Intermittent FIDO2 SDK Error on Authentication - 50162 Cannot Decrypt WebauthnCredentialSpecifics Key

[L S]

Environment:
•⁠  ⁠Dependency: ⁠ com.google.android.gms:play-services-fido:21.2.0 ⁠
•⁠  ⁠Android versions affected: 9 through 16
•⁠  ⁠Device manufacturers/models affected: Oppo (CPH2217), Realme (RMX3472), Motorola (moto g84 5G), Xiaomi (Mi A1, M2006C3LG), Samsung (SM-M127F), Vivo (V2507A), etc.

Issue Description:
•⁠  ⁠The error ` 50162 Can't find the proper key to decrypt the private key from WebauthnCredentialSpecifics.` occurs intermittently on some users’ devices during authentication attempts.
•⁠  ⁠Sometimes the error appears as:
•⁠  ⁠` 50162 Unsuccessful result from folsom activity.`
•⁠  ⁠` 50162 Failed to retrieve Folsom key materials.`

•⁠  ⁠Users are successfully able to:
  - Access Google services and remain logged in on their devices.
  - Register new passkeys, which show up correctly in Google Password Manager.
  - Despite successful passkey registration, users cannot authenticate, encountering the above errors.
  - Network changes do not resolve the issue.
  - Google Play Services have been updated to the latest version on affected devices, but the problem persists. (through https://play.google.com/store/apps/details?id=com.google.android.gms)

Steps to Reproduce:
1.⁠ ⁠User registers passkey successfully on supported device.
2.⁠ ⁠User attempts authentication via FIDO2 SDK.
3.⁠ ⁠Authentication fails with error ⁠ … ⁠ as described above, intermittently and on certain devices.

Questions / Hypotheses:
•⁠  ⁠Given users can register and see the passkeys in Google Password Manager, why can they not use them to authenticate?
•⁠  ⁠Could this be related to device-specific keyguard or hardware cryptography issues impacting private key decryption?
•⁠  ⁠Is there any difference in key handling or storage on affected device models/Android builds?
•⁠  ⁠Are there best practices to mitigate this issue or logs/details that would help identify the root cause?

What Has Been Tried:
•⁠  ⁠Confirmed users are logged into Google services on their devices.
•⁠  ⁠Verified passkey registration works correctly.
•⁠  ⁠Asked users to switch network—problem remains.
•⁠  ⁠Asked users to update Google Play Services via Play Store—problem remains.

Request for Google Support:
•⁠  ⁠Clarification on the cause of error ` Can't find the proper key to decrypt the private key from WebauthnCredentialSpecifics`.
•⁠  ⁠Suggestions on how to fix or work around this issue from the SDK or Google Play Services.
•⁠  ⁠Guidance on additional logging or diagnostics to gather from affected devices.
•⁠  ⁠Any known related bugs or limitations with certain device models or Android versions.
•⁠  ⁠Recommendations for handling key material or re-registration workflows for affected users.