Request Pricing
En
Request pricing

Login
AppAttestation_HERO-2_glow

Mobile App Attestation: How It Works

Mobile app attestation is a security technique that verifies the integrity and authenticity of a mobile application and its runtime environment before allowing it to access sensitive data or services. Guardsquare’s mobile app attestation bridges the gap between client-side protections and server-side authentication for complete end-to-end security.

Connect with an expertDownload the App Attestation fact sheet
GUARDSQUARE-Raise-the-Bar-on-Mobile-App-Security-with-App-Attestation

5 Benefits of Mobile App Attestation:

  • Verifies app integrity and user authenticity
  • Protects your APIs from server-side abuse
  • Deploys instant updates to your security policies
  • Continuous threat detection updates based on data-driven insights
  • Strengthens defenses against fraud and abuse
1—protect-against-API-abuse

Protect against API abuse

Confirm the app accessing your APIs is genuine. Allow only legitimate applications to interact with your APIs, blocking bots and non-genuine apps.
App-attestation__continuous updates

Stay ahead of threats with continuous updates

Gather insight into the behavior of users and their devices with your application. Server-side security control allows you to benefit from continuous threat detection updates, requiring fewer rebuilds of your application.
3—Instant security policy changes

Instant security policy changes

Fine-tune your security policies, instantly tailoring them to achieve the security controls you desire for your app. Create dynamic security policies, with fine-grained allow/deny lists that can be updated without requiring an update to your app.

“With app attestation, we finally brought security logic to the server side—where it’s much harder to tamper with. Being able to adjust policies from the back-end without pushing an app update is a game changer.”

—Security Operation Manager, AAA Gaming Studio, North America

4-App-attestation-Unmatched granularity & visibility across multiple platforms

Unmatched granularity & visibility across multiple platforms

  • Get comprehensive visibility into potential threats and attestation results for your iOS and Android apps. 
  • Leverage granular security insights to customize policies based on threat data.
  • View historical attestation records to analyze the trail of an attestation result and identify trends in user behavior.
5-Server-side validation-1

Add server-side validation to your mobile app protection strategy

Perform attestation checks as an integral part of your server backend. These server-side security controls strengthen overall protection by complementing attestation with the client-side obfuscation and RASP measures you’ve implemented.

Customer stories and resources

Fact Sheets app attestation

App Attestation fact sheet

App attestation verifies the application is trustworthy. Ensure the app interacting with your APIs at runtime is authentic, untampered and safe to trust. Detect real-time threats and enforce dynamic security policies, automatically blocking unauthorized access based on aggregated threat intelligence.

Read the report
Blogs app attestation

Raise the Bar on Mobile App Security with App Attestation

Building trust is paramount to earning and maintaining a loyal user base for your mobile apps. Users expect an uninterrupted, high performing, and secure in-app experience - and that trust must extend to the unseen interactions between your app and

Read the blog
View All Resources

Discover how Guardsquare provides industry-leading protection for mobile apps.

Connect with an expert

App attestation is a secure approach to verify that only your app can connect to your APIs. By adding server-side validation, app developers and security teams can ensure only legitimate apps interact with their APIs - blocking bots or non-genuine apps from interacting with your APIs.

Mobile app attestation policies detect threats concerning the integrity of the app and the device. These policies can be changed or updated by the app developer at any time. Some example policies include:

  • Unexpected libraries or hooking frameworks
  • Tampering with the binary
  • Changes to the signature
  • Function hooks or code tracing
  • Tampering with resources
  • Running on a rooted device or emulator

Mobile app attestation enforces server-side security policies that perform checks and return a verdict that is in the cloud and unreachable by attackers. These dynamic policies are highly flexible and can be changed without the need to rebuild your mobile app.

The mobile app attestation service analyzes the app making the request and the environment of the device it’s running on. It generates a cryptographically signed token that determines a verdict based on the app's attestation policies that the developer or security analyst can then act on. This token is short-lived, encrypted, and cannot be reused or spoofed.