Hi,
I wanted to confirm if it is possible to communicate through the USB-C ports of the newer iPads with USB devices that aren't supported natively by iOS. More specifically, we want to be able to interface CCID (smart cards / USB crypto tokens) devices from our app.
It seems that, since iOS 16, the IOKit/DriverKit frameworks are now made available. Does it mean we have everything to interface any kind of USB devices from a mobile app? Will there be constraints when submitting the app to the app store later on? On which devices exactly is this possible? All devices that have a USB-C port (newer iPad Pro / iPad Air / iPad mini)? Only a subset of them?
Thank you.
Post
Replies
Boosts
Views
Activity
Hello,
We already submitted a feedback through the assistant about that, but I'm not sure we will ever get an answer, and it might be interesting for other people as well.
On MacOS Ventura, It seems like applications using the KeyChain services are unable to see certificates provided by CryptoTokenKit smart card token drivers.
In order to reproduce, you need a CryptotokenKit smart card driver appex working under Big Sur or Monterey. Install the same appex on Ventura. You'll see that Safari does not see the certificates provided by the appex, and cannot perform SSL/TLS client authentications with them. Similar symptoms can be seen with other apps (Chrome, mail clients, or even custom apps that directly use the Keychain API: token instances cannot be obtained from the app).
We tested with both our own CryptoTokenKit driver (a TKSmartCard driver, which worked well with all previous MacOS versions), and the CryptoTokenKit driver from another company (Yubico). Both work on older MacOS, but not on Ventura.
Has something changed in the security framework between Monterey and Ventura? Do we need to change something in our CryptoTokenKit, or is it a bug from MacOS? If it's a bug, is Apple aware of it, and will it be fixed? This is a functionality that is largely used in enterprise environments.