MOBILE APP & API PROTECTION

AppiCrypt®
API threat Protection

AppiCrypt provides the most comprehensive API threat protection, app attestation, bot management and integrity control currently available. Defend against cybersecurity threats with a state-of-the-art solution.

Request DemoLearn More

What is AppiCrypt?

AppiCrypt makes protecting your backend API easy by employing the mobile app and device integrity state control, allowing only genuine API calls to communicate with remote services. By generating a unique app cryptogram evaluated by a script on the backend side, AppiCrypt can detect whether RASP (Runtime Application Self-Protection) was overcome. Our unique approach to Cloud web application and API protection (WAAP) makes it hard to break. In addition, it’s also lightning-fast and easy to integrate.

Appicrypt visualization

AppiCrypt Benefits

Complex Protection

AppiCrypt provides fine-grained details about detected threats, device identity, and HW details. It enables the user and session binding to address the most sophisticated attacks like session hijacking.

Portability

AppiCrypt is a generic solution for all types of iOS and Android devices without dependency on Google Play or other OEM services. Integration takes only a few days.

Easy Integration

It doesn't require any integration with external APIs. It ensures low latency and doesn't introduce a single point of failure. The cryptogram is verified by locally running a simple script on the customer backend.

Legit API Calls

AppiCrypt ensures that only genuine mobile applications have the right to communicate with protected remote services.

Why API Protection Matters

Apps Are Vulnerable to Threats

It's important to keep in mind that a mobile app installed on a user's device is running in an uncontrolled and untrusted environment. The mobile app is an easy target of reverse engineering, compromising all hard-coded API keys or client authentication materials and creating an opportunity for attackers to abuse remote services. In today's zero-trust world, there is a clear need for adequate defense against these threats.

Cracked phone screen
Broken and damaged phone

Successful Attacks Cause Serious Damage

The typically used solution is to employ RASP defenses. While this may dissuade some attackers, a qualified reverse engineer can overcome the detection of root/jailbreak, hooking, and other controls of any RASP technology. By design, the reverse engineers can find a place in the code where the RASP control resides and “cut it out” if they invest enough time to explore the application. Any successful attack can result in severe damage to your brand and reputation.

Defense Requires Non-Trivial Solutions

AppiCrypt goes beyond common Web Application Firewall and API gateway solutions and provides complex client integrity control, DDoS protection and bot management. With fine-grained application security intelligence for backends and cryptographic integrity control of the mobile endpoint, AppiCrypt is the obvious choice when looking for reliable and secure Cloud WAAP.

Protected phone with a shield

Combat Threats with App Cryptogram

In contrast to other vendors, we have an additional layer of protection - AppiCrypt. This technology implies that RASP SDK generates a unique cryptogram unreadable to attackers but readable for a simple script linked to the API gateway on the backend.

The idea behind this technology is not just to protect API but to let your backend know that RASP controls were overcome or turned off by attackers. So gateway can easily block the session if the App integrity is compromised, and only in the case that RASP control passed can API calls be processed by backends.

Schema describing how AppiCrypt uses cryptogram to ensure app integrity

Comprehensive App and API Protection

In combination with Talsec RASP and Talsec Hardening Suite, AppiCrypt covers most of the OWASP Top 10 mobile security risks. This multi-layered defense offers additional protection against threats not included in the OWASP list.

AppiCrypt protects your app from:

API Abuse

Botnets and Fake Registrations

Brute Force Attacks

MitM Attacks

Session Hijacking

DDoS Attacks

SIM Swapping

JSON injections

Mobile OWASP Top 10 Talsec RASP Talsec AppiCrypt Talsec App Hardening
M1: Improper Platform Usage
M2: Insecure Data Storage
M3: Insecure Communication
M4: Insecure Authentication
M5: Insufficient Cryptography
M6: Insecure Authorization
M7: Client Code Quality
M8: Code Tampering
M9: Reverse Engineering
M10: Extraneous Functionality

Secure Multiple Application Domains

AppiCrypt and SafetNet comparison

The true strength of AppiCrypt lies in its ability to protect multiple application domains. Be it an iPhone, iPad, Amazon Fire Tablet, EMV POS Terminal, or Kiosk. You can use the same AppiCrypt and its backend component. If you need protection in every possible environment, AppiCrypt is the right solution for you.

Android, iOS, Flutter apps

Performance Critical Apps

EMV POS Terminals, Self-service Tablets, Kiosks

Amazon Fire Tablets, Huawei & Honor Devices

Gaming Emulators

Read More on Talsec Products

AppiCrypt Is a New SafetyNet and DeviceCheck Attestation Alternative

There has been a long-standing need to protect APIs against malicious requests and reverse-engineering attempts for the past years. APIs have become an attractive target...

Continue reading ➝

5 Things John Learned Fighting Hackers of His App

John is the creator of a popular app BetterVision, for the blind and visually impaired. There is a good reason for the over 100K installations John’s creation has achieved...

Continue reading ➝

Benefits of AppiCrypt

AppiCrypt aims at API vulnerabilities that WAF and API gateway solutions cannot address as they lack client integrity controls.

Configure the backend script to match your security needs and obtain an overall assessment of your app’s integrity.
Easily integrate into existing cloud infrastructure.
Hinder fake calls by reverse engineering.