AppiCrypt® App Integrity Cryptogram

Protect your App and API from cyber attacks. AppiCrypt provides proof of App and Device integrity for backends.

Request demoLearn More


Comprehensive API Security

1. Legit API calls

AppiCrypt ensures that only the genuine mobile application has the right to communicate with protected remote services.

2. Portability

The generic solution for all types of iOS and Android devices without dependency on Google Play or other OEM services. The integration can be done within a few days of developer work.

3. Easy integration

It doesn't require any integration with external APIs. It ensures low latency and doesn't introduce a single point of failure. Cryptogram verification is s simple script running on the customer backend locally.

4. Complex protection

AppiCrypt provides fine-grained details about detected threats, device identity, and HW details. It enables the user and session binding to address the most sophisticated attacks like session hijacking.


Protect API to combat threats

We need to keep in mind that the mobile application installed on the users' mobile devices is running in an uncontrolled and untrusted environment. Mobile app itself can be a target of reverse engineering, making all hard-coded API keys or client authentication materials compromised, creating an opportunity for attackers to abuse remote services.

API abuse

botnets and fake registrations

brute force attacks

MitM attacks

session hijacking

Beyond Standard API protection

State-of-the-art solution

Ultimately qualified reverse engineer will be able to overcome the root/JB control of whatever RASP technology. By design, the reverse engineer always wins if they invest enough time to exercise the App. But...

In contrast to other vendors, we have an additional "layer" of protection - Appicrypt®. This technology implies that RASP SDK generates a unique cryptogram unreadable to attackers but readable for a simple script linked to the API gateway on the backend.

The idea behind this technology is not just to protect API but to let your "backend" know that RASP controls were overcome or turned off by attackers. So gateway can easily block the session if the App integrity is compromised, and only in the case that RASP control passed can API calls be processed by backends.

In short, our approach makes the RASP control much harder to break and allows you to deliver a highly secure and fast product.

Benefits of AppiCrypt

AppiCrypt aims at API vulnerabilities that WAF and API gateway solutions cannot address as they miss client integrity controls.

Configure the backend script to match your security needs and obtain the overall assessment of the app integrity
Easy to integrate intto existing cloud infrastructure
Hard to make fake calls by Reverse Engineering