With iOS 14, Apple will introduce a new DeviceCheck feature called App Attest to increase the security of applications on the platform.
DeviceCheck is an iOS framework first introduced with iOS 11 that can help developers reduce fraudulent use of their applications. In iOS 14, Apple is adding a new API called App Attest to the framework. Like DeviceCheck, App Attest aims to curb the inappropriate use of developer servers by compromised applications. As Apple notes in its developer documentation, apps can be modified and distributed outside of the App Store, resulting in versions of those apps with unauthorized features such as "game cheats, ad removal, or access to premium content." The notice:
“Check the integrity of an application”
As part of DeviceCheck services, the new App Attest API helps protect against security threats to your applications on iOS 14 or later and reduces fraudulent use of your services. App Attest lets you generate a special cryptographic key on a device and use it to validate the integrity of your application before your server grants access to sensitive data.
App Attest adds additional protection against this problem by verifying the integrity of an application using a cryptographic key. By verifying that this cryptographic key is sound, a developer could verify that an application has not been tampered with before granting access to sensitive data. Apple notes that "no single policy can prevent all fraud," adding that App Attest cannot locate a device with a compromised operating system. However, when used in conjunction with the DeviceCheck framework, developers can obtain data to perform an "overall risk assessment." The feature will be introduced with iOS 14, which is expected to debut this fall. (Photo by manae / Bigstockphoto)
