# App Attestation ```mermaid sequenceDiagram participant I as Issuer participant H as Mobile App (holder) participant AACE as App Attestation Certifying Entity participant AAP as App Attestation Provider Note over I,H: App Attestation Possible Triggers (TBD) rect rgb(191, 223, 255) H -->> H: First Time App Initialization H -->> H: App Startup I -->> H: Proof Request for App Integrity Attestation end opt If using DIDComm H ->>+AACE: Connect end critical DIDComm/REST API Call H ->>+AACE: Start App Attestation AACE ->>-H: Return Initialization Payload (e.g.: Challenge) end H -->>H: App Attestation critical DIDComm/REST API Call H--)+AACE: Certify App Attestation rect rgb(255, 255, 204) AACE-->>+AAP: Validate Attestation Payload (E.g.: key, cert, etc) AAP->>-AACE: Pass/Fail end AACE-)-H: App Attestation Credential Offer end H-->H: Accept Crdential Offer rect rgb(191, 223, 255) H--)I: Fullfill App Integrity Attestation Proof Request I--)H: Credential Offer end ``` App Attestation Provider: Google Play Store, Apple App Store, etc. App Attestation Certifying Entity: ### References - https://developer.apple.com/documentation/devicecheck/establishing_your_app_s_integrity#3561591 - https://developer.android.com/google/play/integrity - https://bitbucket.org/openid/connect/issues/1969/wallet-instance-attestation-for-openid4vci -