This post is from the WWDC26 App Attest & DeviceCheck Q&A.
Are there any plans to increase the DC token validity or enable using attestations to set the device check bit states? The current implementation makes it challenging to set bit states once we identify a device as belong to a bad actor after the fact. We need to actor to re-engage with the platform to be able to collect a DC token which mostly doesnt happen since they use burner accounts and move on.
This is a reasonable feature request that we encourage you submit via our Feedback System for us to consider.
Providing Feedback: How and Why? has tips on creating a successful report.