Crosspass verifies device authenticity and throttles accesses by IP address.

The Crosspass API checks Alice’s device authenticity when her device wants to share a new item. For iOS, it relies on the Device Check and App Attest APIs. For Android, it relies on the Play Integrity API.

Verifications are necessary to prevent a sender’s Denial of Service attack on the availability of lookup IDs. (The lookup ID consists of four case-insensitive letters, therefore the maximum number of reserved lookup IDs are less than half a million.) Verifications are also necessary to avoid a recipient’s attack causing too many Push Notifications to senders’ devices.

In future versions of Crosspass, whenever device verification is insufficient to prevent DoS attacks on lookup ID reservation, a CAPTCHA would be shown. This would be limited only to users who have a public IP from which unusually many requests originate.