Time verification in iOS 18+

We built a time verification feature as part of our iPadOS/iOS app where recording an accurate timestamp is part of a core feature of ours. We want to maintain integrity of recorded data, but our app must still be able to operate offline. To accomplish this, we established a baseline between the device's internal clock (CLOCK_MONOTONIC_RAW) and our servers via an initial network request. Once that baseline is established, we can reliably calculate the true time, or detect when a user may have tampered their device's time, especially while offline.

Of course, this baseline falls apart after the device reboots. We have been using kern.bootsessionuuid locally to detect when a device has rebooted so we know to wipe the baseline and try to establish a new one.

Unfortunately (I'm sure due to issues with device fingerprinting), Apple has removed access to kern.bootsessionuuid in iOS 18, silently and without warning. This has compromised the integrity of our feature. https://developer.apple.com/documentation/ios-ipados-release-notes/ios-ipados-18-release-notes#Deprecations

Is there any other way that our app can detect or be notified that a device reboot has occurred?

Alternatively, Google has just provided a "TrustedTime" API that looks to do the heavy lifting for what we have been solving ourselves. Would it be possible for Apple to provide a similar API? https://android-developers.googleblog.com/2025/02/trustedtime-api-introducing-reliable-approach-to-time-keeping-for-apps.html

We would appreciate any guidance here. Thanks!

Answered by DTS Engineer in 825483022

First up, I recommend that you file an enhancement request for a trusted time API. You are not the first person to want this, and your ER might be help boost that particular signal. Please post your bug number, just for the record.

Written by gurustephen in 774658021
Unfortunately … Apple has removed access to kern.bootsessionuuid in iOS 18, silently and without warning.

Oh we did. Interesting.

Written by gurustephen in 774658021
I'm sure due to issues with device fingerprinting

That seems likely. Two things:

  • In this DevForums post I reference a great quote about entropy. Keep that in mind as you explore the limits of the platform.

  • kern.bootsessionuuid was never considered API. That’s rather a subtle point because of the documentation story for our low-level APIs (see Availability of Low-Level APIs) but you’ll note that it’s not listed in the sysctlbyname man page.

In terms of what you can do right now, you’ll find my advice in this post.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

First up, I recommend that you file an enhancement request for a trusted time API. You are not the first person to want this, and your ER might be help boost that particular signal. Please post your bug number, just for the record.

Written by gurustephen in 774658021
Unfortunately … Apple has removed access to kern.bootsessionuuid in iOS 18, silently and without warning.

Oh we did. Interesting.

Written by gurustephen in 774658021
I'm sure due to issues with device fingerprinting

That seems likely. Two things:

  • In this DevForums post I reference a great quote about entropy. Keep that in mind as you explore the limits of the platform.

  • kern.bootsessionuuid was never considered API. That’s rather a subtle point because of the documentation story for our low-level APIs (see Availability of Low-Level APIs) but you’ll note that it’s not listed in the sysctlbyname man page.

In terms of what you can do right now, you’ll find my advice in this post.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Time verification in iOS 18+
 
 
Q