Apple App Attest.

Apple's iOS / iPadOS / tvOS / watchOS attestation service that lets an app prove to its backend that it is the genuine, App-Store-signed binary running on a real Apple device with Secure Enclave protection. 它属于网络安全的 移动安全 分类。

Apple's iOS / iPadOS / tvOS / watchOS attestation service that lets an app prove to its backend that it is the genuine, App-Store-signed binary running on a real Apple device with Secure Enclave protection.

App Attest is Apple's device-and-app attestation framework, generally available from iOS 14 (2020), with parallel support on iPadOS, tvOS, watchOS and macOS Catalyst. An app calls `DCAppAttestService` to generate a P-256 key pair inside the device's Secure Enclave, then asks Apple to attest the public key — producing a certificate chain that, when verified by the app's backend, proves that the key lives in genuine Apple Secure Enclave hardware on a non-jailbroken device, was created by the app's App-Store-signed bundle, and is bound to Apple's root CA. On every sensitive backend call, the app builds a small client assertion signed with the attested key and sends it alongside the request; the server verifies the assertion is fresh and matches the previously stored attested public key. App Attest is the iOS counterpart to Google's Play Integrity API and is used by banking, fintech, anti-fraud, and mobile-DRM apps. Limitations include simulator-only usage being restricted, and attestation freshness assumptions that backends must enforce. Combined with DeviceCheck, App Attest is the current best-practice way to bind iOS app trust to hardware.

针对 Apple App Attest 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: App Attest, DCAppAttestService。