I locked a few Apps like YouTube and my browser with the new App Lock feature from IOS 18 and all works well, if I want to access the app over the home screen. The problem appears if the app is closed completely and I open a link which gets opened in the locked app. Then the App lock gets bypassed and the app opens completely without authentication.
Face ID
RSS for tagSecurely unlock devices, authenticate purchases, sign in to apps, and more with facial recognition using Face ID.
Posts under Face ID tag
15 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
my phone wouldn’t recognize my face so I tried resetting faceid but setting it up wasn’t working, it keeps saying on the screen move phone lower or higher and blurs the background and it just won’t proceed with the setup, I did a diagnostics report with apple support and it showed that there was no problems and that it might be because I’m using the iOS beta updates, so can you fix it with the next update, I even tried taking off my screen protector and my case thinking they might be the problem but it wasn’t resolved
How app knows that Require Face ID is enable for them?
How app knows that they active after successfully authenticate by iOS 18 Require Face ID feature?
If any app implement any Extension(In my case Action Extension and Autofill Credential provider) then how they extension knows that they active after successfully authenticate by iOS 18 Require Face ID feature?
is there any app notification or any api to help me out?
I currently do FaceID validation in my apps but it looks like Apple is offering FaceID ad the App level. Does this mean we still need to or can code for it in iOS 18 apps? Right now I've been working on migrating to iOS 18 using beta but my swift code just returns an "unknown error". From a developer perspective I can't find any examples or guidance on how handle FaceID currently in iOS 18 or going forward.
Anyone have any insights or resources.
This is the code that used to work but now under iOS 18 returns the error. Maybe the simulator and swift have not caught up but I don't think so given that it's been two beta release that I know of where this has not worked.
class biometric {
class func authenticateUser() async -> (Bool, Error?) {
let context = LAContext()
var error: NSError?
if context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) {
let biometryType = context.biometryType
var reason = "Authenticate with \(biometryType)"
if biometryType == .faceID {
reason = "Authenticate with Face ID"
} else if biometryType == .touchID {
reason = "Authenticate with Touch ID"
}
do {
let success = try await context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: reason)
LogEvent.print(module: "Authentication.biometric.authenticateUser", message: "Biometric authentication. success: \"\(success)\".")
return (success, nil)
} catch let evaluationError as LAError {
LogEvent.print(module: "Authentication.biometric.authenticateUser", message: "Biometric authentication failed. evaluationError: \"\(evaluationError.localizedDescription)\"")
handleEvaluationError(evaluationError)
I do get past the .canEvaluatePolicy but fail on the .evaluatePolicy
My app already has an app lock system which includes text & biometric combinations. Now iOS 18 has introduced a passcode lock for every app. So if users want to enable the app lock provided by us (developer), we want to inform them that you have enabled the iOS-provided app lock, in addition to that do you want to allow app-specific lock? For this, developers want to know whether iOS-provided app lock is enabled.
-Rajdurai
Hi,
Is there some reference documentation about the properties of a CryptoKit SecureEnclave PrivateKey and its properties?
Concretely, these are some of the questions that I wanted to find a (documented) answer on:
Who can use a SecureEnclave.P256.*.PrivateKey if they have access to the dataRepresentation? I expect that the private key is bound to the specific secure enclave processor, but it also seems to be bound for the user that created the key (from observation by creating a PrivateKey without any access control). What if there's a restore from backup of the machine, will the private key still be usable?
What does a SecureEnclave.P256.*.PrivateKey's dataRepresentation include? From observation, I'm assuming the dataRepresentation is a signed/encrypted blob that includes a unique ID (no 2 keys are the same), the access control settings (biometry required, passcode required, ...), some sort of version of the biometry (so it is be invalidated when the biometry changes). Is there anything else? I'm not interested in the actual encoding (which I understand is undocumented), but want to get an idea of what properties are included in the representation and e.g. can't change in the future.
Answers to these questions could e.g. help make a decision how secure the private key's dataRepresentation needs to be kept (e.g. if it can only be used by myself, and i'm sure it will only ever be valid with the access control flags its representation contains, I could decide it's ok to have this key be in a public place)
I tried looking for answers in some pieces of documentation, but couldn't immediately find the details I was looking for:
The CryptoKit SecureEnclave documentation
The Secure Enclave article
The Protecting keys with the Secure Enclave article
thanks!
Remko
Please sir, my Iphone XS battery drains quickly and my phone overheats and also has lagging problem, please give the solution.
I've implemented Face ID in my app to authenticate after the user is authenticated, so they don't have to sign in again to log into their account. However, it asks me to enter my iPhone's passcode instead of scanning my face. Is there any way to fix this? Is there something I have to add?
Is the method used to unlock an iOS device available to an app? We would like to require a step-up to MFA (in our app) if passcode was used and allow for single factor if Face ID was used.
Hi,
Is this possible? I would like to:
Store a biometrically secured key in the Secure Enclave.
Do multiple cryptographic operations using that key in a short period of time (say 5 seconds), not all at once.
Only do one FaceID for that set.
For the time I've only gotten either multiple flashing FaceId requests or the operations failing.
Is it possible to set a time limit in which the first FaceID authentication is accepted?
Should I do something else?
Thanks!
Does Apple allow extensions to Face ID?
I have a problem with the way it often reacts.
I also have a simple solution.
But does Apple allow extensions to Face ID?
Trying to develop a feature that can help verify a person's identity is matched with their Apple account.
For example:
I want to use my Apple device to scan some other people's faces using Apple facial ID to confirm the people who face me in real life are matched with the Apple account holders who talk to me online.
Here asking if it is possible on a firmware or code level? as well as if is it against the TOS?
I am new to iOS development, and recently I was trying to build an application, which will create a key inside the secure element, and after - I will sing something with it. While developing I've encountered an issue: the key generation fails if there is a flag .biometryAny or .biometryCurrentSet
The authentication itself is triggered, but the function still throws a mistake.
My setup - Xcode iPhone15 simulator, FaceID enrolled and the animation of it is working.
Ive created the same post on overflow, in case somebody will have the same issues:
https://stackoverflow.com/questions/78175858/secure-enclave-key-generation-failure
I've tried deleting the flag, while keeping the manual authorisation, and this approach works, but I still would like have maximum security.
THIS WORKS:
func authenticateUser(completion: @escaping (Bool, Error?) -> Void) {
let context = LAContext()
var error: NSError?
if context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) {
let reason = "Biometric authentication is needed to access your secure data."
context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: reason) { success, authenticationError in
DispatchQueue.main.async {
completion(success, authenticationError)
}
}
} else {
// Biometry is not available or not enrolled.
DispatchQueue.main.async {
completion(false, error)
}
}
}
@objc func encryptAction() {
authenticateUser { [weak self] (success, error) in
guard success else {
self?.outputLabel.text = "Authentication failed: \(error?.localizedDescription ?? "Unknown error")"
return
}
guard let randomNumber = self?.inputTextField.text, !randomNumber.isEmpty,
let dataToSign = randomNumber.data(using: .utf8),
let privateKey = self?.generatePrivateKey() else {
self?.outputLabel.text = "Error: Could not generate private key."
return
}
if let signature = self?.signData(privateKey: privateKey, data: dataToSign) {
self?.outputLabel.text = "Signature: \(signature.base64EncodedString())"
} else {
self?.outputLabel.text = "Error: Could not sign data."
}
}
}
func generatePrivateKey() -> SecKey? {
// 1. Create Keys Access Control
guard let accessControl =
SecAccessControlCreateWithFlags(
nil,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
[.privateKeyUsage],
nil)
else {
fatalError("cannot set access control")
}
// 2. Create Key Attributes
guard let tag = "com.example.keys.mykey".data(using: .utf8) else {
fatalError("cannot set tag")
}
let attributes: [String: Any] = [
kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom,
kSecAttrKeySizeInBits as String: 256,
kSecAttrTokenID as String: kSecAttrTokenIDSecureEnclave,
kSecPrivateKeyAttrs as String: [
kSecAttrIsPermanent as String: true,
kSecAttrApplicationTag as String: tag,
kSecAttrAccessControl as String: accessControl
]
]
// 3. Generate Key Pairs
var error: Unmanaged<CFError>?
guard let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error) else {
if let error = error?.takeRetainedValue() {
print("Error creating a key: \(error)")
}
return nil
}
return privateKey
}
func signData(privateKey: SecKey, data: Data) -> Data? {
let digest = sha256(data: data)
var error: Unmanaged<CFError>?
guard let signature = SecKeyCreateSignature(privateKey,
.ecdsaSignatureMessageX962SHA256,
digest as CFData,
&error) as Data? else {
print(error!.takeRetainedValue() as Error)
return nil
}
return signature
}
}
THIS DOESN'T
guard let accessControl =
SecAccessControlCreateWithFlags(
nil,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
[.privateKeyUsage, .biometryCurrentSet],
nil)
else {
info.something file is updated and there is a privacy FaceID field included.
the error is triggered at this part:
var error: Unmanaged<CFError>?
guard let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error) else {
if let error = error?.takeRetainedValue() {
print("Error creating a key: \(error)")
}
return nil
}
The error itself:
Error creating a key: Error Domain=NSOSStatusErrorDomain Code=-25293 "Key generation failed, error -25293" UserInfo={numberOfErrorsDeep=0, NSDescription=Key generation failed, error -25293}
My background audio app stops updating its Live Activity after the iPhone locks, and doesn't resume updating the activity after tapping the screen or even after FaceID unlocks the device (without opening the lock screen).
My live activity requests a ContentState update & iOS updates the content for the activity as below:
Task{
log.debug("LiveActivityManager.updateLiveActivity() with new ContentState")
await liveActivity.update( ActivityContent(state:contentState, staleDate:nil) )
}
Below what my log looks like:
<<<<SWIPE LOCK SCREEN DOWN>>>>
DEBUG: LiveActivityManager.updateLiveActivity() with new ContentState
iOS: Updating content for activity 0A519263-1E46-4BB6-BA4F-F3DDBC081AB4
DEBUG: LiveActivityManager.updateLiveActivity() with new ContentState
iOS: Updating content for activity 0A519263-1E46-4BB6-BA4F-F3DDBC081AB4
<<<<PRESS LOCK BUTTON->Lock iPhone>>>>
INFO: --------protectedDataWillBecomeUnavailableNotification--------
DEBUG: LiveActivityManager.updateLiveActivity() with new ContentState
iOS: Updating content for activity 0A519263-1E46-4BB6-BA4F-F3DDBC081AB4
DEBUG: LiveActivityManager.updateLiveActivity() with new ContentState
DEBUG: LiveActivityManager.updateLiveActivity() with new ContentState
DEBUG: LiveActivityManager.updateLiveActivity() with new ContentState
<<<<LOOK AT & TAP LOCK SCREEN->Unlock iPhone without swiping up>>>>
INFO: --------protectedDataDidBecomeAvailableNotification-----------
DEBUG: LiveActivityManager.updateLiveActivity() with new ContentState
DEBUG: LiveActivityManager.updateLiveActivity() with new ContentState
DEBUG: LiveActivityManager.updateLiveActivity() with new ContentState
As shown in the log, normally iOS updates the content for my activity after my liveActivity.update request.
This works fine in the Dynamic Island and when after switching apps and swiping down to see the lock screen without locking the phone.
However, once I lock the phone, iOS stops updating the Live Activity content, and doesn't resume updates until after the app regains the foreground at least once.
Has anyone else encountered this behavior? Is this a setting that I'm missing, or a bug?
Is it possible to implement a login via Biometric TouchID FaceID in a Wkwebview? I'm not a developer and thank you in advance for your help.