Important: Starting May 1, 2024, Apple requires Privacy Manifests and signatures for iOS applications that use commonly-used SDKs, including GoogleSignIn-iOS. Upgrade to GoogleSignIn-iOS v7.1.0+ before May 1, 2024. Follow our upgrade guide.
Stay organized with collections
Save and categorize content based on your preferences.
App Check helps protect your apps from abuse by preventing unauthorized clients
from authenticating using Google Sign-in: only the apps you've authorized can
acquire access tokens and ID tokens from Google's OAuth 2.0 and OpenID Connect
endpoint.
With App Check, devices running your app use Apple's App Attest
service to verify that OAuth 2.0 and OpenID Connect requests originate from your
authentic app. This attestation is sent with every request your app makes to
Google's authentication endpoints.
When you enable App Check enforcement, requests from clients without a valid
attestation will be rejected, as will any request originating from an app
you haven't authorized.
When you enable App Check for Google Sign-in, the following happens whenever you
access a Google OAuth 2.0 endpoint:
Your app interacts with Apple's services to obtain an attestation
of the app's authenticity.
The attestation is sent to the App Check server, which verifies the
validity of the attestation using parameters registered with the app, and
returns to your app an App Check token. This token might retain some
information about the attestation material it verified.
The App Check client library sends the token along with the request to
Google's authentication endpoints.
When App Check enforcement is enabled, Google only accepts requests accompanied
by a current, valid App Check token.
How strong is the security provided by App Check?
App Check relies on the strength of Apple's App Attest service to determine app
authenticity. It prevents some, but not all, abuse vectors directed towards your
project. Using App Check does not guarantee the elimination of all abuse, but by
integrating with App Check, you are taking an important step towards abuse
protection for your app.
First steps
Read the Get started guide to learn how to install and set up App
Check.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-19 UTC."],[[["App Check safeguards your app against unauthorized access by verifying app authenticity using Apple's App Attest service."],["Only authorized apps can acquire access tokens and ID tokens, preventing misuse of Google Sign-in."],["When enabled, App Check requires a valid attestation with each request to Google's authentication endpoints, rejecting unauthorized access attempts."],["While App Check enhances security, it does not guarantee complete elimination of all abuse but significantly reduces risks."],["You can readily integrate App Check by following the provided Get Started guide for installation and setup."]]],[]]