The description of forcePreserveESIMOnErase has been fixed: “Requires a supervised device” now. I presume the description of allowWebDistributionAppInstallation is also a documentation error, and posted FB16037953.

I checked behaviors on a reproduction without restoring from backups, and updated FB15921702. Basically, If the certificate had been installed via configuration profile from MDM, the issue was resolved on iOS 18.2 Beta 4. If the certificate had been installed manually, I needed to re-install the same certificate after updating to iOS 18.2 Beta 4 to trust it.

I submitted FB15921702 about previous reply on iOS 18.2 beta 4.

Same. After updating an affected iOS 18.1 to iOS 18.2 beta 4, An unremovable certificate is listed in the Certificate Trust Settings. Even after removing all the profiles, it stays there. I can install root certificates and trust them. Although the behavior is weird, it seems that we can now trust certificates without erasing All Content and Settings.

Some of our customers experienced the issue. We asked them to install Apple Root CA from Apple PKI into an affected device. They could install it, but could not trust it. Filed FB15621457 with screenshots and sysdiagnose.

Thank you for quick reply. If you want to reimplement the iOS 15 behavior, then you can modify your start logic to "finish" as quickly as possible and then simply allow all flows until you've finished your own initialization and can start blocking again. Although even the fastest start logic (empty startFilter() async) seem to affect incoming events rarely in my observation, it helps me a lot.