Nice work, congrats!
How do you deal with security related stuff like recaptcha, signed requests and so on?
Do you also support internal APIs of mobile applications? If so, how do you deal with AppCheck / PlayIntegrity / Android Key Attestation / Apple App Attest?
Thank you! Integuru itself doesn't handle recaptchas and signed requests, but we have a hosted solution where we use third-party services to handle recaptchas and manually create integrations for handling signed requests.
We do not directly support APIs for mobile applications; however, if you use MITM software and get all the network requests into a .har file, Integuru should work as expected. We do not handle AppCheck ATM at the moment unfortunately.
How about Play Integrity and Key attestation results? What are the results of test apps (e.g. SPIC - com.henrikherzig.playintegritychecker and io.github.vvb2060.keyattestation) in your setup? I feel like more and more big apps rely on these security features.
Integrity will eventually (soon) switch over to hardware attestation. At that point nothing will pass that isn't stock out of the box, no amount of software hackery will bypass it.
It's still there. Basic, device and strong integrity. Device integrity is what you're referring to and it's still offered by the API but most apps do not use it. And perhaps, they should not.
Do you also support internal APIs of mobile applications? If so, how do you deal with AppCheck / PlayIntegrity / Android Key Attestation / Apple App Attest?