Ensure that requests your server receives come from legitimate instances of your app using Apple’s App Attest - part of the DeviceCheck framework.
This sample code accompanies a talk about the Device Check framework which covered:
- Features of the DeviceCheck framework
- Basics of Asymmetric Cryptography
- Implementation of App Attest (this repository)
- Draft Industry Standards: OAuth 2.0 Attestation-Based Client Authentication
The talk was given at NSLondon on 21st November, 2024 at Apple Battersea, you can find the slides from the talk here.
This implementation currently covers:
- Generating an App Attest key in Secure Enclave | App
- Serving a challenge from server to app | Server
- Attesting a key for the given challenge | App
- Submitting the Attestation Object to the server | App
- Receiving the Attestation Object from the app | Server
- Decoding the Attestation Object for validation | Server
- Validing the Attestation Object | Server
- Acquiring fraud metrics from Apple using the receipt | Server
- Storing Attestation Key for future assertions | Server
- Generating assertion objects for authentication | App
- Submitting the Assertion Object to the server | App
- Receiving the Assertion Object from the app | Server
- Decoding the Assertion Object for validation | Server
- Validating the Assertion Object | Server
- Make
AttestationDecoding&AttestationValidationtargets available as a Swift Package
- iOS 14.0+
- Latest version of Xcode
- Swift 5.0+
- Clone the repository
git clone https://github.com/Oliver-Binns/app-attest.git- Open the project in Xcode
- Build and run the sample application
Pull requests and feature requests are welcome - this sample code is developed fully in the open.
SwiftLint is run against all code, please ensure you have this installed so that pre-commit hooks can run successfully.
Conventional Commits are required for each pull request to ensure that release versioning can be managed automatically. Please ensure that you have enabled the Git hooks, so that you don't get caught out!:
git config core.hooksPath hooks
The progress section above covers some future enhancements that you could contribute.
Oliver is an experienced mobile software engineer based in London. After attaining an IET accredited master’s degree in Computer Science from the University of York, he started his career building websites in PHP and JavaScript, before pivoting into native iOS development. He has led teams to scale apps from first lines of code to #1 on the App Store and Google Play Store.