Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce App Attest #2462

Merged
merged 8 commits into from
Oct 18, 2023
Merged

Introduce App Attest #2462

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
f7272b1
Add DeviceCheck and App Attest to iOS platform overview
lihter Oct 16, 2023
1ec3ed8
Switching to 2nd person
lihter Oct 16, 2023
4b0f662
Transfering DC and App Attest to Development Section
lihter Oct 16, 2023
10fbbc3
Adding a new line for markdown-lint-check
lihter Oct 16, 2023
c978d05
Update Document/0x06a-Platform-Overview.md
lihter Oct 18, 2023
a0108f0
Update Document/0x06a-Platform-Overview.md
lihter Oct 18, 2023
dc9b365
Update Document/0x06a-Platform-Overview.md
lihter Oct 18, 2023
b0c4d02
Fixing trailing space for MD lint check
lihter Oct 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions Document/0x06a-Platform-Overview.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,3 +167,19 @@ The following APIs [require user permission](https://www.apple.com/business/docs
- Bluetooth sharing
- Media Library
- Social media accounts

### DeviceCheck

The DeviceCheck framework, including its components DeviceCheck and App Attest, helps you prevent fraudulent use of your services. It consists of a framework that you use from your app and an Apple server which is accessible only to your own server. DeviceCheck allows you to persistently store information on the device and on Apple servers. The stored information remains intact across app reinstallation, device transfers, or resets, with the option to reset this data periodically.

DeviceCheck is typically used to mitigate fraud by restricting access to sensitive resources. For example, limiting promotions to once per device, identify and flag fraudulent devices, etc. However, it definitely cannot prevent all fraud. For example, it is [not meant to detect compromised operating systems](https://swiftrocks.com/app-attest-apple-protect-ios-jailbreak "App Attest: How to prevent an iOS app's APIs from being abused") (aka. jailbreak detection).

For more information, refer to the [DeviceCheck documentation](https://developer.apple.com/documentation/devicecheck "DeviceCheck documentation").

#### App Attest

App Attest, available under the DeviceCheck framework, helps you verify instances of the app running on a device by enabling apps to attach a hardware-backed assertion to requests, ensuring they originate from the legitimate app on a genuine Apple device. This feature aids in preventing modified apps from communicating with your server.

The process involves generating and validating cryptographic keys, along with a set of verifications performed by your server, ensuring the authenticity of the request. It is important to note that while App Attest enhances security, it does not guarantee complete protection against all forms of fraudulent activities.

For more detailed information, refer to the [WWDC 2021](https://developer.apple.com/videos/play/wwdc2021/10244 "WWDC 2021") session, along with the [App Attest documentation](https://developer.apple.com/documentation/devicecheck/establishing_your_app_s_integrity "App Attest documentation") and [App Attest implementation guide](https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server "App Attest implementation guide").
Loading