Hi everyone,
I'm integrating Apple's DeviceCheck API into my app and have run into a strange issue that I can't find documented anywhere.
The Problem
When I call Apple's DeviceCheck query endpoint
(POST https://api.devicecheck.apple.com/v1/query_two_bits),
the response occasionally returns a last_update_time value that is
in the future — ahead of the current server time.
Example response: { "bit0": true, "bit1": false, "last_update_time": "2026-05" // future month, not yet reached }
What I've Checked
- My server's system clock is correctly synced via NTP
- The JWT token I generate uses the current timestamp for the
iatfield - This doesn't happen on every device — only on some specific devices
- The issue is reproducible on the same device across multiple calls
Questions
-
Is
last_update_timesourced from the device's local clock at the time update_two_bits was called? Or is it stamped server-side by Apple? -
Could a device with an incorrectly set system clock (set to the future) cause Apple's servers to record a future
last_update_time? -
Is there a recommended way to validate or sanitize
last_update_timeon the server side to handle this edge case? -
Has anyone else encountered this behavior? Any known workarounds?
Any insight would be greatly appreciated. Thanks!