We're been using LAContext -evaluatePolicy:localizedReason:reply: in our packet tunnel provider extension without problems, but with the release of iOS 13.3.1 we're now getting LAErrorNotInteractive. We are not setting interactionNotAllowed (and I tried forcing it to NO w/no change in behavior).LAContext *bioConext = [LAContext new]; if ([bioConext canEvaluatePolicy:LAPolicyDeviceOwnerAuthentication error:&err]) { [bioConext evaluatePolicy:LAPolicyDeviceOwnerAuthentication localizedReason:@"string" reply:^(BOOL success, NSError * _Nullable error) { // ... error is LAErrorNotInteractive here ... }]; }Is there a new restriction on calling this from an extension because of the need to display UI?

We're looking at mitigation options for the TunnelVisioning attack that exploits DHCP option 121 to set routes. It looks like Per-App VPN doesn't have the problem, but in standard mode we aren't able to touch potentially malicious host routes, so while we can mitigate it we can't eliminate the security problem completely. Is there any way to tell iOS and macOS to ignore DHCP option 121? Or even better, does Apple have a fix in the works?