Approov, a mobile API security provider based in Edinburgh, Scotland, has introduced Approov 3.5, a platform update designed to bolster defenses against evolving mobile threats, including challenges presented by the EU’s Digital Markets Act (DMA) and the proliferation of AI-driven attacks.

The update responds to a rapidly changing mobile landscape where new regulations, such as the DMA, are expanding app distribution beyond traditional app stores. This shift, coupled with the rise of automated and AI-driven threats, facilitates app cloning, data theft, and fraud. Mobile traffic now constitutes 64% of all website traffic, making these vulnerabilities particularly impactful, leading to financial losses for users and potential reputational damage for brands.

Approov’s core function involves securing the critical connection between a mobile app and its backend servers, or APIs. It operates as a digital gatekeeper, validating that every API request originates from a legitimate, untampered app operating in a secure environment. This process blocks automated bots, modified applications, and other threats before they can access sensitive data or services, a security layer that traditional app stores do not provide. Ted Miracco, CEO of Approov, stated, “The mobile world is at an inflection point, particularly with regulations like the DMA creating new security gaps. Headlines constantly show the consequences for companies whose apps are compromised. Our mission is to provide certainty in this uncertain environment, ensuring that only genuine users on safe devices can access your services, thwarting the entry point to fraud – mobile app attacks, bots and cloning.”

Miracco further noted the impact of compromised apps, adding, “Millions have had their data stolen or savings lost by misplacing faith in apps that were ultimately compromised. We’ve proven that robust security doesn’t have to come at the cost of user experience. With Approov 3.5, brands can easily and affordably add the API protection their customers deserve and rightfully expect.”

Key advancements within the Approov 3.5 platform include enhanced readiness for the DMA and the emergence of open app stores. Its cloud-based verification system ensures that only genuine app instances, regardless of their distribution source, can access a company’s APIs.

Additional security features against modern threats encompass Hardware-Backed Security for Android devices, which stores cryptographic keys in a secure, isolated hardware vault to prevent app identity cloning. An Immutable App Signature creates a unique fingerprint upon app installation, continuously verifying integrity against tampering or malware repackaging. Memory Dump Detection is a new defense designed to block attempts by attackers to extract sensitive information, such as AI secrets or user credentials, directly from a device’s memory.

The platform also introduces Threat Analytics to defend against AI-powered attacks. This cloud-native capability offers a real-time overview of attack patterns, enabling security teams to issue dynamic over-the-air (OTA) updates to policies. This allows for the blocking of emerging AI threats without requiring an app update.

Approov 3.5 prioritizes performance and user experience, delivering cross-platform security checks for iOS, Android, and HarmonyOS that are significantly faster at app startup than basic checks offered by native platforms. A new background token fetch mechanism ensures the app remains fast and responsive, providing comprehensive security without degrading user interaction. Furthermore, Approov is expanding its global infrastructure by integrating Cloudflare’s Argo Smart Routing across its patented cloud-based attestation network, aiming to reduce latency and enhance performance worldwide.