-
Proteja seus apps com App Attest
Utilize o App Attest para proteger seus apps contra alterações não autorizadas e fraudes. Descubra como os invasores exploram apps modificados para falsificar dados e burlar verificações de segurança, e como o App Attest oferece proteção contra essas ameaças. Aprenda a gerar e gerenciar chaves do App Attest vinculadas à Secure Enclave, validar atestações e declarações e utilizar o indicador de fraude para detectar abusos. Descubra as práticas recomendadas para todas as plataformas da Apple, incluindo novos indicadores no iOS 27 para fortalecer sua validação.
Capítulos
- 0:00 - Introduction
- 1:35 - Protections
- 4:04 - Availability
- 5:02 - Key generation
- 6:12 - Attestation
- 12:10 - Assertion
- 14:58 - Common pitfalls
- 16:27 - Fraud metric
- 19:07 - Next steps
Recursos
-
Buscar neste vídeo...
-
-
5:07 - Generate a Secure Enclave–bound key
import DeviceCheck let keyID = try await DCAppAttestService.shared.generateKey() -
6:32 - Attestation API
import DeviceCheck let keyId: String = ... let clientDataHash: Data = ... let attestation = try await DCAppAttestService.shared.attestKey(keyId: keyId, clientDataHash: clientDataHash) -
12:33 - Assertion API
import DeviceCheck let keyId: String = ... let clientDataHash: Data = ... let assertion = try await DCAppAttestService.shared.generateAssertion(keyId: String, clientDataHash: Data)
-
-
- 0:00 - Introduction
The threats App Attest is designed to address — modified copies of your app sending valid-looking requests to your server, such as falsified quiz submissions or injected game cheats.
- 1:35 - Protections
Verify genuine Apple hardware, detect app modifications, and secure payloads with assertions.
- 4:04 - Availability
Where App Attest is available, now including macOS 27 and all major platforms though not every app extension type, and how to gate usage with the isSupported API and treat unexpected unsupported responses as a fraud signal.
- 5:02 - Key generation
Create a Secure Enclave–bound key ID and store it in the keychain.
- 6:12 - Attestation
Request and validate attestations, including the macOS key access control property and new authenticator-data extensions.
- 12:10 - Assertion
Sign payloads with attested keys and validate the assertion counter on your server.
- 14:58 - Common pitfalls
Handle new keys for existing users, degrade gracefully on rejection, and assess risk before blocking.
- 16:27 - Fraud metric
The receipt-based fraud metric — an approximate 30-day count of unique attested keys on a device — and how it fits a risk profile to spot a compromised device acting as a broker.
- 19:07 - Next steps
Steps to adopt App Attest: rebuild against the latest SDKs, identify flows that benefit from attestations and assertions, set up your server to validate and track them, and fold the fraud metric into your risk pipeline.