dbalikhin
commented
1 year ago Don't rely on attestation.
- Privacy feature can block sending real AAGUID
- Mane software authenticators will send zeroed value
- Take db space
- Passkeys will provide zeroed value - based on some observations
Solution: Simply ask to provide a name for added device as a mandatory field Drop attestation. Doesn't work well on Linux anyway
It looks like Mac AAGUID is not in the MDS records and Browsers on Android return zeroed AAGUID. It results in an empty Device Description on the Devices page.
As a workaround, we can hardcode Mac AAGUID, but it is not clear what to do with zeroed AAGUID. Probably just use some const value for such cases.