AppiCrypt® ( App Integrity Cryptogram) - an innovative technology that allows the backend to control the state of the Client App and mobile OS integrity applying zero-trust principle. It provides and calculates the online risk score and allows filtering the malicious calls at the API gateway or at the backend App business logic level.

It aims to combat API abuse, app impersonation and provides online risk scoring fraud prevention. Additionally, AppiCrypt® provides RASP hardening by ensuring RASP bypass was not applied. It is efficient against manual and automatic API abuse like botnets, JSON injections, session hijacking, and more. The feature enables the implementation of the session binding to the device and UserID binding to the device.

AppiCrypt® In-App SDK generates cryptograms to ensure the integrity of mobile client applications and verify device identity. Built on zero trust principles, it ensures that neither the mobile device nor the application is trusted without cryptographic integrity verification. AppiCrypt® provides a cryptographic integrity proof of both the mobile OS and the app, allowing backend servers to perform local verification with minimal latency. This strengthens defenses against mobile API abuse and mitigates vulnerabilities to RASP suppression or reaction-bypassing techniques.

AppiCrypt® serves as both anti API abuse and RASP hardening solution.

AppiCrypt® SDKs have the following key features:

• anti-botnets, anti-session hijacking, password enumeration, and other API abuse

• RASP threat flags control on the backend

• Online fraud risk scoring

• Device identity authentication that enables device binding to the user

• RASP-based App and device OS integrity check on the backend

• Cryptogram decryption script for Backend components

Every API call from a mobile app protected by AppiCrypt® SDK can contain the unique cryptogram generated by the SDK. The cryptogram can be cryptographically bound to the API call payload content or other diversifier (like nonce). This makes AppiCrypt® technology resilient against token hijacking attacks since it does not rely on any validity period.

Threat flags related to both App and device security status are included in the RASP-based cryptogram. The quick and straightforward component (simple script) on the backend can verify the cryptogram quickly and provide the risk score and mobile endpoint security status to the logic of the backend or API gateway.

For pricing information and to request a demo, visit Talsec.