App Attestation, Device Attestation, and the Native Security Perimeter

Aylwing Olivas

Aylwing Olivas

4 min read
App Attestation, Device Attestation, and the Native Security Perimeter

The biggest architectural mistake in high-security mobile apps is treating the client as trusted by default.

The reality is adversarial: devices get rooted, apps get cloned and repackaged, bots automate flows, and runtime instrumentation can alter behavior without touching your backend. Attestation changes this conversation—not because you must go native for UI, but because high-security apps require a native-backed security perimeter: platform trust primitives verified on the server.

Here's the claim I'll defend: For high-security apps, your security boundary can't live in a dynamic runtime. It needs native integrity signals, hardware-backed keys, and server verification.

That perimeter is what lets you ship software that survives reality.

Device Attestation vs. App Attestation

These terms get conflated, but they answer different questions:

  • Device attestation: Is this device environment trustworthy—or at least not obviously compromised?
  • App attestation: Is this a legitimate instance of my app—not a tampered binary, not a replayed client, not a counterfeit?

On iOS, Apple's App Attest establishes and verifies app integrity, then requires assertions on future requests. On Android, Google's Play Integrity API provides verdict signals about app and device environment (app integrity, device integrity, account details) that your server uses to decide how to proceed.

The architectural takeaway: Attestation isn't a mobile feature. It's a server policy tool. Your server should condition sensitive actions on valid attestation results.

Cross-Platform Frameworks and Security

"But I'm using React Native / Flutter / Ionic—can't I still do attestation?"

Yes. And you should.

But the critical nuance: you're still relying on native platform primitives, and you must verify them server-side. Cross-platform doesn't remove the need for native security—it wraps it.

This is where "larger surface area" becomes practical rather than ideological:

  • A dynamic runtime plus bridge plus third-party modules increases operational and tampering surface
  • Attackers target what's easiest to inspect, hook, and modify
  • Security-critical logic outside the native perimeter (in JS or an interpretable layer) is easier to bypass

The correct framing isn't "native vs. cross-platform." It's: Where does your security boundary live, and how hard is it to tamper with?

Biometric Authentication Done Right

Biometrics are powerful, but treat them correctly.

On iOS, LocalAuthentication (LAContext) evaluates user presence via Face ID, Touch ID, or passcode fallback. The app never receives biometric data—only a success/fail result for an authentication policy.

The robust pattern for high-security apps:

  1. User completes primary auth (OIDC / OAuth / SSO)
  2. Store refresh/session material in Keychain, protected by access control requiring biometrics/passcode
  3. Subsequent app unlocks use biometrics to unlock the stored secret—not to be the identity

Biometrics become a local gate to secrets that your backend still validates.

Keys and Cryptography: Where Native Becomes Non-Negotiable

High-security apps aren't just about screens—they're about key handling.

On Apple platforms, you have strong primitives:

  • Secure Enclave: Hardware-based key manager isolated from the main processor, designed to protect cryptographic keys
  • CryptoKit: Modern crypto APIs with explicit support for private keys stored and managed by Secure Enclave
  • Keychain storage patterns for CryptoKit keys

"Encrypting a token" isn't the hard part. The hard part is ensuring key material is:

  • Non-exportable (or strongly protected)
  • Gated behind user presence (biometrics)
  • Resistant to casual extraction
  • Integrated into your attestation story

You can do some of this cross-platform, but the moment you're serious, you end up designing around the native key hierarchy anyway.

Attestation + Keys: Binding Requests to Real Apps on Real Devices

Here's the design pattern (platform-agnostic):

  1. App obtains attestation result (iOS App Attest / Android Play Integrity)
  2. App sends attestation payload to server
  3. Server verifies and assigns a risk tier
  4. For high-risk actions, server requires:
    • Fresh attestation, and/or
    • Request signing, and/or
    • Proof-of-possession of a hardware-backed key

Apple's App Attest flow explicitly orients around server verification of key attestations, then requiring app assertions for future requests. Google's Play Integrity documentation similarly frames the verdict as something your server verifies and uses for decision-making.

This is the difference between "the app looks secure" and "the system enforces security."

HIPAA Auto-Logout: Beyond a Timer

Auto-logout is a common compliance expectation. The baseline: time-based idle lock plus lock-on-background.

But there's a more interesting approach: using on-device vision to detect whether the user is present, locking when they aren't. This can be a legitimate enhancement—if you treat privacy and reliability as first-class constraints.

A Privacy-First Approach

  • Use front camera plus Vision framework face detection to infer "someone is present" (not identity), entirely on-device
  • VNDetectFaceRectanglesRequest provides face detection; Apple publishes real-time tracking guidance
  • Camera access requires user permission with a clear purpose string
  • Treat the signal as advisory, not authoritative:
    • Never rely on face detection as the only control
    • Keep traditional idle timeout as baseline
    • Use face presence to reduce unnecessary lockouts or trigger faster lock when the device is clearly unattended

Critical Caveats

  • Battery/performance: Real-time camera processing is expensive
  • Privacy posture: Continuous front camera usage is sensitive—requires transparent UX and strong minimization (no recording, no uploads, no storage)
  • Compliance reality: HIPAA is broader than auto-logout. This is one control, not the compliance story.

What "Going Native" Actually Means

For high-security apps, "native" doesn't mean "no cross-platform UI." It means:

  • Using platform primitives for attestation and key protection
  • Binding sensitive actions to server-verified integrity signals
  • Keeping security-critical operations inside a native perimeter (or native modules you own and can audit)
  • Assuming the client can be tampered with, designing controls accordingly

OWASP's mobile security work provides a useful anchor for framing this as industry-standard security posture (verification levels, testing guidance, runtime integrity considerations).

Security Perimeter Checklist

Integrity

  • [ ] App attestation integrated and server-verified (iOS App Attest / Android Play Integrity)
  • [ ] High-risk endpoints require fresh integrity proof

Authentication

  • [ ] Local biometrics unlock stored secrets (not used as identity)
  • [ ] Primary auth via OIDC/OAuth/SSO with secure token storage

Key Management

  • [ ] Hardware-backed key strategy (Secure Enclave where applicable)
  • [ ] CryptoKit + Keychain storage patterns for long-lived keys
  • [ ] Keys are non-exportable and gated behind user presence

Session & Compliance Controls

  • [ ] Idle timeout + lock-on-background baseline
  • [ ] Optional presence-aware enhancement using on-device Vision with explicit consent

Server-Side Enforcement

  • [ ] Treat client as hostile; enforce policies server-side
  • [ ] Monitoring + anomaly detection on suspicious integrity results
  • [ ] Step-up auth for high-risk actions with attestation failures

Read more