Post

Replies

Boosts

Views

Activity

Reply to App Attest assertions rejected as invalid by downstream validator on iOS 26.x — fleet-wide, pristine first-install devices
RESOLVED: After further isolation testing, we have officially exonerated Apple's App Attest infrastructure. The cryptographic rejection was traced to a bug in the third-party SDK wrapper (@react-native-firebase/app-check v24.0.0). Specifically, their composite provider (appAttestWithDebugProviderFallback) was malforming the attestation payload on iOS 26.x before transmission. Switching our production configuration to use the strict appAttest provider immediately resolved the issue, and 100% of organic traffic is now verifying successfully.
Topic: Privacy & Security SubTopic: General Tags:
3w
Reply to App Attest assertions rejected as invalid by downstream validator on iOS 26.x — fleet-wide, pristine first-install devices
RESOLVED: After further isolation testing, we have officially exonerated Apple's App Attest infrastructure. The cryptographic rejection was traced to a bug in the third-party SDK wrapper (@react-native-firebase/app-check v24.0.0). Specifically, their composite provider (appAttestWithDebugProviderFallback) was malforming the attestation payload on iOS 26.x before transmission. Switching our production configuration to use the strict appAttest provider immediately resolved the issue, and 100% of organic traffic is now verifying successfully.
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
3w