MASTG-TEST-0246: Runtime Use of Secure Screen Lock Detection APIs

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

This test is the dynamic counterpart to References to APIs for Detecting Secure Screen Lock.

Steps

1. Run a dynamic analysis tool like Frida for iOS and look for uses of LAContext.canEvaluatePolicy(.deviceOwnerAuthentication) API or data stored with kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly attribute.

Observation

The output should contain a list of locations where relevant APIs are used.

Evaluation

The test fails if an app doesn't use any API to verify the secure screen lock presence.

Demos

MASTG-DEMO-0026: Runtime Use of LAContext.canEvaluatePolicy with Frida