iOS 14 introduces new 'App Attest' API to cut down on app fraud

article thumbnail

Apple in iOS 14 will introduce a new DeviceCheck feature called App Attest that boosts the security of apps on the platform.

DeviceCheck is an iOS framework, first introduced in iOS 11, that can help developers cut down on the fraudulent use of their apps.

In iOS 14, Apple is adding a new API to the framework called App Attest. Like DeviceCheck, App Attest aims to cut down on the inappropriate use of developer servers through compromised apps.

As Apple notes in developer documentation, apps can be modified and distributed outside of the App Store, leading to versions of those apps with unauthorized features like "game cheats, ad removal, or access to premium content."

App Attest adds a safeguard against this problem by verifying the integrity of an app using a cryptographic key. By verifying that this cryptographic key is sound, a developer could verify that an app hasn't been tampered with before sharing access to sensitive data.

Apple does note that "no single policy can eliminate all fraud," and adds that App Attest isn't able to pinpoint a device with a compromised operating system. Together with the DeviceCheck framework, however, developers can get data to perform a "overall risk assessment."

The App Attest feature will launch with iOS 14, which is expected to debut in the fall.