Security and Compliance of the Approov Solution

This white paper outlines the security aspects of the Approov solution and provides best practices for integrating the solution into existing security and compliance frameworks. It is designed for security and compliance teams within organizations evaluating Approov. The document details the architecture of the Approov CLI tool, which is used to manage the Approov account and register applications for app stores. It explains the integration of the Approov SDK into mobile applications, emphasizing the integrity measurement process that ensures secure delivery of API keys and tokens. The paper also discusses various protective measures employed in the SDK to prevent spoofing and unauthorized access, including obfuscated code and root detection. User authentication and role management within the Approov system are described, highlighting the importance of secure communication between the CLI and the cloud service. Additionally, it addresses how user data is handled and protected, ensuring compliance with privacy standards.