Bypass touchID in some rare cases
| Originator: | carl | ||
| Number: | rdar://19294579 | Date Originated: | 12/18/2015 |
| Status: | Open | Resolved: | |
| Product: | IOS | Product Version: | 8.1.2 |
| Classification: | Security | Reproducible: | Rarely |
n some rare situations the Local Authentication Framework API doesn't return the key data from the key chain.
example code:
NSDictionary *query = @{
(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
(__bridge id)kSecAttrService:keydata_keyname,
(__bridge id)kSecReturnData: @YES,
(__bridge id)kSecUseOperationPrompt: NSLocalizedString(@"unlock app", nil)
};
dispatch_async(dispatch_get_global_queue( DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
CFTypeRef dataTypeRef = NULL;
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)(query), &dataTypeRef);
if (status == errSecSuccess)
When touchID is working properly, status == errSecSuccess. However, if it is not working properly errSecAuthFailed is returned and the user is not prompted to use touch ID.
Note: The problem went away when we rebooted the ipPhone 5s running IOS 8.1.2.
Steps to Reproduce:
Don't know. It may be related to having the users finger on the touchID sensor prior to launching the app.
Expected Results:
When using secItemCopyMatching the OS should display the touchID authentication screen. It does not.
Actual Results:
The touchID authentication screen was not presented.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!