kSecAttrAccessControl not showing biometric prompt in simulator

Question

karthik19 OP

Created Jul ’23

Replies 4

Boosts 0

Views 1.4k

Participants 2

Hi,

We're using SecKeyCreateRandomKey to generate a random key with access control kSecAttrAccessControl key set to `kSecAccessControlTouchIDAny' using below code

SecAccessControlCreateWithFlags(
kCFAllocatorDefault,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
kSecAccessControlTouchIDAny | kSecAccessControlPrivateKeyUsage,
&error)

Now, while accessing the key with below code, we're not seeing any biometric prompt on simulator where as the biometric prompt is shown in all physical devices and the key is returned only on successful authentication with FaceID (or) Touch ID. Can someone please help to understand why the behaviour is different in simulators

    NSDictionary *privateKeySearchQueryParam = @{
                             (id)kSecClass: (id)kSecClassKey,
                             (id)kSecAttrKeyType: (id)kSecAttrKeyTypeEC,
                             (id)kSecAttrLabel: keyName,
                             (id)kSecReturnRef: @YES
                             };

Boost

Answer 1

DTS Engineer OP

Apple

Jul ’23

Did you enable Face ID in your simulator? Do that using Features > Face ID.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

karthik19 OP

Aug ’23

Hi @eskimo - Yes the Face ID is enabled in simulator. And I've confirmed that the prompt is coming in the simulator when using the below code with context.evaluatePolicy.

[context evaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics localizedReason:localizedReason reply: ^(BOOL success, NSError *authenticationError) { 
     //code here to handle success or failure
}];

But, the original issue I've reported here is that the Face ID prompt is not shown only in simulators and only when when accessing an item from keychain which was saved with accesscontrol set to kSecAccessControlTouchIDAny

0

Answer 3

DTS Engineer OP

Apple

Aug ’23

So you want the simulated Touch ID to route through to the Mac’s native Touch ID?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 4

karthik19 OP

Aug ’23

Hi @eskimo - Thanks for reverting

No, Just like how Touch ID prompt is being shown automatically on physical devices when accessing an item from keychain which was saved with accesscontrol set to kSecAccessControlTouchIDAny, we want to see the same prompt automatically in the simulators as well

When we set an item in keychain with accesscontrol set to kSecAccessControlTouchIDAny (or) kSecAccessControlBiometryAny, the apple documentation states that it will

Constraint to access an item with Touch ID for any enrolled fingers, or Face ID.

Hence when we are accessing the item back again, we're seeing a biometric prompt only on physical devices and not on simulators (This is the issue we're referring to)

0