


I would like to verify that an app I am writing is running on an iPhone. What would be perfect is this: Apple baked an SSL client certificate into each iphone which can be authenticated by a receiving server. I this the case?


I have not started researching this yet, I will update with anything I find.


UPDATE: Here is some Apple documentation on certificates and keychains. So:

在iPhone操作系统中,Keychain Services在授予访问钥匙串的权限之前检查应用程序的签名,它自己的钥匙串项(可能除了应用程序已获得持久引用的项)。
在iPhone操作系统中,用户从不被要求进行身份验证,并且没有Apple提供的Keychain Access实用程序。

In iPhone OS, Keychain Services checks an application’s signature before giving it access to a keychain, and lets an application have access only to its own keychain items (with the possible exception of items for which the application has obtained persistent references). In iPhone OS, the user is never asked to authenticate and no Keychain Access utility is provided by Apple.


A trusted platform module can do something along the lines that you are seeking. It's called remote attestation.


However, acceptance of trusted computing is limited—savvy consumers see it as a way for vendors to continue to exercise control over equipment and data that the consumer owns. Apple's grudging acknowledgment that DRM is stupid, as well as the extra cost of a TPM, would suggest the iPhone doesn't support this.