Comment by charcircuit
6 hours ago
That attestation is for attesting you are using a TPM for user authentication. Which is different than attestation of integrity.
6 hours ago
That attestation is for attesting you are using a TPM for user authentication. Which is different than attestation of integrity.
They do have some kind of attestation mechanism to actually attest the device state: https://learn.microsoft.com/en-us/azure/attestation/tpm-atte...
It seems like the documentation for the feature is aimed entirely at MDM setups, though.
The basic API requirements are all there, and Windows 11 requires TPM 2.0, so I believe it should be possible for Google to build a Play Integrity equivalent around that.
It's a lot of work and outside of the scope of the Recaptcha team at Google to roll their own compared to a simple API like macOS has.
https://developer.apple.com/documentation/devicecheck/dcappa...
Definitely, Android/iOS/macOS are easy in comparison. But Google is a multi-billion dollar company, they can figure this out.