iOS vs Android Platform Differences
| Question | Answer |
|---|---|
| Why is the journey handshake POST request not reaching the server on iOS? | iOS uses web view network stacks that trigger preflight OPTIONS requests. The OPTIONS receives 204, but POST never arrives. |
| Why does Android work but iOS fails? | Android does not send OPTIONS preflight requests. iOS enforces stricter CORS and security protocols requiring specific server headers. |
| Is the same SDK used for Android and iOS? | Yes, the same SDK is used for both platforms and handshake logic is common, suggesting platform-specific network behavior issue. |
Network & Traffic Issues
| Question | Answer |
|---|---|
| Why is it difficult to filter iOS network traffic for troubleshooting? | iOS traffic appears to come from a single MPLS IP (172.25.1.2), with real client IPs visible only in headers. |
| Is the iOS issue consistent or intermittent? | The issue is intermittent but consistently reproducible on iOS across different networks including home Wi-Fi. |
Certificate Pinning
| Question | Answer |
|---|---|
| Does certificate pinning affect network behavior and handshake success? | Yes, certificate pinning differences between debug and production builds may influence network behavior. |
| Can we test with certificate pinning disabled to isolate the issue? | Yes, testing a production build with pinning disabled on specific devices was suggested to isolate pinning as the cause. |
| Is certificate pinning the sole cause of the iOS issue? | Likely not — debug app logs showed handshake failure even with pinning disabled, indicating other factors involved. |
| Can certificates be generated for debug domains to enable pinning in dev? | This is being explored with the certificate management team as a potential solution. |
CORS & Server Configuration
| Question | Answer |
|---|---|
| Why might iOS fail in production but work in UAT? | Production environment likely lacks certain CORS headers or response configurations that UAT has. |
| What server-side configurations are needed for iOS? | iOS platform security requires explicit server-side configuration to handle OPTIONS preflight requests correctly with proper CORS headers. |
Debugging & Logs
| Question | Answer |
|---|---|
| What logs are needed to diagnose the iOS handshake failure? | Device-level logs including console logs and HAR files are critical to identify missing or misconfigured CORS headers. |
| Can production-level device logs and HAR files be shared? | There are limitations due to security and workspace restrictions, which is a significant barrier to debugging. |
| Can TCP dump be captured to check Layer 4 traffic? | Yes, this was suggested as a troubleshooting step to verify if traffic is reaching the server at the network layer. |