Identify in an app when the set of fingerprints for TouchID has changed
Originator: | mbotrifork | ||
Number: | rdar://20170090 | Date Originated: | 16-03-2015 |
Status: | Resolved: | ||
Product: | Product Version: | ||
Classification: | Reproducible: |
Summary: In order to make sure, just like Apple's own apps, that someone hasn't maliciously added an un-approved fingerprint to an iPhone, I need a hook that I can query when the app starts, so that if the set of fingerprints has changed, the user will be forced to re-authenticate against my backend. Steps to Reproduce: 1. Open my app (not made yet) 2. Create an account and authenticate 3. Close the app 4. Add a new fingerprint to the iPhone 5. Start my app again Expected Results: I would now like to ask the user to re-authenticate Actual Results: I dont have any hooks, so basicly anyone can access my apps data, if they have an fingerprint added to the iPhone Version: iOS Notes: Configuration: iPhone and iPad Attachments:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Already possible
Take a look at: https://developer.apple.com/documentation/localauthentication/lacontext/1514150-evaluatedpolicydomainstate?language=objc
The data returned by that method changes every time there is some change to the TouchID or FaceID underlying structure. It is not clear, by design, when it changes but we have tested it and we know that at least it changes when fingers are added / removed.