search
HomeCustomer PortalBook a Demo

Device Attestation

circle-info

The Device Attestation result must be actively parsed and evaluated within your backend as part of your core business logic. Each flag should be assessed according to your specific risk model and use case. While some attributes may require contextual evaluation depending on your policies and fraud strategy, other attributes should immediately be treated as high-risk indicators.

Please note that Device Attestation protects the SDK runtime environment only. For comprehensive application security, such as detecting app tampering, cloning, or unauthorized distribution, it is strongly recommended to implement additional protection mechanisms (e.g., Google Play Integrity or equivalent solutions) to safeguard the entire application.

hashtag
For Mobile

{
  "deviceAttestation": {
    "risk": {
      "applicationStore": "receipt",
      "debugging": false,
      "hooking": false,
      "deviceMasked": false,
      "emulated": false,
      "rooted": false,
      "proxy": false,
      "gpsSpoofers": false,
      "screenSharing": false,
      "vpnRunning": false,
      "suspiciousFactoryReset": false,
      "sdkConnectionIntercepted": false,
      "payloadTampered": false
    },
    "info": {
      "identifier": "3b3464596d481243ec3dd10e776d8cd1",
      "platform": "IOS",
      "manufacturer": "apple",
      "model": "iphone14,2",
      "version": "26.2.1",
      "cpuArchitecture": "darwin kernel version 25.2.0: fri jan  9 18:26:51 pst 2026; root:xnu-12377.62.10~267/release_arm64_t8110",
      "timezone": "7",
      "userAgent": "Demo/1 CFNetwork/3860.300.31 Darwin/25.2.0",
      "ipInfo": [
        {
          "ip": "1.1.1.1",
          "countryCode": "AE"
        }
      ],
      "gpsCoordinates": []
    }
  }
}

hashtag
For Web

hashtag
Risk Attributes

circle-info

In general, each risk flag listed below should be evaluated according to your own business logic and specific use case. However, certain attributes should clearly be treated as red flags when processing the SDK result on your backend. These attributes include: applicationStore (invalid or missing field) debugging hooking emulated rooted proxy sdkConnectionIntercepted payloadTampered

Attribute
Description
Additional info

applicationStore

Indicates where the app is downloaded from

Mobile only

debugging

Indicates if debugging is enabled on the device

Mobile only

hooking

Indicates if the user is altering the behavior of the OS or apps by intercepting function calls or events

Mobile only

deviceMasked

Indicates if the user has modified or spoofed device attributes to appear as another device

Mobile only

emulated

Indicates if the user is using the app in an emulator

Mobile and Web

rooted

Indicates if the user is using a jailbroken or rooted device

Mobile only

proxy

Indicates if the traffic runs through a VPN, proxy, or other hosting facility

Mobile and Web

gpsSpoofers

Indicates if the user is running GPS spoofers while using the app

Mobile only

screenSharing

Indicates if the user's screen is remotely accessed or shared to an external display

Mobile only

vpnRunning

Indicates if the user is running VPN apps while using the app

Mobile only

suspiciousFactoryReset

The device shows evidence of a recent or abnormal factory reset, which may indicate an attempt to hide tampering or create a clean environment for fraudulent KYC activity

Mobile only

sdkConnectionIntercepted

Someone is actively intercepting, modifying, or inspecting the SDK’s encrypted traffic

Mobile only

payloadTampered

Indicates if the device attestation payload was modified in transit

Mobile only

bot

Indicates if this is a bot activity

Web only

incognito

Indicates if the user is running a browser in incognito mode

Web only

tor

Indicates if the Tor browser is being used

Web only

antiFingerprintingDetected

Indicates if any anti-fingerprinting tools are activated. Browser fingerprint data is being intentionally modified or obfuscated

Web only

browserSpoofed

Indicates if the user has modified or spoofed the browser attributes

Web only

hashtag
Info Attributes

circle-info

The unique device identifier listed below remains consistent across multiple installations of the same app. This is valuable because it enables you to associate multiple sessions with a single device. It should be leveraged for fraud detection purposes, for example, identifying cases where the same device is used by different individuals with different ID documents.

Attribute
Description
Additional info

identifier

Unique device identifier

Note: This is a critical information that can be used to link multiple sessions to the same device

platform

The device platform (Android, iOS, or Web)

Possible values:

manufacturer

Device manufacturer

model

Device model

version

Device version

cpuArchitecture

CPU architecture

ipInfo

Array of IP addresses and related countries

gpsCoordinates

Array of GPS coordinates in the form astring, e.g. "lat,long"

Note: GPS coordinates are accessible only if the hosting application has been granted the appropriate permissions and the end user has approved access. The Uqudo SDK does not request location permissions directly

timezone

Device timezone. A string representing the offset of a number of hours (and occasionally half or quarter hours) "ahead of GMT" or "behind GMT"

userAgent

Device user agent

browserName

Browser name, e.g. Chrome

Web only

browserPlatform

Browser platform, e.g. MacIntel

Web only

browserVersion

Browser version

Web only

browserType

Browser type, e.g. Desktop

Web only. Possible values:

osName

OS name, e.g. Mac OS X

Web only

osVersion

OS version, e.g. 10.15.7

Web only

siteReferrer

Referer header content if present

Web only

PreviousVerification ObjectNextDownload a Resource

Last updated

Was this helpful?