iOS 14 introduces new 'App Attest' API to cut down on app fraud

Apple in iOS 14 will introduce a new DeviceCheck feature called App Attest that boosts the security of apps on the platform.

DeviceCheck is an iOS framework, first introduced in iOS 11, that can help developers cut down on the fraudulent use of their apps.

In iOS 14, Apple is adding a new API to the framework called App Attest. Like DeviceCheck, App Attest aims to cut down on the inappropriate use of developer servers through compromised apps.

As Apple notes in developer documentation, apps can be modified and distributed outside of the App Store, leading to versions of those apps with unauthorized features like "game cheats, ad removal, or access to premium content."

App Attest adds a safeguard against this problem by verifying the integrity of an app using a cryptographic key. By verifying that this cryptographic key is sound, a developer could verify that an app hasn't been tampered with before sharing access to sensitive data.

Apple does note that "no single policy can eliminate all fraud," and adds that App Attest isn't able to pinpoint a device with a compromised operating system. Together with the DeviceCheck framework, however, developers can get data to perform a "overall risk assessment."

The App Attest feature will launch with iOS 14, which is expected to debut in the fall.

11 Comments

SpamSandwich 19 Years · 32917 comments

About 4 years ago

Some day Apple will get informed and use blockchain or Hashgraph to verify apps. Every app sold should be assigned a ‘coin’ which verifies its authenticity and quality.

nicholfd 6 Years · 828 comments

SpamSandwich said:

Some day Apple will get informed and use blockchain or Hashgraph to verify apps. Every app sold should be assigned a ‘coin’ which verifies its authenticity and quality.

And why do they need to use a blockchain to verify authenticity? They can already do that...

lowededwookie 16 Years · 1175 comments

nicholfd said:

SpamSandwich said:

Some day Apple will get informed and use blockchain or Hashgraph to verify apps. Every app sold should be assigned a ‘coin’ which verifies its authenticity and quality.

And why do they need to use a blockchain to verify authenticity? They can already do that...

Because I think Spammy learned a new word and wanted to see if he could use it in a sentence. 😈

lowededwookie said:

nicholfd said:

SpamSandwich said:

Some day Apple will get informed and use blockchain or Hashgraph to verify apps. Every app sold should be assigned a ‘coin’ which verifies its authenticity and quality.

And why do they need to use a blockchain to verify authenticity? They can already do that...

Because I think Spammy learned a new word and wanted to see if he could use it in a sentence. 😈

No, it’s because on-blockchain authentication would be completely transparent and verifiable.

mknelson 9 Years · 1148 comments

SpamSandwich said:

lowededwookie said:

nicholfd said:

SpamSandwich said:

Some day Apple will get informed and use blockchain or Hashgraph to verify apps. Every app sold should be assigned a ‘coin’ which verifies its authenticity and quality.

And why do they need to use a blockchain to verify authenticity? They can already do that...

Because I think Spammy learned a new word and wanted to see if he could use it in a sentence. 😈

No, it’s because on-blockchain authentication would be completely transparent and verifiable.

But what would be in the blockchain? The encryption key or perhaps a checksum?

Blockchain is more useful to track the history of things like parts/maintenance history, product origins, shipping tracking. I don't see any inherent benefit to determine if somebody hacked an app for themselves or for distribution (you can do that by extracting from a backup, editing and then restoring).