Skip to content

MASTG-TEST-0267: Runtime Use Of Event-Bound Biometric Authentication

Overview

This test is the dynamic counterpart to References to APIs for Event-Bound Biometric Authentication.

In this case we'll hook LAContext.evaluatePolicy(...) and SecAccessControlCreateWithFlags, including all flags.

Steps

  1. Use Installing Apps to install the app.
  2. Use Method Hooking to hook the relevant APIs.
  3. Exercise the app extensively to trigger as many flows as possible and enter sensitive data wherever you can.

Observation

The output should contain a list of locations where the LAContext.evaluatePolicy and SecAccessControlCreateWithFlags functions are called including all used flags.

Evaluation

The test case fails if for each sensitive data resource worth protecting:

  • LAContext.evaluatePolicy is used explicitly.
  • There are no calls to SecAccessControlCreateWithFlags requiring user presence with any of the possible flags.

Demos

MASTG-DEMO-0042: Runtime Use of LAContext.evaluatePolicy with Frida