Keychain access no longer works in Guided Access mode (iOS9)

Number:rdar://23045769 Date Originated:09-10-2015
Status:Open Resolved:
Product:iOS Product Version:9.0.2
Classification: Reproducible:Always
We use Guided Access mode to create a ‘hand-off’ mode in our app, in which the iPad is handed to a non-privileged user.
The user ‘locks’ the app, causing Guided Access mode to be enabled, using “UIAccessibilityRequestGuidedAccessSession(TRUE, lockdownCallback);”.
Afterwards, the ‘normal’ user can unlock the app by either re-entering his credentials or authenticating via TouchId, using “SecItemCopyMatching(query, &data);”
If the authentication went successful, we leave Guided Access mode. “UIAccessibilityRequestGuidedAccessSession(TRUE, nil);”

All of this worked perfectly prior to iOS 9. Now, in the current iOS (9.0.2), The  “SecItemCopyMatching” call blocks for 3 seconds or so, then returning “errSecAuthFailed” (-25293).

Has this functionality been removed, or is it a temporary bug? I could not find any notice of this in any of the changelogs.

Steps to Reproduce:
0: You will need your iPad to be in a MDM which allows your app to run in Guided Access mode. 

1: Insert a keychain item with information like this (outside guided access mode)
NSData *secretData = [NSKeyedArchiver archivedDataWithRootObject:@{@"username":username,
NSDictionary *addAttributes = @{
                                (id)kSecClass: (id)kSecClassGenericPassword,
                                (id)kSecAttrService: [self getLocalAuthServerName],
                                (id)kSecValueData: secretData,
                                (id)kSecAttrAccessControl: (id)TouchIdSecurityObject

SecItemAdd((__bridge CFDictionaryRef)addAttributes, nil);
2: Enter guided access mode
UIAccessibilityRequestGuidedAccessSession(TRUE, lockdownCallback);

3: Once in guided access mode
NSDictionary *query = @{
                        (id)kSecClass: (id)kSecClassGenericPassword,
                        (id)kSecAttrService: [LoginBox getLocalAuthServerName],
                        (id)kSecReturnData: @YES,
                        (id)kSecAttrAccessControl: (id)TouchIdSecurityObject,
                        (id)kSecUseOperationPrompt: $(@"TOUCHID IDENTIFY PROMPT")
CFTypeRef dataTypeRef = NULL;
OSStatus status = SecItemCopyMatching((CFDictionaryRef)(query), &dataTypeRef);
if (status == errSecSuccess) {
    NSData *authData = [NSKeyedUnarchiver unarchiveObjectWithData:(NSData *)dataTypeRef];
    NSLog(@"%@", authData);
} else {
    NSLog(@"Authentication failed");

Expected Results:
TouchID prompt popping up, after successful TouchId authentication, “errSecSuccess” (0) return value.

Actual Results:
Long block time, no TouchId prompt, “errSecAuthFailed” (-25293) return value.



Any iDevice with TouchId



iOS 9.1

The update to iOS 9.1 changes nothing about this issue.

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!