Hey, I read somewhere a while ago that the Secure Enclave of an iOS device would get wiped when biometrics change, ie a new fingerprint is added. I was wondering whether that’s correct and still the case?

Apple's guidance in the Human Interface Guidelines has always been: "In general, avoid offering an app-specific setting for opting in to biometric authentication. People enable biometric authentication at the system level, so presenting an in-app setting is redundant and could be confusing." However, FaceID and TouchID behave differently. With FaceID, a user may configure whether to enable FaceID on a per app basis in system settings, so an in-app setting is redundant and potentially confusing. With TouchID, a user cannot configure whether to enable TouchID on a per app basis in system settings. What is Apple's recommendation of a UX for allowing a user to enable TouchID (to log in to the app) on a per app basis. Is the developer expected to provide an in-app setting for TouchID but not FaceID?

Hello, When trying to use passkeys on a mac on safari 16.1, for example on https://www.passkeys.io/, when the passkeys pop up comes up, touch id is not an option. I notice this on other sites too. Is that correct? Is it a configuration issue on the site side? The laptop is open and touch id is configured for login and everything. Thanks

I am using deviceOwnerAuthentication policy of local authentication for biometric authentication. If user have not added any fingerprints or faceID, is there a method to determine it. LABiometricType is only checking if the device can support the touch/face ID. Couldn't find a method to determine if the user have added it.

Hey all 👋🏼 Is there any API change required for supporting the Touch ID sensor of an external Magic Keyboard with Touch ID (on a Mac with Apple silicon)? Currently we rely on canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics for checking if TouchID is present on a system, but this seems to be returning false when the laptop is closed/clamshell mode even with the Magic Keyboard with Touch ID connected to it. Any suggestions? The code snippet that we use for checking is: int isTouchIDAvailable() { int result = 0; bool success = [[[LAContext alloc] init] canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:nil]; if (success) { return 1; } return 0; }

Are there any resources that list the meta data used in TouchID attestation? I would like to only allow TouchID as the FIDO2 method and want to block the other FIDO2 methods.

Apple's touch ID external keyboard will work on all macs with apple silicon. But they must be running Big Sur 11.4. What binary was added in that version that made the computer capable of using the touch ID keyboard?

I just registered a site for WebAuthn test. I want to delete this FIDO2 credential, from Apple TPM chipset, just like the command of Yibikey "ykman fido credentials delete" as. I cannot find my authentication datas from "KeyChain Access.app" I know that Yubikey has 25 FIDO2 credentials limit. Does Apple TPM chipset too? If i cannot delete this credential, will i get something error in feture use?

I only need to call a couple of lines of code with privilege escalation, I think I understand the reasoning behind creating a separate 'helper' application to perform these tasks. Is there a way to get AuthorizationCreate to display the authentication dialog with TouchID? I see localAuthentation can display a TouchID dialog. Is there (apart from AppleScript) a non-deprecated way to simply request authorization, launch a helper with privileges and arguments, then easily obtain the results from it? I get the impression that with SMJobBless (a non-deprecated API, but a ton of work), the helper will then permanently have escalated privileges, surely this is less secure? Also with SMJobBless, it appears that I need to use an installer package to install the helper in the correct place, is this correct? Is there a replacement for SMJobSubmit in the works? What am I missing, or misunderstanding?

My Safari Extension on iOS needs access to a Keychain item (password) that is secured by the userPresence and devicePasscode flag. In other words, FaceID/TouchID or the device PIN is necessary to access the password. Is there a way for the extension to access the password? SafariWebExtensionHandler.swift has access to the Keychain, but can't present FaceID/TouchID/device PIN interface to the user. Popup.js has UI access, but can't access the iOS Keychain. One hack is to set touchIDAuthenticationAllowableReuseDuration of the Keychain item to an arbitrary time and have the user authenticate in the containing app. However, in case of a time-out, the containing app has be opened by the extension with a custom URL scheme. openURL is not accessible in SafariWebExtensionHandler.swift either (I assume it can be handled by popup.js). This is a user-unfriendly solution. What is the best way to give the Safari extension access to a Keychain item?

Whenever user tries to login with biometric and it failed multiple times then the passcode screen appears and this is the screen which we don't want for our perfectly secure applications. We are looking to authenticate user with biometric only and not fallback to passcode which is same as the Apple internal API https://developer.apple.com/documentation/security/secaccesscontrolcreateflags where we can enforce user to use biometric based login. Although we like WebAuth framework but this is the only reason we cannot move forward with the WebAuthn framework. is it something Apple can think about providing to make application more secure ?

I have a macOS application designed as an agent with several daemons/cmd helper tools. Various parts of my application use touchID before executing privileged operations. The icon that shows up in Touch ID is the generic white building block. How can I use a different icon with different types of targets?

Dear Apple , I discovered a bug about iPhones and even made a video of it and uploaded it to the following address: https://feedbackassistant.apple.com/feedback/9184844 In the last few days, he has not received any response from any of Apple's backers Apple app development consultants also listed the site address in my replies: https://www.apple.com/feedback/iphone.html I'm on this site and I wrote everything about the bug I discovered, but I still did not get a response from the Apple team Please select this important topic and announce my answer My goal is to work with the Apple team to fix the iPhone fingerprint bug Please be sure to check my feedback on this bug along with the video I made myself My Feedback Address: https://feedbackassistant.apple.com/feedback/9184844 Regards , Hamed Hamedi

How do we test TouchID in simulator from Xcode 13? There is no more "Hardware" option on the menu bar.

I am working on implementing the local authentication on my app so I have to test both Face Id and Touch Id from the simulator. Face Id is visible like below but unable to find out Touch Id option. I have checked on both iOS 13.00 simulator and iOS 14.00 simulator but Touch ID option is hidden in both simulator.

I've got some admittedly old Objective-C code handling Keychain items protected by Touch ID / Face ID that uses the access control flag kSecAccessControlTouchIDCurrentSet, accessing the items would fail with errSecItemNotFound when the user adds or removes a finger/face from the device, however on iOS 15.0 this is not happening. It does work on iOS 14.6 still. My deployment target is still iOS 11.0 so I haven't moved to kSecAccessControlBiometryCurrentSet as the replacement for the now deprecated TouchID value - but the enum raw values are the same so I don't see how that could be the cause. I can't see what the new error code is, because I'm not using Xcode 13, but I'll try and get the DeviceSupport copied in (official support for this is please!) to help search: Swift touchIDCurrentSet biometryCurrentSet Objective-C kSecAccessControlTouchIDCurrentSet kSecAccessControlBiometryCurrentSet

Hi everyone I've updated an iPhone 6S to iOS 14 Beta 4 and after that, Touch ID got disabled. Whenever I try to set it up, a message saying “FAILED - Unable to activate Touch ID on this iPhone". Even i have tried downgrade ios to the 13.5.1 and done a full reset but problem is still on the same. What should I do..? Please suggest.. Leave a comment below.

In the video https://developer.apple.com/videos/play/wwdc2020/10670/ this refers to "user activated events" for navigator.credentials.get. Hovever, this term of "user activated events" is very hard to find online, and no example code exists. Is a more complete example of html + js available for the interaction of navigator.credentials.get available that highlights the correct method of using this api in ios?

Hi! I work for a b2c app and we are getting current users complaining that when they use Sign In With Apple -> Hide Email -> this creates a brand new account for them and they complain all their data is lost. But that is because they used their regular email to sign up and not Sign In With Apple button that we have. Then vice versa, users sign up with Sign Up With Apple -> Hide Email -> this creates an account fo them then later on they log out and log back in and try to login the regular way using their email and not use the Sign In With Apple button and then they complain their data is lost. This is creates two different accounts. Is there any way to integrate both? So if a user did Sign Up With Apple and a hidden proxy email was created but then later want to sign in using their regular email (not using Sign In With Apple), we can detect only one account? Is it possible to detect the same account with the hidden proxy email even though they signed in with the regular email? I hope this makes sense. This is making users mad because they don't know how they signed up. Any information is appreciated. Thank you!

Hi! I have a question. How can I find out if a user rejects authentication using touch id? Is there something "touch id failure" for javascript event? I would like to subscribe to this event and process the rejection in my web application. Thank you