How can a compromised device pass attestations

Question

lzell2 OP

Created 6h

Replies 4

Boosts 1

Participants 3

This post is from the WWDC26 App Attest & DeviceCheck Q&A.

Hi App Attest team,

I was nodding along happily in the wwdc session, because it was seeming like an air tight solution to prevent API abuse while allowing "guest" access (e.g. not enforcing that users log in). Then I hit this line, "a compromised device can still pass attestations". How is that possible? Earlier in the session, the presenter said "[AppAttest] gives you the assurance that your app is running on a secure apple device". I'm trying to square these statements and understand the motivation of the 'fraud metric'.

Thank you!

Lou

Ps. I'm so happy that AppAttest is available on Mac now. :D

Answered by Engineer in 891139022

A compromised device in this situation alludes to a device that is setup solely for the purposes of generating attestations from a legitimate instance of your app, and then proxying them to illegitimate app instances on other devices.

In this situation, the "compromised" device can become a host for generating lots of attestations. The fraud metric can help you identify attestations associated with such a type of device, and take action accordingly. It is a secondary fraud signal that complements the overall App Attest workflow. Hope that helps clarify the confusion!

Answer 1

Engineer OP

Apple

6h

Accepted Answer

Recommended

A compromised device in this situation alludes to a device that is setup solely for the purposes of generating attestations from a legitimate instance of your app, and then proxying them to illegitimate app instances on other devices.

In this situation, the "compromised" device can become a host for generating lots of attestations. The fraud metric can help you identify attestations associated with such a type of device, and take action accordingly. It is a secondary fraud signal that complements the overall App Attest workflow. Hope that helps clarify the confusion!

Answer 2

Shazraz OP

6h

Does jailbreaking allow AppAttest to become compromised in anyway? Can we trust risk metrics that a result of attestations from a jailbroken device?

Answer 3

lzell2 OP

6h

Thanks, just to clarify because I'm still wrapping my head around this. I naively think of App Attest in two stages: one setup stage to generate the App Attest key and stuff it in Keychain, and one ongoing stage of generating assertions just-in-time for use in a payload to the server. (this understanding is very basic because I haven't implemented it yet).

If that understanding is correct (please correct me if I'm wrong), then wouldn't the assertions generated from device B, which received an attestation key from compromised device A fail at time of use?

Answer 4

Engineer OP

Apple

6h

generating assertions just-in-time for use in a payload to the server

That's correct, you should perform the attestation prior to user operations where you might want to generate assertions. As you point out, you want to generate the assertion right around when you send payloads to your server.

If that understanding is correct (please correct me if I'm wrong), then wouldn't the assertions generated from device B, which received an attestation key from compromised device A fail at time of use?

Indeed it would. A device (and app!) that did not generate the attestation, cannot assert for another key.

The fraud metric tracks attestation volume associated with a particular device, without revealing the device to the developer app server.