Guardsquare App Attestation is a mobile application security solution that performs server-side validation to verify that only legitimate applications can access backend APIs. The service analyzes the requesting app and the device environment, generating cryptographically signed tokens that determine verdicts based on configurable attestation policies. The solution detects threats related to app and device integrity, including unexpected libraries, hooking frameworks, binary tampering, signature changes, function hooks, code tracing, resource tampering, rooted devices, and emulators. Security policies can be updated dynamically without requiring app rebuilds. App Attestation provides visibility into user and device behavior through a dashboard that displays attestation results for both iOS and Android applications. Historical attestation records enable analysis of trends and threat patterns. The service generates short-lived, encrypted tokens that cannot be reused or spoofed. The solution complements client-side protection measures such as code obfuscation and Runtime Application Self-Protection (RASP). Security teams can create dynamic policies with granular allow/deny lists and adjust security controls instantly from the backend. The attestation checks integrate into server backends to block bots and non-genuine applications from interacting with APIs.