Your OneโStop Shop for Mobile Client Attestation
Warden Supreme is a comprehensive solution for remote attestation on mobile platforms. It provides a unified framework to verify the integrity of Android and iOS client applications and the devices they run on, ensuring only authentic, untampered apps can access your service in three simple steps:
- ๐ Define a policy on the back-end
- ๐ Plug the Warden Supreme verifier into two HTTPS endpoints
- โจ Create attested keys and have a certificate issued in five lines of code
This project consolidates WARDEN and WARDENโroboto, integrating them with Signum, a Kotlin Multiplatform crypto/PKI library, to deliver a streamlined attestation format and developer experience. It condenses the creation of an attestable, hardware-backed key to a single line of client code.
Familiar with attestation?
This documentation goes beyond Warden Supreme specifics. It is intended as a living document that will be continuously expanded. It already provides a structured overview of remote attestation, from concepts to handsโon integration:
-
๐ Background
-
๐ง
What is Remote Attestation? A security mechanism where a device proves its integrity to a remote server by producing a signed statement about its hardware, OS state, and app identity.
→ See Remote Attestation Primer. -
โ ๏ธ
Threat models, risks, and why attestation beats heuristics (e.g., simple root checks).
→ See Threat Models and Risks. -
๐ก๏ธ
"Pure" Attestation vs. proprietary services (Google Play Integrity, Apple App Attest), privacy, data protection, and digital sovereignty.
→ See Privacy and Data Protection.
-
๐ง
What is Remote Attestation? A security mechanism where a device proves its integrity to a remote server by producing a signed statement about its hardware, OS state, and app identity.
-
๐ฌTechnical Details
-
๐ค
Android key attestation: proving hardware-backed keys and embedding app identity in the attestation record.
→ See Technical Deep Dive: Android. -
๐
iOS App Attest: verifying app integrity and emulating key attestation semantics.
→ See Technical Deep Dive: iOS. -
๐ง
Pitfalls, quirks, and workarounds that require careful evaluation.
→ See Technical Deep Dive: Quirks and Hints.
-
๐ค
Android key attestation: proving hardware-backed keys and embedding app identity in the attestation record.
-
Integrating Warden Supreme
Warden Supreme includes the battle-tested, formerly stand-alone WARDEN library that has attested millions of devices in production.
Using Warden Supreme reduces integration pitfalls and complexity, enabling you to:
- โ Verify device and app integrity using hardware-backed proofs
- โ Support Android Key Attestation (see Android Key & ID Attestation )
- โ Support Apple App Attest (see DeviceCheck / App Attest ) with key attestation emulation
- โ Use a unified server API
- โ Use a unified client API across iOS and Android
-
๐
Glossary
A comprehensive glossary covering terminology across the attestation domain.
→ See the Glossary.
Help Wanted
This living document aims to be an authoritative resource on attestation. If something is incorrect or missing, please file an issue.
This project has received funding from the European Unionโs Horizon 2020 research and innovation programme under grant agreement No 959072.
