User Profile

Snyk and Fortify (3rd party security scanning software) scans have flagged our auth code when using evaluatePolicy for LaContext. Our app is an iOS only app. "Avoid using evaluatePolicy for local user authentication. The API can be hooked and thus the return value can be changed leading to a potential authentication bypass on jailbroken devices. Consider using iOS keychain APIs." Has anyone encountered this issue in their security scans and we're you able to mediate with the suggested fix using the keychain APIs.

After updating a package version, Xcode modified the Package.resolve file by removing the "object": { at the top of the file, then renames the identities of all of the packages to something different and updated the file version. I've deleted the Package.resolve file, went thru File > Packages and tried the 'Rest Package cache' and 'Resolve Package Version' but neither corrected the file format. I'm running Xcode 13.3.1. Has anyone else run into this issue?