Your One‑Stop Shop for Mobile Client Attestation
Warden Supreme is a comprehensive solution for remote attestation on mobile platforms. It provides a unified framework to verify the integrity of Android and iOS client applications and the devices the are running on, ensuring that only authentic, untampered apps can access a service. This project consolidates WARDEN and WARDEN‑roboto, integrating them with Signum, a Kotlin Multiplatform crypto/PKI library, to deliver a streamlined attestation format and developer experience.
Tip
Already familiar with attestation? Jump to the Integration Guide.
This documentation goes beyond Warden Supreme specifics and provides a structured overview of remote attestation, from concepts to hands‑on integration:
-
Background
- What is Remote Attestation? A security mechanism where a device proves its integrity to a remote server by producing a signed statement about its hardware, OS state, and app identity.
→ See Remote Attestation Primer. - Why attestation beats heuristics (e.g., simple “root checks”), plus threat models and risks.
→ See Threat Models and Risks. - “Pure” Attestation vs. proprietary services (Google Play Integrity, Apple App Attest), privacy, data protection, and digital sovereignty.
→ See Privacy and Data Protection.
- What is Remote Attestation? A security mechanism where a device proves its integrity to a remote server by producing a signed statement about its hardware, OS state, and app identity.
-
Technical Details
- Android key attestation: proving hardware‑backed keys and embedding app identity in the attestation record.
→ See Technical Deep Dive: Android. - iOS App Attest: verifying app integrity and emulating key attestation semantics.
→ See Technical Deep Dive: iOS. - Pitfalls, quirks, and workarounds requiring careful evaluation.
→ See Technical Deep Dive: Quirks and Hints.
- Android key attestation: proving hardware‑backed keys and embedding app identity in the attestation record.
-
Integrating Warden Supreme
Warden Supreme includes the battle‑tested, formerly stand‑alone WARDEN library that has attested millions of devices in production. Using Warden Supreme reduces integration pitfalls and complexity, enabling you to:- ✅ Verify device and app integrity using hardware‑backed proofs
- ✅ Support Android Key Attestation (see Android Key & ID Attestation)
- ✅ Support Apple App Attest (see DeviceCheck / App Attest) with key attestation emulation
- ✅ Use a unified server API for both platforms
- ✅ Use a unified client API for both platforms
→ See the Integration Guide.
- Glossary
A comprehensive glossary covering terminology across the attestation domain.
→ See the Glossary.
Help Wanted
This living document aims to be an authoritative resource on attestation. If something is incorrect or missing, please file an issue.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 959072.
