Hi all,
I'm working on a watchOS app and would like to securely access a password that gets stored in the keychain. The issue I'm facing has to do with the device Passcode settings and Wrist Detection.
I am unable to find a way to protect the password when the user has Passcode turned on but Wrist Detection turned off on their Apple Watch. The test case I am failing is:
- User turns on Passcode on Apple Watch (via Watch app on iPhone)
- User turns off Wrist Dectection (via Watch app on iPhone)
- User unlocks Watch
- User takes Watch off wrist
- Unauthorised user launches my app and accesses Keychain
I expected kSecAccessControlUserPresence / SecAccessControlCreateFlags.userPresence to help with this, but it doesn't seem to (unless I'm doing something wrong):
var error: Unmanaged?
let accessControl = SecAccessControlCreateWithFlags(nil,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
SecAccessControlCreateFlags.userPresence,
&error)
Between steps 4 and 5 I would like to be able to enforce userPresence somehow. I am trying to achieve a flow similar to Apple Pay: when Wrist Dection is off and I invoke Apple Pay, the Passcode entry screen is presented modally before Apple Pay can be used.
Cheers,
Nick