly released a fix but acknowledged that “A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited”.

Approov now extends all the protections available on mobile apps to WatchOS. Approov support of WatchOS allows direct registration of WatchOS apps and ensures API protection against malicious traffic that is communicating directly from the watch to the cloud. WatchOS support is added to the existing support for Android Wearable Devices (which has been available since Version 3.0)

Approov Adds Huawei HarmonyOS Support: A Global Imperative

As a widely adopted operating system in regions such as China, India, the Middle East, and Africa, HarmonyOS plays a crucial role in the global mobile ecosystem. Recognizing the prevalence of this platform, Approov now ensures that mobile applications operating on Huawei devices are seamlessly integrated into our attestation services.

Approov attestation services traditionally supported Android and iOS devices, but the inclusion of Huawei HarmonyOS significantly broadens our platform coverage. This expansion is vital to offering a truly global solution, as any unattested mobile application poses a potential risk to API security, regardless of its geographical origin.

In collaboration with Cylab-Africa, Approov reinforces its commitment to a global solution for mobile app security. Version 3.2 extends support for Huawei app store deployments, catering to developers worldwide.

Enhanced High-Performance Worldwide Coverage

Approov expands its global network with new Points of Presence in São Paulo, Brazil and Singapore. These additions, coupled with existing points of presence (PoPs) in Europe (Dublin) and North America (California), create a worldwide low-latency mobile attestation network.

This move bolsters Approov’s commitment to achieving new levels of security by mitigating bot attacks, Man-in-the-Middle (MitM) attacks, account takeover (ATO) and other threats to mobile APIs, thus ensuring optimal performance and reducing fraud and data breaches.

New Threats are Addressed

The new release also boosts Approov’s RASP feature set to include new countermeasures against emerging and evolving threats. This includes significant hardening improvements to the SDK, including static and dynamic anti-tamper measures. Additionally, Approov’s ThreatLabs have developed further Android based detections for DobbyHook, Magisk, Zygisk, and Zygisk-Frida to fortify defenses against these advanced hacker tools. These changes augment the comprehensive suite of detections that are already implemented. In addition, the dynamic security-policy update facility will be used to improve the detection capabilities of existing deployed apps that currently use Approov’s previous SDKs.

Increased Ease of Use for DevOps/Developers

Approov continues to focus on easing the security burden for developers, DevOps and DevSecOps teams. New features simplify app registration and management, providing an automated and streamlined integration experience. The elimination of the need for individual app registrations and the introduction of tools for managing different app versions reduce complexity. Approov also enhances the registration of developer devices for testing, ensuring a secure and efficient device farm testing process.

Approov Mobile App and API Security Software Release 3.2 reaffirms the Company’s commitment to continued innovation in order to ensure there are no weak links for its customers.

Upgrades to Approov Version 3.2 will be included as part of Approov’s Software-as-a-Service Mobile Security platform. New customers can embrace the future of mobile app and API security by starting a free 30-day trial by registering at Approov.io. 

End-to-end mobile security provider Approov today released a report showing that 95 percent of the most popular African banking and financial services apps contain easy-to-extract secrets, which could be used in scripts and bots to attack application programming interfaces (APIs) and steal data, devastating consumers and the institutions they trust.

The research was conducted by a team from the CyLab-Africa and Upanzi Open Digital Technologies Network initiatives in and sponsored by Approov: 224 financial Android applications were selected from countries in North, Central, Eastern, Western and Southern Africa, and were downloaded and investigated.

CyLab-Africa, located in Kigali, Rwanda, is a collaboration between Carnegie Mellon University’s CyLab Security and Privacy Institute and Carnegie Mellon University Africa. Upanzi is an Africa-based network of research labs that focuses on creating, testing, innovating and assisting in implementing digital technologies at scale, such as identity, payments, cybersecurity, cloud computing, data governance, artificial intelligence and machine learning, and influencing technology policy recommendations to support the digital transformation of low- and middle-income countries (LMICs).

The study draws comparisons between other regions and Africa, pinpointing trends, commonalities, and disparities pertaining to the exposure of secret keys in a mobile application’s binary package. 

Notably, 18% of the apps investigated revealed high severity secrets. A high severity classification was used for vulnerabilities that could potentially lead to unauthorized access, data breaches, and compromised user privacy. These apps together constitute a total of 272 million downloads across the continent with 72% of the apps revealing medium severity secrets that encompass sensitive data. If exposed, they could potentially compromise the confidentiality of user data and application functionality.  (Key findings are listed below).

The World Economic Forum analyzed the enormous importance of mobile financial apps across Africa, in its March 18, 2022 briefing:  Mobile payment in Africa is more popular than you may think – here’s why. It’s worth remembering that landlines are comparatively scarce and there are over 650 Million users of mobile devices – more than in either the USA or EU. 

The keys found in the reverse engineered Android Application Packages (APKs) include: 

• encryption keys for securing sensitive data 
• authentication keys for accessing services 
• signing keys for verifying data authenticity
• database credentials 
• OAuth client secrets 
• push notification keys 
• code push keys 
• payment gateway secrets 
• encryption initialization vectors 
• license keys 
• sensitive configuration setting 

Key findings: 

• 95% of fintech apps across Africa immediately expose valuable, exploitable secrets.
• Approximately 272 million users have downloaded apps that inadvertently reveal sensitive, high-risk secret keys. 
• Crypto was the most exposed type of app, with 33% of crypto apps found to expose high severity secrets. 
• Apps deployed in West Africa were the most exposed in terms of high severity secret exposure and Southern Africa the least: 20% of apps in West Africa exposed such secrets versus only 6% in Southern Africa.
• Google Cloud API keys were identified in 86% of the examined applications. Such exposure can lead directly to accounts being compromised. 
• Approximately 15.3% of the apps exposed various authentication tokens, including Facebook authentication tokens.

The full report can be downloaded here.