Keychain access no longer works in Guided Access mode (iOS9)

Number:rdar://23045769 Date Originated:09-10-2015
Status:Open Resolved:
Product:iOS Product Version:9.0.2
Classification: Reproducible:Always
We use Guided Access mode to create a ‘hand-off’ mode in our app, in which the iPad is handed to a non-privileged user.
The user ‘locks’ the app, causing Guided Access mode to be enabled, using “UIAccessibilityRequestGuidedAccessSession(TRUE, lockdownCallback);”.
Afterwards, the ‘normal’ user can unlock the app by either re-entering his credentials or authenticating via TouchId, using “SecItemCopyMatching(query, &data);”
If the authentication went successful, we leave Guided Access mode. “UIAccessibilityRequestGuidedAccessSession(TRUE, nil);”

All of this worked perfectly prior to iOS 9. Now, in the current iOS (9.0.2), The  “SecItemCopyMatching” call blocks for 3 seconds or so, then returning “errSecAuthFailed” (-25293).

Has this functionality been removed, or is it a temporary bug? I could not find any notice of this in any of the changelogs.

Steps to Reproduce:
0: You will need your iPad to be in a MDM which allows your app to run in Guided Access mode. 

1: Insert a keychain item with information like this (outside guided access mode)
NSData *secretData = [NSKeyedArchiver archivedDataWithRootObject:@{@"username":username,
NSDictionary *addAttributes = @{
                                (id)kSecClass: (id)kSecClassGenericPassword,
                                (id)kSecAttrService: [self getLocalAuthServerName],
                                (id)kSecValueData: secretData,
                                (id)kSecAttrAccessControl: (id)TouchIdSecurityObject

SecItemAdd((__bridge CFDictionaryRef)addAttributes, nil);
2: Enter guided access mode
UIAccessibilityRequestGuidedAccessSession(TRUE, lockdownCallback);

3: Once in guided access mode
NSDictionary *query = @{
                        (id)kSecClass: (id)kSecClassGenericPassword,
                        (id)kSecAttrService: [LoginBox getLocalAuthServerName],
                        (id)kSecReturnData: @YES,
                        (id)kSecAttrAccessControl: (id)TouchIdSecurityObject,
                        (id)kSecUseOperationPrompt: $(@"TOUCHID IDENTIFY PROMPT")
CFTypeRef dataTypeRef = NULL;
OSStatus status = SecItemCopyMatching((CFDictionaryRef)(query), &dataTypeRef);
if (status == errSecSuccess) {
    NSData *authData = [NSKeyedUnarchiver unarchiveObjectWithData:(NSData *)dataTypeRef];
    NSLog(@"%@", authData);
} else {
    NSLog(@"Authentication failed");

Expected Results:
TouchID prompt popping up, after successful TouchId authentication, “errSecSuccess” (0) return value.

Actual Results:
Long block time, no TouchId prompt, “errSecAuthFailed” (-25293) return value.



Any iDevice with TouchId



iOS 9.1

The update to iOS 9.1 changes nothing about this issue.

