I'm also interested in understanding if iOS, like Android, has implemented the proposed Device-bound Public Key WebAuthn extension (devicePubKey). This is described here: https://security.googleblog.com/2022/10/SecurityofPasskeysintheGooglePasswordManager.html Passkeys on Android support the proposed Device-bound Public Key WebAuthn extension (devicePubKey). If this extension is requested when creating or using passkeys on Android, relying parties will receive two signatures in the result..

Stumbled upon this today. Thank you, Quinn; happy to file a suggestion for this API: FB13152209.