-
Protege tus apps con App Attest
Utiliza App Attest para proteger tu app contra modificaciones no autorizadas y fraudes. Descubre cómo los atacantes aprovechan las apps modificadas para falsificar datos y eludir los controles de seguridad, y cómo App Attest ofrece protección contra estas amenazas. Descubre cómo generar y administrar claves de App Attest vinculadas a Secure Enclave, validar certificaciones y afirmaciones, y utilizar la métrica de fraude para detectar abusos. Descubre las mejores prácticas en todas las plataformas de Apple, incluidas las nuevas señales de iOS 27 para reforzar tu validación.
Capítulos
- 0:00 - Introduction
- 1:35 - Protections
- 4:04 - Availability
- 5:02 - Key generation
- 6:12 - Attestation
- 12:10 - Assertion
- 14:58 - Common pitfalls
- 16:27 - Fraud metric
- 19:07 - Next steps
Recursos
-
Buscar este video…
-
-
5:07 - Generate a Secure Enclave–bound key
import DeviceCheck let keyID = try await DCAppAttestService.shared.generateKey() -
6:32 - Attestation API
import DeviceCheck let keyId: String = ... let clientDataHash: Data = ... let attestation = try await DCAppAttestService.shared.attestKey(keyId: keyId, clientDataHash: clientDataHash) -
12:33 - Assertion API
import DeviceCheck let keyId: String = ... let clientDataHash: Data = ... let assertion = try await DCAppAttestService.shared.generateAssertion(keyId: String, clientDataHash: Data)
-
-
- 0:00 - Introduction
The threats App Attest is designed to address — modified copies of your app sending valid-looking requests to your server, such as falsified quiz submissions or injected game cheats.
- 1:35 - Protections
Verify genuine Apple hardware, detect app modifications, and secure payloads with assertions.
- 4:04 - Availability
Where App Attest is available, now including macOS 27 and all major platforms though not every app extension type, and how to gate usage with the isSupported API and treat unexpected unsupported responses as a fraud signal.
- 5:02 - Key generation
Create a Secure Enclave–bound key ID and store it in the keychain.
- 6:12 - Attestation
Request and validate attestations, including the macOS key access control property and new authenticator-data extensions.
- 12:10 - Assertion
Sign payloads with attested keys and validate the assertion counter on your server.
- 14:58 - Common pitfalls
Handle new keys for existing users, degrade gracefully on rejection, and assess risk before blocking.
- 16:27 - Fraud metric
The receipt-based fraud metric — an approximate 30-day count of unique attested keys on a device — and how it fits a risk profile to spot a compromised device acting as a broker.
- 19:07 - Next steps
Steps to adopt App Attest: rebuild against the latest SDKs, identify flows that benefit from attestations and assertions, set up your server to validate and track them, and fold the fraud metric into your risk pipeline.