Protect Your Apps with the New Platform Integrity Attestation API
Today we’re excited to introduce the Platform Integrity Attestation API (Attestation API)—a new anti-abuse solution to protect your apps from unauthorized modifications and potential security breaches. This API detects whether your app’s server is interacting with an untampered VR device and ensures your app is authentic.
As the Meta Quest ecosystem continues to grow, both in terms of the number of apps being distributed and the size of the Meta Quest community, it's increasingly important to instill a consistent method for validating the integrity of apps in order to provide a secure and safe user experience for everyone. The Attestation API gives you a simple solution for a variety of security-related use cases:
Securing device authentication
Protecting financial and enterprise app data
External data misuse
Anti-piracy
Dive in below to learn more about how the Attestation API works and how to start leveling up the security of your apps on Meta Quest 2, Quest Pro, and Quest 3 (launching later in 2023).
Attestation: A Common, Flexible, and Robust Security Solution
Attestation is a common security feature used by some of the biggest tech platforms to validate and verify the integrity of the firmware and operating system an app is running on. Once integrated, the API will provide you with an “attestation token,” which you can use to determine if an app running on a Meta device has been tampered with. This token is cryptographically signed by the Attestation Server to reinforce the security and reliability of the attestation process.
A step-by-step overview of the Attestation API call flow.
You can run the API under the Trust on First Use (TOFU) authentication method to acquire an attestation token at a certain point in time—like when an app is first launched or when it connects to a backend server—and cache it locally for the entire session. The Attestation Server validates the token and sends back a success or failure message along with token claims to the Application Server, which decides whether to deny or provide its service to the application client. If the token verification is successful, the server fulfills the service request from the application client. If the token is invalid, an error message is sent.
Get Started with Attestation API
Learn more about the Attestation API call flow and get started integrating it today by checking out the documentation for Unity, Unreal, and Native.
We’re excited to offer you more tools to bolster the security of your apps and reinforce the integrity of the Meta Quest Platform. Be sure to stay up to date on more news and tips for developers by following us on Twitter and Facebook.
Apps
Quest
Unity
Unreal
Did you find this page helpful?
Explore more
Growth Insights Series: More Best Practices for New User Onboarding
Explore strategies and best practices to increase retention by supporting user recall and progression during app onboarding.
All, App Submission, Apps, Games, Marketing, Quest
New to the Meta Horizon Store from App Lab? Here are Tips for Overcoming 5 Key Challenges
Explore the top five issues developers encounter when making the switch from App Lab to the Meta Horizon Store and gain solutions to navigate these challenges successfully.
Build Faster and Smarter with GenAI Tools in Meta Horizon Worlds
GenAI tools in the Meta Horizon Worlds desktop editor are now available to creators in the US, UK and Canada. Explore how new features like Mesh Generation can greatly reduce the time it takes to build worlds for mixed reality and mobile.
