iOS 14 introduces new 'App Attest' API to cut down on app fraud
Apple in iOS 14 will introduce a new DeviceCheck feature called App Attest that boosts the security of apps on the platform.
Credit: Apple
DeviceCheck is an iOS framework, first introduced in iOS 11, that can help developers cut down on the fraudulent use of their apps.
In iOS 14, Apple is adding a new API to the framework called App Attest. Like DeviceCheck, App Attest aims to cut down on the inappropriate use of developer servers through compromised apps.
As Apple notes in developer documentation, apps can be modified and distributed outside of the App Store, leading to versions of those apps with unauthorized features like "game cheats, ad removal, or access to premium content."
App Attest adds a safeguard against this problem by verifying the integrity of an app using a cryptographic key. By verifying that this cryptographic key is sound, a developer could verify that an app hasn't been tampered with before sharing access to sensitive data.
Apple does note that "no single policy can eliminate all fraud," and adds that App Attest isn't able to pinpoint a device with a compromised operating system. Together with the DeviceCheck framework, however, developers can get data to perform a "overall risk assessment."
The App Attest feature will launch with iOS 14, which is expected to debut in the fall.
Credit: Apple
DeviceCheck is an iOS framework, first introduced in iOS 11, that can help developers cut down on the fraudulent use of their apps.
In iOS 14, Apple is adding a new API to the framework called App Attest. Like DeviceCheck, App Attest aims to cut down on the inappropriate use of developer servers through compromised apps.
As Apple notes in developer documentation, apps can be modified and distributed outside of the App Store, leading to versions of those apps with unauthorized features like "game cheats, ad removal, or access to premium content."
App Attest adds a safeguard against this problem by verifying the integrity of an app using a cryptographic key. By verifying that this cryptographic key is sound, a developer could verify that an app hasn't been tampered with before sharing access to sensitive data.
Apple does note that "no single policy can eliminate all fraud," and adds that App Attest isn't able to pinpoint a device with a compromised operating system. Together with the DeviceCheck framework, however, developers can get data to perform a "overall risk assessment."
The App Attest feature will launch with iOS 14, which is expected to debut in the fall.
Comments
Blockchain is more useful to track the history of things like parts/maintenance history, product origins, shipping tracking. I don't see any inherent benefit to determine if somebody hacked an app for themselves or for distribution (you can do that by extracting from a backup, editing and then restoring).
And by the way, blockchain and hashgraph rely on cryptographic keys.
You don't see the obvious problem of exposing a malicious app to the OS? And how would that be better? Are you arguing that hackers would somehow guess the correct key and use it in the modfied app?
Tell us more professor.
Obviously if iOS itself can be modified to disable the security code, all bets are off but as you know it is impossible to hack iOS (that's a joke, son).