Hello,
I would like to secure the exchanges between my application and my webservices to make sure requests are only made by an authentic application.
By searching the internet I discovered that App Attest from Device Check framework exists but it looks like there are some limitation about it :
-
App Attest doesn't work on most App Extensions (like Share extension)
-
We are limited by the requests count made to the App Attest webservice (only when generating the Apple certificate, one time by device / application).
The problem is I need this security on my app extension because I have a Share extension sending e-mails.
Do you have advice to secure the exchanges between my app and my webservices ?