@endecotp you shouldn't place key_id in files that can be backed-up, cause corresponding app attest private key doesn't migrate to new device. In such case on backup restore/new install you won't have persistent key_id and can generate new keypair ready for attestation.

I've tested assertion with random keyId and it's invalidKey error, so the problem is definitely in clientDataHash. Please, help, Apple Engineering! Here are the examples of hashes, that running into issue: uqQ2OEoaFGyzYarDffqkJxeBIumSfIMYmdb/LWkmCvI= XAJ048L6kuYbFclShqDhFaw8L4qhyznusyg4ZQd/qFY= QASl9kEHRGFNw9rHfW3nk8r+1OXy014mJI+7Z//dyEo= hCF1dlIpa/jp4P6KQUT1CuWordnSJSNL/03+HOYrJHk= 90y0Y1UiIpyEY4jbAF/9SPj70rFooD4dzvnbn1s4WrM= Here are successful hashes: FIBEpdhRUX92mLLqSfaTl45cwePuCKFYyyp3zI0j5g4= GJ8qc3EPK+o8mqo9AssnUMhbqf6xZmJETFLDHJ+mdao= xTeQF2d5Qr4n3iJa+ECRTrpBclZdYatQUNHv0cQPYKE= Tn20+JzM3FWQtVEk+EWALEfJrMIN1FR+y7FoeJIALeY= NGK8gPiaIPI4W37MEY8B9aGhhEpgcFZj09qOd4LHmnM= vFQzqndMCvG2wdNHCD95CJu4QIX1IXxrYvWczp4wXWQ= Looks like it's a bug - if a hash contains / than generateAssertion method will fail with DCError.Code.invalidInput

@meaton added crash logs here: inc0.crash inc1.crash and the info about what's going on on network layer: we've got continuous websocket connection (via https://github.com/daltoniam/Starscream) also there are multiple polling systems - once in 10 secs we are sending REST requests via native URLSession

@meaton sent complete crash log on your email