It appears that for a successful registration of a passkey to a relying party using passkey autofill provider, the BE BS bits/flags in the attestation response need to be set to true. Please refer FLAGS byte of authData field part of attestationObject mentioned here - https://www.w3.org/TR/webauthn-2/#sctn-attestation.
If those flags are set to false, the RP rejects saying - "The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client."
What are the implications of having those flags set to true? Does it make the generated passkey syncable across devices using same apple id? If yes, is there at all anyway possible by which a generated passkey can be made device bound, basically can be generated and used only on a single iPhone/iOS device?
Also, is there a plan to ever make those flags to be set to false in a future iOS release?
Also, what does it mean in the credential provider popup where it says - "Available where <app-name> is installed." in the below screenshot?