Request Pricing

En

AppAttestation_HERO-2_glow

Improve API security with mobile app attestation.

Ensure the app calling your APIs at runtime is authentic, untampered and trustworthy. Detect real-time threats with dynamic security policies based on aggregated threat data.

Connect with an expert Download the App Attestation fact sheet

GUARDSQUARE-Raise-the-Bar-on-Mobile-App-Security-with-App-Attestation

Protect against mobile API abuse without impact on UX

Establish trust before granting access to your APIs. Allow only legitimate applications to interact with your APIs, blocking bots and non-genuine apps while eliminating false positives.

1—protect-against-API-abuse

Mitigate bot attacks with continuous security policy updates

Gather insight into the behavior of users and their devices with your application. Make informed decisions to detect threats using data-driven checks powered by millions of devices. Server-side security control allows you to benefit from continuous threat detection updates, requiring fewer rebuilds of your application.

App-attestation__continuous updates

Augment existing client-side protections with enhanced mobile API security

In-house solutions are costly, complex, and difficult to maintain in an evolving threat environment. Basic OS integrity checks won’t stop sophisticated, scalable bot attacks. Extend and strengthen OS protections like App Attest or Play Integrity API with a single platform built for flexible server-side control & fine-grained security policies determined by you.

3—Instant security policy changes

Instant security policy changes

Fine-tune your security policies, instantly tailoring them to achieve the security controls you desire for your app. Create dynamic security policies, with fine-grained allow/deny lists that can be updated without requiring an update to your app.

“With app attestation, we finally brought security logic to the server side—where it’s much harder to tamper with. Being able to adjust policies from the back-end without pushing an app update is a game changer.”

—Security Operation Manager, AAA Gaming Studio, North America

4-App-attestation-Unmatched granularity & visibility across multiple platforms

Unmatched granularity & visibility across multiple platforms

Get comprehensive visibility into potential threats and attestation results for your iOS and Android apps.
Leverage granular security insights to customize policies based on threat data.
View historical attestation records to analyze the trail of an attestation result and identify trends in user behavior.

5-Server-side validation-1

Add server-side validation to your mobile app protection strategy

Perform attestation checks as an integral part of your server backend. These server-side security controls strengthen overall protection by complementing attestation with the client-side obfuscation and RASP measures you’ve implemented.

Customer stories and resources

Fact Sheets app attestation

App Attestation fact sheet

App attestation verifies the application is trustworthy. Ensure the app interacting with your APIs at runtime is authentic, untampered and safe to trust. Detect real-time threats and enforce dynamic security policies, automatically blocking unauthorized access based on aggregated threat intelligence.

Read the report

Blogs app attestation

Raise the Bar on Mobile App Security with App Attestation

Building trust is paramount to earning and maintaining a loyal user base for your mobile apps. Users expect an uninterrupted, high performing, and secure in-app experience - and that trust must extend to the unseen interactions between your app and

View All Resources

Discover how Guardsquare provides industry-leading protection for mobile apps.

Connect with an expert

What is mobile app attestation?

App attestation is a secure approach to verify that only your app can connect to your APIs. By adding server-side validation, app developers and security teams can ensure only legitimate apps interact with their APIs - blocking bots or non-genuine apps from interacting with your APIs.

What threats does mobile app attestation detect?

Mobile app attestation policies detect threats concerning the integrity of the app and the device. These policies can be changed or updated by the app developer at any time. Some example policies include:

Unexpected libraries or hooking frameworks
Tampering with the binary
Changes to the signature
Function hooks or code tracing
Tampering with resources
Running on a rooted device or emulator

Why is mobile app attestation important?

Mobile app attestation enforces server-side security policies that perform checks and return a verdict that is in the cloud and unreachable by attackers. These dynamic policies are highly flexible and can be changed without the need to rebuild your mobile app.

How does mobile app attestation work?

The mobile app attestation service analyzes the app making the request and the environment of the device it’s running on. It generates a cryptographically signed token that determines a verdict based on the app's attestation policies that the developer or security analyst can then act on. This token is short-lived, encrypted, and cannot be reused or spoofed.