Apple App Attest.

Apple's iOS / iPadOS / tvOS / watchOS attestation service that lets an app prove to its backend that it is the genuine, App-Store-signed binary running on a real Apple device with Secure Enclave protection. Относится к категории Мобильная безопасность в кибербезопасности.

Apple's iOS / iPadOS / tvOS / watchOS attestation service that lets an app prove to its backend that it is the genuine, App-Store-signed binary running on a real Apple device with Secure Enclave protection.

App Attest is Apple's device-and-app attestation framework, generally available from iOS 14 (2020), with parallel support on iPadOS, tvOS, watchOS and macOS Catalyst. An app calls `DCAppAttestService` to generate a P-256 key pair inside the device's Secure Enclave, then asks Apple to attest the public key — producing a certificate chain that, when verified by the app's backend, proves that the key lives in genuine Apple Secure Enclave hardware on a non-jailbroken device, was created by the app's App-Store-signed bundle, and is bound to Apple's root CA. On every sensitive backend call, the app builds a small client assertion signed with the attested key and sends it alongside the request; the server verifies the assertion is fresh and matches the previously stored attested public key. App Attest is the iOS counterpart to Google's Play Integrity API and is used by banking, fintech, anti-fraud, and mobile-DRM apps. Limitations include simulator-only usage being restricted, and attestation freshness assumptions that backends must enforce. Combined with DeviceCheck, App Attest is the current best-practice way to bind iOS app trust to hardware.

Защита от Apple App Attest обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: App Attest, DCAppAttestService.