kSecAttrAccessControl not showing biometric prompt in simulator

Hi,

We're using SecKeyCreateRandomKey to generate a random key with access control kSecAttrAccessControl key set to `kSecAccessControlTouchIDAny' using below code

SecAccessControlCreateWithFlags(
kCFAllocatorDefault,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
kSecAccessControlTouchIDAny | kSecAccessControlPrivateKeyUsage,
&error)

Now, while accessing the key with below code, we're not seeing any biometric prompt on simulator where as the biometric prompt is shown in all physical devices and the key is returned only on successful authentication with FaceID (or) Touch ID. Can someone please help to understand why the behaviour is different in simulators

    NSDictionary *privateKeySearchQueryParam = @{
                             (id)kSecClass: (id)kSecClassKey,
                             (id)kSecAttrKeyType: (id)kSecAttrKeyTypeEC,
                             (id)kSecAttrLabel: keyName,
                             (id)kSecReturnRef: @YES
                             };
Up vote post of karthik19 Down vote post of karthik19
1k views
Posted by
karthik19
Reply
Add a Comment

Replies

Did you enable Face ID in your simulator? Do that using Features > Face ID.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Hi @eskimo - Yes the Face ID is enabled in simulator. And I've confirmed that the prompt is coming in the simulator when using the below code with context.evaluatePolicy.

[context evaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics localizedReason:localizedReason reply: ^(BOOL success, NSError *authenticationError) { 
     //code here to handle success or failure
}];

But, the original issue I've reported here is that the Face ID prompt is not shown only in simulators and only when when accessing an item from keychain which was saved with accesscontrol set to kSecAccessControlTouchIDAny

Posted by
karthik19
Up vote reply of karthik19 Down vote reply of karthik19
Add a Comment

So you want the simulated Touch ID to route through to the Mac’s native Touch ID?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Hi @eskimo - Thanks for reverting

No, Just like how Touch ID prompt is being shown automatically on physical devices when accessing an item from keychain which was saved with accesscontrol set to kSecAccessControlTouchIDAny, we want to see the same prompt automatically in the simulators as well

When we set an item in keychain with accesscontrol set to kSecAccessControlTouchIDAny (or) kSecAccessControlBiometryAny, the apple documentation states that it will

Constraint to access an item with Touch ID for any enrolled fingers, or Face ID.

Hence when we are accessing the item back again, we're seeing a biometric prompt only on physical devices and not on simulators (This is the issue we're referring to)

Posted by
karthik19
Up vote reply of karthik19 Down vote reply of karthik19
Add a Comment