canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics) returns LAError.biometryNotAvailable despite Face ID being configured

Question

VaibhavSaha OP

Created 1w

Replies 1

Boosts 0

Participants 2

We have encountered an issue reported by one of our users involving the Local Authentication framework.

In our biometric authentication flow, we first check biometric availability using:

let context = LAContext()
var error: NSError?

let canEvaluate = context.canEvaluatePolicy(
    .deviceOwnerAuthenticationWithBiometrics,
    error: &error
)

For this particular user, canEvaluatePolicy repeatedly returned false with the error LAError.biometryNotAvailable (observed 7 times in our logs).

What makes this unexpected is that:

The user had Face ID configured and actively using it on the device.
The user reported that they had not changed their Face ID enrollment.
The user reported that they had not changed their device passcode.
We are not aware of any MDM restrictions applied to the device.
The issue appears to have been transient, as it was reported only for this user.

We are trying to better understand under what conditions iOS may return LAError.biometryNotAvailable even when Face ID is configured on the device.

Some questions we have:

Are there known scenarios where Face ID is enrolled but canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics) can temporarily return LAError.biometryNotAvailable?
Can iOS return this error during transient system states (e.g., Face ID subsystem restart, device startup, system update, thermal conditions, etc.)?
Is there any recommended diagnostic information we should collect to help identify the root cause when this occurs in production?

Environment:

iOS version: 26.4.2
Device model: iPhone 14 Pro Max
LocalAuthentication framework
Face ID authentication

Any insights into possible causes of this behavior would be appreciated.

Answer 1

DTS Engineer OP

Apple

1w

My experience is that problems like this, where it’s being seen by a tiny fraction of users, are caused by issues on the device rather than issues with your code. That limits your ability, as an app developer, to investigate the problem. And it also raises the question of exactly how much user-level support that you want to do?

There are a variety of steps that a user in this situation might take to try to resolve this issue. These range from the simple (disable and re-enable Face ID) to the extreme (backup, erase the device, restore). You have to decide what you’re comfortable trying to talk them through, and what you want to leave to them, or Apple Support.

Regardless, it would be super helpful if you were able to capture a sysdiagnose from the affected device before trying to resolve the issue. You could have the user capture that and send it to you, or have them report a bug in Feedback Assistant directly, which adds the sysdiagnose log, and then just pass you the bug number.

Is there any recommended diagnostic information we should collect to help identify the root cause when this occurs in production?

A sysdiagnose log taken on the device shortly after reproducing the problem is always welcome. Usually I’d suggest installing a debug profile, but our Bug Reporting > Profiles and Logs page doesn’t seem to list anything for Face ID specifically.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"