Hi!
We are using Device Check tokens to prove that HTTP request comes from iOS device. We found out that both envs - prod and sandbox doesn't limit token lifetime
v1/validate_device_tokenalways return true and can be reused for a long period of time per one DCDevice token.v1/update_two_bitsalso can be reused unlimited number of times per one token (didn't measure the exact number)
Is it true - that lifetime of token generated via DCDevice.generateToken isn't short (minutes) and we should build our own infrastructure to prevent replay attacks?