User Profile

I would like to point out that this Issue hasn't had any answer in 3 years. It is still very valid and necessary for us. Could someone review and revive it? To be clear: I want to have an ACL for a Secure Enclave slot that is not the device pin but a user chosen password (like kSecAccessControlApplicationPassword) and I want to allow for a biometric shortcut in the same way this works with ACLs that use device pin with biometric shortcut and fallback to pin. To my knowledge, this combination is currently not supported in the SE. The main motivation is security. We need a secret that is less often used and thus has a lower chance of being observed by a bystander. The device pin is often known by family members of our users. If we allow for a custom secret that is only used during business hours, it most likely is not used at home. Having a biometric shortcut will also reduce the risk of observing the secret and has a side effect of being more convenient for the user. Invalidating the biometric shortcut (like after a restart) should be the same as the existing functionality.

Uroshnor, we already have a corporate camera app. USB connectivity would still be necessary to allow users to copy their personal camera roll to a computer and to maybe connect the phone to other USB devices.

Reading the documentation on allowHostPairing I assume it disables all kind of USB connectivity to a computer. Is that the case? We need to allow our corporate (non dev) devices to be used to transfer camera roll content to a computer.