Secure device service enrollment

What is claimed is: 1. A method for enrolling a mobile device for services, the method comprising: receiving, by the mobile device, an application package including a verification agent and a first application used for accessing a first service via the mobile device; determining, by the mobile device executing the verification agent received as part of the application package, a first application authenticity and a first application integrity of the first application; determining, by the mobile device executing the verification agent received as part of the application package, a first device integrity of the mobile device for the first application, wherein the first device integrity for the first application is determined over a first set of components of the mobile device by generating a digital fingerprint that includes a concatenation of an attestation value corresponding to a security policy enforced by the mobile device and two or more attestation values selected from a first attestation value corresponding to a hardware component of the mobile device, a second attestation value corresponding to a firmware component of the mobile device, or a third attestation value corresponding to an operating system of the mobile device; in response to determining that the first application is authentic and unaltered, and that the mobile device is in a trusted state for the first application, generating, by the mobile device executing the verification agent received as part of the application package, a message digest associating the first application, the mobile device, and user identifying information of a user of the mobile device; sending, by the mobile device, the message digest to a server associated with a service provider to enroll the mobile device for the first service; receiving, by the mobile device, the first service; receiving, by the mobile device, a second application used for accessing a second service over the network; determining, by the mobile device, that the verification agent received as part of the application package for the first application is compatible with the second application; and determining, by the mobile device, that a second device integrity of the mobile device for the second application is to be determined over a second set of components of the mobile device that includes at least one component that is different than the first set of components based on a manifest of the second application indicating the second application has a different security sensitivity requirement than the first application; determining, by the mobile device, the second device integrity, wherein the second device integrity is used for enrolling the mobile device for the second service; and receiving, by the mobile device, the second service. 2. The method of claim 1 , wherein the message digest is generated using one or more of a cryptographic measurement of the first application, or the digital fingerprint of the mobile device. 3. The method of claim 1 , wherein determining the first application integrity of the first application includes: generating a cryptographic measurement of the first application; sending the cryptographic measurement to a verification server; and receiving an application verification result indicating whether the first application is unaltered. 4. The method of claim 1 , wherein determining the first device integrity includes: sending the digital fingerprint of the mobile device to a verification server; and receiving a device verification result indicating whether the mobile device is in a trusted state. 5. A method for enrolling a mobile device for services, the method comprising: receiving, by a server, a first enrollment message digest for a first service, wherein the first enrollment message digest is generated by a verification agent in response to the verification agent determining that the mobile device is in a trusted state for a first application based on a first device integrity of the mobile device determined over a first set of components of the mobile device, the verification agent being part of an application package downloaded to the mobile device, the application package including both the verification agent and the first application used by the mobile device to access the first service; deriving, by the sever from the first enrollment message digest, a cryptographic measurement of the first application downloaded onto the mobile device, a digital fingerprint of the mobile device, and user identifying information of a user of the mobile device, wherein the digital fingerprint is a concatenation of an attestation value corresponding to a security policy enforced by the mobile device and two or more attestation values selected from a first attestation value corresponding to a hardware component of the mobile device, a second attestation value corresponding to a firmware component of the mobile device, or a third attestation value corresponding to an operating system of the mobile device; using, by the sever, the cryptographic measurement to determine whether the first application is unaltered; using, by the sever, the digital fingerprint to determine whether the mobile device is in a trusted state; in response to determining that the first application is unaltered and that the mobile device is in a trusted state, enrolling, by the sever, the mobile device for the first service, wherein the first service is received by the mobile device after enrollment for the first service; receiving, by the server, a second enrollment message digest for a second service that is accessed by a second application, wherein the second enrollment message digest is generated by the verification agent in response to the verification agent determining that the mobile device is in a trusted state for the second application based on a second device integrity of the mobile device determined over a second set of components of the mobile device that includes at least one component that is different than the first set of components, wherein the second set of components for the second device integrity is determined based on a manifest of the second application indicating the second application has a different security sensitivity requirement than the first application; and enrolling, by the sever, the mobile device for the second service based on the second enrollment message digest, wherein the second service is received by the mobile device after enrollment for the second service. 6. The method of claim 5 , wherein the mobile device is determined to be in the trusted state by comparing the digital fingerprint against a set of one or more trusted values. 7. The method of claim 5 , further comprising: using the user identifying information to retrieve user credentials of an account of the user; and sending, to the mobile device, the user credentials to provision the mobile device. 8. The method of claim 5 , further comprising: storing the digital fingerprint of the mobile device; receiving a subsequent digital fingerprint of the mobile device when the mobile device is used to access the first service after the mobile device has been enrolled; comparing the subsequent digital fingerprint with the stored digital fingerprint; and denying the mobile device access to the first service when the subsequent digital fingerprint does not match the stored digital fingerprint. 9. A mobile device comprising: a processor; and a computer readable storage medium storing code, which when executed by the processor, causes the mobile device to: generate, by a verification agent downloaded onto the mobile device, a cryptographic measurement of a first application downloaded onto the mobile device, the verificati