Hi, I've noticed a warning during export archive phase (xcrun xcodebuild -exportArchive) in our iOS CI/CD pipelines. Updating the export options info plist file to use <key>method</key> <string>app-store-connect</string> helps, but I am not sure if we should update it or not since I cannot find any references about this change in the docs. It'd be very helpful to get some guidelines. Thank you

Hi, iOS 15.4 is bringing a new exciting security feature which allows users to enroll "masked face" so they can unlock their devices while wearing a mask. Some apps might leverage evaluatedPolicyDomainState (https://developer.apple.com/documentation/localauthentication/lacontext/1514150-evaluatedpolicydomainstate) to detect if the biometric state has changed, and if so, logging out/locking the user to protect their data. Looks like the masked-face enrolment changes the policy domain state as such it might lead to many unexpected logouts. Is there any way to detect if the change to the state was introduced by the masked face enrollment as such we can somehow retain the user's login session? Many thanks!

Hi, I'd to re-sign an app with an embedded kernel extension. The primary reason for it is that the author of the extension has not signed the binary with timestamp ("The signature does not include a secure timestamp.") as such the app fails the notarisation process. Sadly, I cannot find any way in the Developer Program admin panel to generate a certificate with kernel extensions support. What's the process of generating this certificate? Many thanks for help

Hi, Currently, Passkeys/WebAuthn API is behind a feature toggle. In iOS, turn on the Syncing Platform Authenticator switch under Settings > Developer. The Developer menu is available on your device when you set it up as a development device in Xcode. Is this API going to be enabled by default in the official iOS 15 release?

Hi, I've been recently testing the new WebAuthn support in ASAuthorizationController. I've noticed a small UI inconvenience in my app. The biometric modal displayed on assert request shows: Do you want to sign to "" as "marcin"? or Choose an account to sign in to "". when having more than one key enrolled. Looks like the relyingPartyIdentifier is not used. Is there any other property I should set to ensure the message contains the right service identifier? Many thanks!

Hi, I'm playing with the new improvements to the ASAuthorizationController allowing to leverage WebAuthn API (e.g. ASAuthorizationPlatformPublicKeyCredentialRegistration and ASAuthorizationPlatformPublicKeyCredentialAssertion). I've spotted an odd behaviour when validating assert requests. Here is a small snippet of what's happening in my app: // requesting assertion         let publicKeyCredentialProvider = ASAuthorizationPlatformPublicKeyCredentialProvider(             relyingPartyIdentifier: response.rp.id         )         let assertionRequest = publicKeyCredentialProvider.createCredentialAssertionRequest(challenge: response.challenge) ... // in delegate `assertRequest` is being sent to the server             let assertRequest = AssertRequest(                 user: user,                 signature: credentialAssertion.signature,                 authData: credentialAssertion.rawAuthenticatorData,                 clientData: credentialAssertion.rawClientDataJSON,                 userId: credentialAssertion.userID             ) According to "5.1.4 Use an Existing Credential to Make an Assertion - PublicKeyCredential’s [[Get]] Method" of the WebAuthn spec, the ClientData field should contain type "webauthn.get", but looks it always has "webauthn.create" value and fails my validation. Has anyone else experienced similar issue? I was testing my app on the latest Xcode 13 beta2 and running the app on iOS 15 beta2.