articleschannelstagsspacestoolkit
LINE ENGINEERING GLOBAL

Ensuring device and app integrity and protecting service requests: LINE device attestation service (3)

View Original
thumbnail

Table of Contents

  1. Understanding iOS device attestation
  2. Our iOS integration architecture
    • 2.1. AttestationCoordinator
    • 2.2. Key Storage
  3. iOS-specific implementation challenges
    • 3.1. During attestation
      • 3.1.1. invalidKey (DCError Code 3)
      • 3.1.2. unknownSystemFailure (DCError Code 0)
    • 3.2. During assertion
      • 3.2.1. invalidInput (DCError Code 2)
      • 3.2.2. invalidKey (DCError Code 3)
  4. iOS-specific error handling and logging
  5. iOS reliability design strategies
    • 5.1. Configuration Management
    • 5.2. iOS state tracking and recovery
    • 5.3. iOS background handling with retry mechanism and jitter

Understanding iOS Device Attestation

The Device Attestation on iOS utilizes Apple's App Attest API within the DeviceCheck framework to ensure requests are coming from genuine instances of the app on Apple devices.

Our iOS Integration Architecture

2.1. AttestationCoordinator

  • Acts as the central component orchestrating attestation and assertion processes.
  • Manages interactions with the SDK for conducting attestation within the LINE app and assertions across services.

2.2. Key Storage

  • Implements secure storage using iOS keychain capabilities for key identifiers.

iOS-Specific Implementation Challenges

3.1. During Attestation

3.1.1. invalidKey (DCError Code 3)
  • Occurs when iOS's App Attest service rejects a key due to platform-specific reasons.
3.1.2. unknownSystemFailure (DCError Code 0)
  • Appears on various iOS devices and could be related to memory management or background processes.

3.2. During Assertion

3.2.1. invalidInput (DCError Code 2)
  • Typically happens due to incorrectly formatted assertion parameters.
3.2.2. invalidKey (DCError Code 3)
  • Arises when calling assertions with an already attested key.

iOS-Specific Error Handling and Logging

Comprehensive error reporting tailored to iOS was implemented for better troubleshooting of iOS-specific issues.

iOS Reliability Design Strategies

5.1. Configuration Management

  • Added a configuration provider for feature control and remote adjustments.

5.2. iOS State Tracking and Recovery

  • Implemented state tracking to recover from interrupted attestation/assertion attempts.

5.3. iOS Background Handling with Retry Mechanism and Jitter

  • Developed a retry mechanism compatible with iOS app state transitions, complemented by a jitter-based refreshing strategy.

Through collaboration with the Security R&D team, successful integration of device attestation technology in the iOS app was achieved, along with solutions to iOS-specific challenges.