With iOS 14, Apple will introduce a new DeviceCheck feature called App Attest to increase the security of applications on the platform.
DeviceCheck is an iOS framework first introduced with iOS 11 that can help developers reduce fraudulent use of their apps. In iOS 14, Apple is adding a new API to the framework called App Attest. Like DeviceCheck, App Attest aims to curb inappropriate use of developer servers by compromised apps. As Apple notes in the developer documentation, apps can be modified and distributed outside of the App Store, resulting in versions of those apps with unauthorized features such as “game cheats, removing ads, or accessing premium content.” The notice:
"Check the integrity of an application"
As part of DeviceCheck services, the new App Attest API helps protect against security threats to your applications on iOS 14 or later and reduces fraudulent use of your services. App Attest lets you generate a special cryptographic key on a device and use it to validate the integrity of your application before your server grants access to sensitive data.
So App Attest adds an additional layer of protection against this problem by verifying the integrity of an application using a cryptographic key. By verifying that this cryptographic key is sound, a developer could check that an application has not been tampered with before granting access to sensitive data. Apple notes that "no single policy can rule out all fraud," adding that App Attest is unable to locate a device with a compromised operating system. However, when used in conjunction with the DeviceCheck framework, developers can obtain data to perform an "overall risk assessment." The feature will be introduced with iOS 14, which is expected to debut in the fall. (Photo by manae / Bigstockphoto)
