App Attest API
Using the App Attest API developers can generate a cryptographic key on a device and use it validate their app’s integrity before the server lets it access sensitive data.
Apps can’t be trusted to perform security checks on itself because a compromised app can fake the results. But with the App Attest API, a hardware-based cryptographic key can use Apple’s servers to verify the key belongs to a non-compromised version of an app. Once the key has been verified developers can use the service to sign server requests using the key.
The API can also be used to check if clients connecting to a developer’s server is a valid instance of their app. Every time the app needs to communicate this attestation data to your server, it first asks the server for a unique, one-time challenge.