Apple App Attest.

Apple's iOS / iPadOS / tvOS / watchOS attestation service that lets an app prove to its backend that it is the genuine, App-Store-signed binary running on a real Apple device with Secure Enclave protection. サイバーセキュリティの モバイルセキュリティ カテゴリに属します。

Apple's iOS / iPadOS / tvOS / watchOS attestation service that lets an app prove to its backend that it is the genuine, App-Store-signed binary running on a real Apple device with Secure Enclave protection.

App Attest is Apple's device-and-app attestation framework, generally available from iOS 14 (2020), with parallel support on iPadOS, tvOS, watchOS and macOS Catalyst. An app calls `DCAppAttestService` to generate a P-256 key pair inside the device's Secure Enclave, then asks Apple to attest the public key — producing a certificate chain that, when verified by the app's backend, proves that the key lives in genuine Apple Secure Enclave hardware on a non-jailbroken device, was created by the app's App-Store-signed bundle, and is bound to Apple's root CA. On every sensitive backend call, the app builds a small client assertion signed with the attested key and sends it alongside the request; the server verifies the assertion is fresh and matches the previously stored attested public key. App Attest is the iOS counterpart to Google's Play Integrity API and is used by banking, fintech, anti-fraud, and mobile-DRM apps. Limitations include simulator-only usage being restricted, and attestation freshness assumptions that backends must enforce. Combined with DeviceCheck, App Attest is the current best-practice way to bind iOS app trust to hardware.

Apple App Attest に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: App Attest, DCAppAttestService。