Skip to content

qstrnd/DeviceCheck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.vscode
.vscode
 
 
DeviceCheckApp
DeviceCheckApp
 
 
DeviceCheckServer
DeviceCheckServer
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

DeviceCheck Sample Application

A comprehensive sample application demonstrating Apple's DeviceCheck API, including Device Identification and App Attest features.

Project Structure

This repository contains two main components:

  • DeviceCheckApp: iOS test application built with SwiftUI
  • DeviceCheckServer: Backend server built with Swift and Vapor

Requirements

iOS App

  • Xcode 15.0 or later
  • iOS 17.0 or later
  • Swift 5.9 or later

Server

  • Swift 5.9 or later
  • macOS 13.0 or later (for development)

Getting Started

1. Configure the Server

Before running the server, you need to configure your Apple credentials:

  1. Open DeviceCheckServer/Sources/App/Constants.swift

  2. Update the following constants:

    static let bundleID = "com.yourcompany.DeviceCheck"  // Your app's bundle ID
static let teamID = "YOUR_TEAM_ID"                   // Your Apple Team ID
static let authKeyID = "YOUR_KEY_ID"                 // Your Auth Key ID

  3. For production use with Apple's DeviceCheck API:

    • Generate an authentication key in Apple Developer Portal
    • Download the .p8 key file
    • Place it in the DeviceCheckServer directory
    • Update authKeyPath in Constants.swift if needed

2. Running the Server

Navigate to the server directory and run:

cd DeviceCheckServer
swift run

The server will start on http://localhost:8080

Available Endpoints

Health Check:

  • GET / - Server info
  • GET /health - Health status

Device Identification:

  • POST /api/device/query - Query device bits
  • POST /api/device/update - Update device bits
  • POST /api/device/validate - Validate device

App Attest:

  • GET /api/attest/challenge - Get attestation challenge
  • POST /api/attest/validate - Validate attestation
  • POST /api/attest/assertion - Validate assertion

3. Running the iOS App

  1. Open DeviceCheckApp/DeviceCheck.xcodeproj in Xcode
  2. Update the bundle identifier to match your Apple Developer account
  3. Select a physical device (DeviceCheck requires a real device, not simulator)
  4. Make sure the server is running
  5. Build and run the app (⌘R)

Note: DeviceCheck APIs only work on physical iOS devices, not in the simulator.

4. Configure Backend Endpoint (Optional)

If running the server on a different machine or port, update the endpoint in the iOS app:

  1. Open DeviceCheckApp/DeviceCheck/Constants.swift
  2. Update baseURL to point to your server: 
    static let baseURL = "http://your-server-address:8080"

Features

Device Identification Tab

The Device Identification tab demonstrates Apple's two-bit storage API:

  • Query Request: Retrieves the current values of the two bits from Apple's servers
  • Update Request: Updates the two bits with new values
  • Device Validation: Validates the device against custom criteria

The UI displays the bits as gray rounded squares that show 0 or 1 when populated.

App Attest Tab

The App Attest tab is a placeholder for App Attest functionality. The server includes endpoints for:

  • Challenge generation
  • Attestation validation
  • Assertion validation

Demo Mode

Important: The current implementation runs in demo mode. The server simulates responses from Apple's DeviceCheck API without making actual calls to Apple's servers.

To integrate with Apple's real DeviceCheck API:

  1. Configure your Apple Developer account credentials
  2. Implement JWT token generation for Apple API authentication
  3. Update the controller methods to make actual HTTP requests to Apple's DeviceCheck endpoints
  4. Add proper CBOR parsing for App Attest attestation and assertion objects
  5. Implement cryptographic verification of App Attest signatures

Architecture

iOS App

  • SwiftUI for the user interface
  • MVVM architecture with view models
  • DeviceCheck framework for device token generation
  • App Attest framework for attestation (placeholder)

Server

  • Vapor web framework
  • Controller-based routing
  • Separate controllers for Device Identification and App Attest
  • Models for request/response objects

Development

Building for Production

For production deployment:

  1. Update server configuration in configure.swift
  2. Configure proper authentication with Apple's API
  3. Add database persistence for storing device states and public keys
  4. Implement proper error handling and logging
  5. Add rate limiting and security measures
  6. Use HTTPS for all communications

Testing

Run server tests:

cd DeviceCheckServer
swift test

Resources

License

See LICENSE.txt for details.

Notes

  • DeviceCheck is only available on physical iOS devices (iOS 11.0+)
  • App Attest requires iOS 14.0 or later
  • The two-bit storage is device-specific and persists across app installations
  • Proper implementation requires server-side verification with Apple's servers

About

Client and server side integration example of DeviceCheck from Apple

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages