Hi! I know this post is more that 6 months old, but I'm facing the same issue and wondering if there has there been any development on this?
After rolling out some security features using attestation on our app into production, we have been observing the same strange occurrences that @mahashis described and from our logs we could extract some metrics that place the total percentage of affected users in the 5% to 6% of all users using the app, amounting to above ten thousand installations.
Even though it is expected some failures to happen like it is mentioned in the docs and in the comment above from @endecotp (for users migrating devices) and actual unsecured (example: jailbroken?) devices, it's hard to credit that is the case for so such a high percentage of users.
Even more so because it happens when attesting a freshly generated key which typically (and per documentation advice) only happens on fresh installations of the app or when a key is reported as invalid from the DCAppAttest service api.
This blocks users from logging into the app which after a few tries will effectively give up on the app. They do not return to it and uninstall it from their device.
From our customer support, we were able to discard the unsecured/jailbroken device and sideloading our app hypothesis for all of the users that contacted us with this problem.
We have not found any evidence or relation between the version of iOS used (the app supports iOS 15.0+) as we have errors hit on all versions (most prominently on the latest 17.4.x and 17.5.x as they amount to more than 80% of all users which is to be expected)