Starting July 2021, the response signature will use a new certificate chain. This change only affects the response signature.
The response payload (basicIntegrity, ctsProfileMatch, evaluationType, etc) will remain unchanged.
To ensure uninterrupted service, please check that your server-side logic can correctly verify the signature of the attached sample response. Note that the payload will indicate a compromised device (i.e. basicIntegrity is false). You can ignore that: the goal is to verify the signature.
If your server code does
not currently check the response signature, now is a good time to add this functionality, and you can use
the code samples provided. By checking the signature, your server code will detect if someone tries to modify the response payload.
The new certificate chain will be silently rolled out in July 2021. If you have questions please
get in touch.