@FilipposM reported that we were not setting the secure flag on the session cookie for the application we use for managing updates for our native applications. We addressed the issue by configuring the application to set the secure flag. We also audited the rest of our applications to ensure that they are setting the correct flags on cookies.