Apple is introducing a new security measure for the App Store that developers can use. It’s called the App Attest API and it will be used on devices running iOS 14 and later.

App Attest API

Using the App Attest API developers can generate a cryptographic key on a device and use it validate their app’s integrity before the server lets it access sensitive data.

Apps can’t be trusted to perform security checks on itself because a compromised app can fake the results. But with the App Attest API, a hardware-based cryptographic key can use Apple’s servers to verify the key belongs to a non-compromised version of an app. Once the key has been verified developers can use the service to sign server requests using the key.

The API can also be used to check if clients connecting to a developer’s server is a valid instance of their app. Every time the app needs to communicate this attestation data to your server, it first asks the server for a unique, one-time challenge.

Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments