10 Replies
      Latest reply on Sep 6, 2019 8:36 AM by iphonegamedeveloper
      iphonegamedeveloper Level 1 Level 1 (0 points)

        I know device check is set and get two bit information. Can we use that API  directly or indirectly to store and get app/jws/jwt tokens?

        • Re: deviceCheck API usage
          eskimo Apple Staff Apple Staff (11,825 points)

          Can we use that API directly or indirectly to store and get app/jws/jwt tokens?

          Probably not.  Presumably you’re using JWT to identify users, and DeviceCheck was designed to make it unusable for that task.

          Can you explain more about the background to your query?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: deviceCheck API usage
              iphonegamedeveloper Level 1 Level 1 (0 points)

              This question is related to https://forums.developer.apple.com/thread/120839

               

              I wanted to store a static/hardocoded key/token in the app but couldn't find a promising solution. So I thought of checking whether Apple provides any mechanism to store and retrieve the token.

                • Re: deviceCheck API usage
                  eskimo Apple Staff Apple Staff (11,825 points)

                  I wanted to store a static/hardocoded key/token in the app but couldn't find a promising solution.

                  This is not an intended use case for DeviceCheck.

                  What you’re trying to implement here is a form of DRM, a topic that has come up many times here on DevForums.  You can find my take on it here.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: deviceCheck API usage
                      iphonegamedeveloper Level 1 Level 1 (0 points)

                      I read the forum thread that you shared here. Is there any article or documents available about DRM in apple developer website?

                        • Re: deviceCheck API usage
                          eskimo Apple Staff Apple Staff (11,825 points)

                          Is there any article or documents available about DRM in apple developer website?

                          No.  If you follow the link in that post I referenced, you’ll find an explanation as to why DTS doesn’t support DRM development.

                          Share and Enjoy

                          Quinn “The Eskimo!”
                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                          let myEmail = "eskimo" + "1" + "@apple.com"

                            • Re: deviceCheck API usage
                              iphonegamedeveloper Level 1 Level 1 (0 points)

                              Are you suggesting to use SQLite to store static text securely? Can we use Keychain as well?

                                • Re: deviceCheck API usage
                                  eskimo Apple Staff Apple Staff (11,825 points)

                                  Are you suggesting to use SQLite to store static text securely?

                                  No, I’ve not mentioned SQLite in this thread at all.

                                  Can we use Keychain as well?

                                  It’s certainly possible to store arbitrary small credentials in the keychain, and such credentials are protected by all of the standard protections the system gives to keychain items [1].  However, based on your previous posts it seems like you want to pre-populate the keychain with a credential, and that’s not possible.  The only way to get an item into the keychain is to add it programmatically.

                                  Share and Enjoy

                                  Quinn “The Eskimo!”
                                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                  let myEmail = "eskimo" + "1" + "@apple.com"

                                  [1] See the iOS Security document, which you can find a link to in the Security Resources pinned post.