Address and transactions privacy
We note that Family Wallet uses RPC servers managed by the developers to push transactions and obtain information about the network. Additionally, in order to perform some operations, the wallet needs to authenticate to the backend using information that includes the hash of the user wallet address. Devices perform a remote attestation using iOS DeviceCheck APIs in order to prove to the backend that a real iOS device is performing the requests.
This implies that the Family backend gets some information that could potentially be correlated to associate wallet addresses and transactions to the device and IP address that originated them. While this does not constitute a vulnerability in and of itself, it is important that users are aware of the potential privacy implications.