Having issue with device check on iOS 14.x

Hello, I have problem with DeviceCheck framework on iOS 14. On some devices with version, 14.x attestation doesn't work properly. In response, I get 400 error code and Missing or incorrectly formatted device token payload. This is very weird because this reproduces on a small group of devices and device after hard reset works fine.
Have same problem. One user with iPhone SE (2016) have a this bug.
We are also having this issue. It seems to be rare and pretty random. We've double checked our "transaction_id" are unique and we still occasionally get the "Missing or incorrectly formatted device token payload" response.

We are sending the request using PHP curl, here is a sample. Works 99% of the time.

$data = array(
'device_token' => $device_token,
'transaction_id' => $uuid,
'timestamp' => round(microtime(true) * 1000)
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apple_url . '/v1/query_two_bits');
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Bearer ' . $jwt, 'Content-type: application/json'));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$serverOutput = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

We having the same issue with a few of our test devices as well as reports of some of end users experiencing it. Interestingly those test devices used to generate valid DeviceCheck tokens 1 week ago but not anymore and been in that state for the whole week now.

Did anyone work out how to fix this other than factory resetting the device? In case this is helpful to anyone here are some more details:

  • verified that DeviceCheck token is submitted from our backend to Apple is identical (byte by byte) to one obtained from iOS by our app
  • verified that each time DeviceCheck token is obtained from iOS they are different. Seems to be same number of bytes though.
  • DeviceCheck token that Apple says is invalid seems to be a bit shorter (2190 bytes) than one that it says OK (2236 bytes).
  • verified that we are using a different transaction ID each time we submit the DeviceCheck token to Apple.
  • force restarting the phone doesn't seem to fix the issue.
  • updating iOS to the latest version does not seem to fix this issue

We had opened a ticket with Apple support about this and one thing they suggested was to check if the device's clock was in sync with a well known time server i.e. "Set Automatically" option is turned on in "Settings -> Date & Time". This didn't help in our case (since our test devices were already n sync) but posting it in case it would be helpful to others stumbling upon this thread.

FYI. Apple has indicated this is now fixed in iOS 15 beta 6.

@bchoi can you point to some documentation or release notes? I wasn't able to find anything & would love to see more if I can. Thanks in advance!

We are having the same issue on an ios14.6 device. Any progress or explanation about this issue?

We are seeing this issue as well on some of our users with iOS 14 devices. Do we have any updates on this issue? & Is there any other steps that we can do to try & remedy the issue?

I've tried

  • Updating the clock settings to automatic
  • Restarting the device
  • Re-installing the app
  • Updating the phone's OS

Has anyone noticed a fix for this by Apple? We have some end users on iOS 14.x that are experiencing this issue.

Having issue with device check on iOS 14.x
 
 
Q