Automata Docs
  • Understanding Automata
    • What is Automata?
      • TEE Coprocessor
      • Proof of Machinehood
        • Optimistic Attestation
        • Zero Knowledge Proof
        • Modular Trust
    • Key terms
  • TEE Overview
    • TEE Prover
    • Multi-Prover AVS (EigenLayer)
      • Operator guide
        • Installation
        • Deposit strategies
        • Opt in to run AVS
        • FAQ
    • TEE Compile
      • Getting Started
      • Vendorizing
      • Attestation Report
    • TEE Builder
      • Block Builder Architecture
      • Stateless Executor
    • Verifiable Random Function
      • Why Automata VRF
      • How does Automata VRF work
      • Attestation
  • Build with PoM
    • Introduction
      • Smart contract libraries
      • Attestations on Verax
      • Frequently asked questions
    • Attestation module
      • Machine Attestation
        • Intel SGX
        • AWS Nitro Enclaves
        • Miscellaneous
      • Device Attestation
        • Yubikey
        • Andriod
        • Apple
        • Windows
        • FIDO U2F Authenticator
      • WebAuthn Attestation
        • WebAuthn Attestation Types
        • Attestation Statements & Privacy Impacts
  • Backed by PoM
    • 1RPC
    • L2Faucet
      • Frequently asked questions
  • Protocol
    • App-Specific Rollup
    • Mainnet
    • Testnet
    • Bridge
      • Bridging Native Tokens from L1 to L2
      • Bridging Native Tokens from L2 to L1
    • Explorer
    • Specification
      • Attestation
      • Attestor
      • Smart Contract
  • Research
    • Account Abstraction
    • Decentralized Randomness
    • Maximal Extractable Value
    • Reproducible Build
    • Lightpaper
Powered by GitBook
On this page
  • Apple Anonymous Attestation in the WebAuthn Specification
  • New Attestation Method in macOS Ventura and iOS 16

Was this helpful?

  1. Build with PoM
  2. Attestation module
  3. Device Attestation

Apple

PreviousAndriodNextWindows

Last updated 1 year ago

Was this helpful?

Apple Anonymous Attestation in the WebAuthn Specification

In the WebAuthn specification, Apple introduced an anonymous attestation method called "". The primary purpose of this method is to protect user privacy. Specifically:

  • Apple's anonymous attestation uses a fixed AAGUID. This means that all Apple devices will return the same AAGUID when undergoing WebAuthn authentication.

  • Since all devices return the same AAGUID, relying solely on the AAGUID is insufficient to determine the authenticity of the device. This design aims to ensure user privacy but also presents certain challenges.

New Attestation Method in macOS Ventura and iOS 16

Based on the from the Apple Developer forum, Apple has made changes to its authentication method in macOS Ventura and iOS 16:

  • The traditional device-bound platform authenticator has been replaced by "Passkeys".

  • These "Passkeys" do not provide an attestation statement. This is because the attestation model currently defined in WebAuthn was not designed with syncing credentials in mind.

In conclusion, Apple has made some changes to WebAuthn authentication in its latest operating system versions, notably introducing "Passkeys" as a new authentication method and providing an anonymous attestation method in the WebAuthn specification to enhance user privacy protection.

The behaviors of this new attestation are different in various browsers. Safari won't provide any information related to attestation statement and authData, while the other browsers will use self-attestation and their own AAGUID to achieve this attestation. Based on this fact, we can verify the device attestation response within an approximate range.

  • Safari

    attestationObject.fmt = "none"

    attestationObject.attStmt = {}

    attestationObject.authData.attestedCredentialData.aaguid = "00000000-0000-0000-0000-000000000000"

  • Chrome / Edge / Chrome-dev

    attestationObject.fmt = "packed"

    attestationObject.attStmt contains the self-attestation siganture

    attestationObject.authData.attestedCredentialData.aaguid = "adce0002-35bc-c60a-648b-0b25f1f05503"

  • Brave / Edge-dev

    attestationObject.fmt = "packed"

    attestationObject.attStmt contains the self-attestation siganture

    attestationObject.authData.attestedCredentialData.aaguid = "b5397666-4885-aa6b-cebf-e52262a439a2"

More AAGUID specs can be found in .

Apple Anonymous Attestation
information
chromium